Fix mysmb.py on EternalBlue for Python3
By Hideki Ishiguro at
When we challenge the CTF (Capture the Flag), we sometimes encounter the vulnerability of EternalBlue.
There are many payloads to perform this exploitation. For example:
Regardless of what you choose, you can get it right as long as Python2.
However, if you run it with Python3 you might get the error "TypeError: can't concat str to bytes".
It is caused by certain codes in the "mysmb.py" because it is for Python2, but not Python3. By the way, the mysmb.py is imported by the main script on EternalBlue.
If you don't have mysmb.py, you can download it here (rename it to "mysmb.py").
Fix some variables on mysmb.py
When you use Python3, you need to fix a few lines on mysmb.py as follows.
Near the Line.69~ # transData = b'' transData = '' Near the Line.73~ # transData = ('\x00' * padLen) + str(parameters) transData = "".join(map(chr,(b'\x00' * padLen))) + str(parameters) Near the Line.80~ # transData += ('\x00' * padLen) + data transData += "".join(map(chr,(b'\x00' * padLen))) + str(data) Near the Line.231~ # req = str(pkt) req = pkt.getData() return b'\x00'*2 + pack('>H', len(req)) + req # assume length is <6553 Near the Line.381~ # data += resp['Data'][1:] data += resp['Data'][1:].decode()
That way, you can exploit EternalBlue correctly with even Python 3.
For details about EternalBlue, please check my webpage.