Eternalromance is another SMBv1 exploit from the leaked NSA exploit collection and targets Windows XP/Vista/7 and Windows Server 2003 and 2008. In the last hacking tutorial we have demonstrated how an unauthenticated attacks can exploit a Windows 7 target that is vulnerable to Eternalblue using Fuzzbunch, DoublePulsar and Empire. In this tutorial we will demonstrate how to exploit a Windows 2003 R2 SP2 Enterprise installation using the Eternalromance exploit in Fuzzbunch. The exploit process is pretty similar to Eternalblue except that we have to use DoublePulsar to generate shellcode that will be used by the Eternalromance exploit. Any other shellcode than DoublePulsar will not work and causes a BSOD.

Before we start with exploiting Eternalromance we will be looking at the lab setup that we will be using throughout the tutorial. Then we will use a Metasploit auxiliary module to check if the target has been patched or not. Finally we will install the DoublePulsar backdoor using the Eternalromance exploit on the Windows Server 2003 machine and use that to inject a Meterpreter payload that will give us a shell on the target.