You probably heard of the recent WannaCry worm outbreak and if not, we have to get you up to speed. I will help you to check if your system is vulnerable to WannaCry with Metasploit.
In case you didn’t, you probably heard of the attack on the National Health Service (NHS) in the UK. Well, this worm wasn’t targeted at the NHS, but the NHS was still running Windows XP and that is why it got hit that hard. Windows XP, at the time of the attack, had not patch against this vulnerability.
In case you haven’t, PATCH YOUR SYSTEMS, now! If you are still running Windows XP, take it from the net until you installed the patch Microsoft just released. Windows XP support was already ended, in case you didn’t know, but for this special occasion Microsoft still released a patch.
You can run a scan with Metasploit to check if your systems are vulnerable of the worm.
We will use the smb_ms17_010 module for it, I’ll quickly run you through the steps.
1. Run a terminal window and enter: "msfconsole" to start the Metasploit Framework 2. Type: use auxiliary/scanner/smb/smb_ms17_010
3. Type: show options to see the options
4. Type: set RHOSTS TheIPRangeYouWantToScan (ex. 192.168.100.0/24) 5. Type: set THREADS 30
6. Type: run
If all goes well, you eventually end up with a positive result. Now I don’t want to give a 100% guarantee that your whole system is safe after running this, but it certainly rules out a few systems that you might were unsure of.
This is only affecting SMBv1.
Always try to keep your systems on the latest patch levels to be safe. As my latest status was, Windows 10 systems are not affected, but don’t take everything I state for 100%.
Hope this helps.
Resources: https://www.rapid7.com/db/modules/auxiliary/scanner/smb/smb_ms17_010
