When Microsoft released patches for the MS17-010 vulnerability, it was exposed that the problem is
affecting from Windows 7 (Punctually, was Vista, but well, that doesn’t count :P) until Windows Server
2016. However, the “ETERNALS” exploits published by TheShadowBrokers are very unstable trying to
impact into systems like Windows Server 2012 and ahead, causing 99% of the times a BSOD in the victim’s
With the objective of understand and make them better, the NSA’s exploits that had been published
passed throw the eye of many security researchers. Because of this, a few days ago, an exploit (developed
by Sleepya) that takes advantage of the ETERNALROMANCE/SYNERGY’s bug has been published, with
improvements on the exploitation method, to make it more stable at the moment of attacking systems
with Windows Server 2012 and 2016. But the truth is that if you want to use that exploit is necessary to
figure out some things, understand really how it works and modify some stuff to get what we want when
we impact into a target’s machine.
That’s why, after analyzing it, I am here again… writing another “how to” post. In this step-by-step I’ll
explain all the necessary to make Sleepya’s exploit work properly and how to modify its behavior in order
to obtain a meterpreter session over the target’s machine.
Of course, this documentation has been made again by investigation purposes.