This vulnerability allows the attackers
VerifiedAdded on 2022/08/24
|21
|1135
|15
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: COMPUTER SECURITY
Computer security
Name of the Student
Name of the University
Authors note
Computer security
Name of the Student
Name of the University
Authors note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1COMPUTER SECURITY
Introduction
For this project a Windows 7 and Kali Linux system is used. The EternalBlue exploit is
used to exploit the windows 7 machine from the Kali linux using the samba server vulnerability
in order to ARP poison the Windows 7 system. This vulnerability allows the attackers to
remotely run arbitrary malicious code on the system in order to gain access to the system or a
network through the use of the specially crafted data packets. The exploit allows the attackers to
compromise and intrude inside an entire network as well as all the devices connected to the
network. Furthermore, if any device is infected by this malware using EternalBlue, each device
inside it becomes at risk. Due to this reason the recovery from this ind of attacks is considered
as difficult. The main reason behind this can be stated as all the devices inside the compromised
network needs to be taken offline for recovering and protecting the data inside it.
Experiment and analysis of attack
Used tool for the exploit
For attacking the windows 7 victim machine, the Metasploit framework in the Kali
Linux OS is used. Using this tool, the EternalBlue exploit is used for exploiting the windows
operating system is exploited. This vulnerability is apparently stolen from NSA (National
Security Agency) in the year 2016. At the later time this vulnerability is leaked on internet in
the year 2017 by the Shadow Brokers groups. The Eternalblue exploits vulnerability in the
Server Message Block (SMB) protocol by the Microsoft’s that mainly uses the port 445.
This Eternal blue and the related exploitation family are capable of exploiting the serious
vulnerabilities in the Microsoft SMBv1 server on the victim machine. This can be done on the
wide variety of systems such as Windows XP, Windows Server 2008, Windows 10 running on
port 445 as well as Windows 7.
The exploits have high impact on the Confidentiality of the victim machine. Through
the use of this tool the attacker can disclose complete information stored in the system by
revealing all the system files. Similarly in case of the Integrity of the system after the attack is
completely in the hands of the attacker as the attacker gets the access by breaking the system
protection, that results in the entirely compromised system by the attacker.
Introduction
For this project a Windows 7 and Kali Linux system is used. The EternalBlue exploit is
used to exploit the windows 7 machine from the Kali linux using the samba server vulnerability
in order to ARP poison the Windows 7 system. This vulnerability allows the attackers to
remotely run arbitrary malicious code on the system in order to gain access to the system or a
network through the use of the specially crafted data packets. The exploit allows the attackers to
compromise and intrude inside an entire network as well as all the devices connected to the
network. Furthermore, if any device is infected by this malware using EternalBlue, each device
inside it becomes at risk. Due to this reason the recovery from this ind of attacks is considered
as difficult. The main reason behind this can be stated as all the devices inside the compromised
network needs to be taken offline for recovering and protecting the data inside it.
Experiment and analysis of attack
Used tool for the exploit
For attacking the windows 7 victim machine, the Metasploit framework in the Kali
Linux OS is used. Using this tool, the EternalBlue exploit is used for exploiting the windows
operating system is exploited. This vulnerability is apparently stolen from NSA (National
Security Agency) in the year 2016. At the later time this vulnerability is leaked on internet in
the year 2017 by the Shadow Brokers groups. The Eternalblue exploits vulnerability in the
Server Message Block (SMB) protocol by the Microsoft’s that mainly uses the port 445.
This Eternal blue and the related exploitation family are capable of exploiting the serious
vulnerabilities in the Microsoft SMBv1 server on the victim machine. This can be done on the
wide variety of systems such as Windows XP, Windows Server 2008, Windows 10 running on
port 445 as well as Windows 7.
The exploits have high impact on the Confidentiality of the victim machine. Through
the use of this tool the attacker can disclose complete information stored in the system by
revealing all the system files. Similarly in case of the Integrity of the system after the attack is
completely in the hands of the attacker as the attacker gets the access by breaking the system
protection, that results in the entirely compromised system by the attacker.
2COMPUTER SECURITY
Availability Impact on the victim machine is also very high as total shutdown can be
achieved by the attacker over the affected victim. In this way the attacker can make the victim
operating system unavailable to the intended user.
Contextually it can stated that the malwares that uses the EternalBlue exploit is capable
of self-propagation inside a network which can help in the drastic increase in the adverse impact
on the workstations or servers residing inside the network. One of the recent examples is the
WannaCry which is a crypto-ransomware. This malware is the first malware that had a drastic
impact throughout the world. WannaCry used the exploit in order to spread across inside a
network while infecting all the available devices and dropping cryptro-ransomware payload on
the connected devices.
This exploit is mainly successful due to the poor security practices of the users as well as
lack of patching of the used operating system by them. This are the reasons due to which
malicious use of Eternal Blue exploit is increasing by leaps and bounds after it was leaked
online in the year 2017.
Following is the attack simulation using two virtual machines by using the exploit.
Setting up the windows 7 victim machine
Availability Impact on the victim machine is also very high as total shutdown can be
achieved by the attacker over the affected victim. In this way the attacker can make the victim
operating system unavailable to the intended user.
