AnsweredAssumed Answered

Why MetaSploit ms17_010_eternalble crashes if spoolsv.exe is disabled on the target??

Question asked by Hawk Catcher on Jul 24, 2017

Hi.

I was testing "ms17_010_eternalblue" on my Windows7_x64 machine. All went well, but when I disabled Print Spooler service (spoolsv.exe) and although changed my ProcessName option to lsass.exe, the exploit crashed on the target.

Why this happens?? Based on available references, this exploit do not relay on spoolsv.exe process at all.

Thanks.

Outcomes