Blog

Fix mysmb.py on EternalBlue for Python3

Pentesting

When we challenge the CTF (Capture the Flag), we sometimes encounter the vulnerability of EternalBlue.

There are many payloads to perform this exploitation. For example:

  1. EternalBlue on Exploit-DB
  2. AutoBlue-MS17-010 by 3ndG4me
  3. MS17-010 by worawit

Regardless of what you choose, you can get it right as long as Python2. However, if you run it with Python3 you might get the error "TypeError: can't concat str to bytes".
It is caused by certain codes in the "mysmb.py" because it is for Python2, but not Python3. By the way, the mysmb.py is imported by the main script on EternalBlue.

If you don't have mysmb.py, you can download it here (rename it to "mysmb.py").

Fix some variables on mysmb.py

When you use Python3, you need to fix a few lines on mysmb.py as follows.

Near the Line.69~
# transData = b''
transData = ''

Near the Line.73~
# transData = ('\x00' * padLen) + str(parameters)
transData = "".join(map(chr,(b'\x00' * padLen))) + str(parameters)

Near the Line.80~
# transData += ('\x00' * padLen) + data
transData += "".join(map(chr,(b'\x00' * padLen))) + str(data)

Near the Line.231~
# req = str(pkt)
req = pkt.getData()
return b'\x00'*2 + pack('>H', len(req)) + req # assume length is <6553

Near the Line.381~
# data += resp['Data'][1:]
data += resp['Data'][1:].decode()

That way, you can exploit EternalBlue correctly with even Python 3.


For details about EternalBlue, please check my webpage.