Windows Exploitation Lab – EternalBlue Vulnerability Simulation

In this project, I created a deliberately vulnerable Windows virtual machine in a controlled lab environment to test the EternalBlue exploit (MS17-010) using Kali Linux tools such as nmap and Metasploit.

The goal was to simulate a real-world exploitation scenario to better understand how threat actors might use EternalBlue. After scanning the target, I determined that the system was already patched against this specific vulnerability and the exploit was unsuccessful. This confirmed proper system hardening.

Although the exploit attempt was blocked, this project demonstrates my experience in Windows system configuration, penetration testing workflows, and the responsible handling of exploitation tools in ethical lab conditions.

Lab Process & Tools Used

Install Tools — 1. Installed essential penetration testing tools including Nmap, Metasploit, Wireshark, Hydra, and Netcat.

Verify Install — 2. Verified installation of all required tools for the lab environment on Kali Linux.

Allow RDP & NLA — 3. Configured Windows to allow remote connections and enabled Network Level Authentication for a more realistic simulation.

RDP Firewall Rule — 4. Modified firewall to allow Remote Desktop through the Windows firewall to simulate vulnerability exposure.

Enable SMBv1 — 5. Enabled SMBv1 on the Windows machine — a key requirement for EternalBlue exploitation.

Disable SMBv2 and SMBv3 — 6. Disabled SMBv2 and SMBv3 to weaken the system further and simulate outdated configurations.

Verify SMB Settings — 7. Verified SMBv1 was enabled and SMBv2/3 were disabled successfully.

Kali and Victim Communication — 8. Ensured the attacker Kali machine and the Windows victim could communicate across the lab network.

Aggressive Nmap Scan — 9. Conducted an aggressive Nmap scan (-A) to enumerate services and OS details of the victim system.

Metasploit Exploit Search — 10. Used Metasploit to search for suitable EternalBlue exploit modules targeting SMBv1.

Ping and Connectivity Check — 11. Validated connectivity between machines to ensure the lab network was functioning as intended.

Wrap-up Notes — 12. Collected logs and closed out testing steps for documentation and analysis.

Host Not Vulnerable — Final result: target system was not vulnerable to EternalBlue due to effective patching and security measures.