Contextually it can stated that the malwares that uses the EternalBlue exploit is capable
of self-propagation inside a network which can help in the drastic increase in the adverse impact
on the workstations or servers residing inside the network. One of the recent examples is the
WannaCry which is a crypto-ransomware. This malware is the first malware that had a drastic
impact throughout the world. WannaCry used the exploit in order to spread across inside a
network while infecting all the available devices and dropping cryptro-ransomware payload on
the connected devices.
This exploit is mainly successful due to the poor security practices of the users as well as
lack of patching of the used operating system by them. This are the reasons due to which
malicious use of Eternal Blue exploit is increasing by leaps and bounds after it was leaked
online in the year 2017.
Following is the attack simulation using two virtual machines by using the exploit.
Setting up the windows 7 victim machine
3COMPUTER SECURITY
IP address of the Victim machine
IP address of the Victim machine
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4COMPUTER SECURITY
Setting up the kali virtual machine
Setting up the kali virtual machine
5COMPUTER SECURITY
Checking if both virtual machines are connected
Checking if both virtual machines are connected
6COMPUTER SECURITY
From the above picture it can be stated that victim IP is 10.10.63.87 and attacker IP is
10.10.63.91.
As the Metasploit uses the postgresql as the backend database, therefore it is launched
first through following command on the terminal of kali Linux:
$ service postgresql start
After this the Metasploit is launched through the use of the command msfconsole on
terminal.
From the above picture it can be stated that victim IP is 10.10.63.87 and attacker IP is
10.10.63.91.
As the Metasploit uses the postgresql as the backend database, therefore it is launched
first through following command on the terminal of kali Linux:
$ service postgresql start
After this the Metasploit is launched through the use of the command msfconsole on
terminal.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMPUTER SECURITY
Searching for the eternal blue exploit in Metasploit
Now the arp poisoning is achieved using the arpspoof tool available in the kalilinux
Searching for the eternal blue exploit in Metasploit
Now the arp poisoning is achieved using the arpspoof tool available in the kalilinux
8COMPUTER SECURITY
s
s
9COMPUTER SECURITY
There are total 5 possible exploits matching to our search that can used by the attckers
according to their need and victims.
Loading the eternal blue
There are total 5 possible exploits matching to our search that can used by the attckers
according to their need and victims.
Loading the eternal blue
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10COMPUTER SECURITY
Scanning for the available targets
Scanning for the available targets
11COMPUTER SECURITY
Setting rhost and lhosts
Setting rhost and lhosts
12COMPUTER SECURITY
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13COMPUTER SECURITY
Setting up the payload
Setting up the payload
14COMPUTER SECURITY
Setting lport
Setting lport
15COMPUTER SECURITY
Successful exploitation of the vulnerability
Successful exploitation of the vulnerability
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16COMPUTER SECURITY
Compromised system in meterpreter after explotation
After the exploitation it can be seen that using the “sysinfo” the compromised system
details can be found.
Compromised system in meterpreter after explotation
After the exploitation it can be seen that using the “sysinfo” the compromised system
details can be found.
17COMPUTER SECURITY
Now the arp poisoning is completd by using the meterpreter sniffer tool by launching it
using the “use_sniffer” command.
ps command executed using
Use of clearev
Now the arp poisoning is completd by using the meterpreter sniffer tool by launching it
using the “use_sniffer” command.
ps command executed using
Use of clearev
18COMPUTER SECURITY
CLEAREV
The clearev is very useful after getting control over the system which is capable of
clearing all aystem, application as well as Security logs on the Windows system. for this
command there are no options/arguments needs to be used.
Use of shell command to cmd prompt
The shell command is helpful for the attacker in order to get a standard shell on the
target system.
CLEAREV
The clearev is very useful after getting control over the system which is capable of
clearing all aystem, application as well as Security logs on the Windows system. for this
command there are no options/arguments needs to be used.
Use of shell command to cmd prompt
The shell command is helpful for the attacker in order to get a standard shell on the
target system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19COMPUTER SECURITY
Recommendation to avoid this exploit
In order to avoid or protect the system from the exploitation of the eternal blue exploit
following are the some of the recommendations;
It is important for the users to patch devices with latest Microsoft Windows secutity
updates available from Microsoft for SMB v1.
Potential tools such as the Eset tool can be used in order to check whetherany version of
Windows is vulnerable to this exploit.
Recommendation to avoid this exploit
In order to avoid or protect the system from the exploitation of the eternal blue exploit
following are the some of the recommendations;
It is important for the users to patch devices with latest Microsoft Windows secutity
updates available from Microsoft for SMB v1.
Potential tools such as the Eset tool can be used in order to check whetherany version of
Windows is vulnerable to this exploit.
20COMPUTER SECURITY
When ever not required it is suggested to disable SMBv1 on the systems while used in
organizational environment and use the latest versions such as SMBv2 or SMBv3 only after
appropriate testing.
Use of Group Policy Objects needs to be encouraged in order to set Windows Firewall
rule which will restrict incoming SMB communication to vulnerable systems. In case the
organization is utilizing alternative host-based intrusion prevention systems then it is suggested
to implement custom modifications in order to control SMB communication through the use of
the Group Policy Objects.
It is always important to follow the Principle of Least Privilege for the work stations or
system services. Most of the software’s should be executed as a non-privileged user without
administrative privileges.
When ever not required it is suggested to disable SMBv1 on the systems while used in
organizational environment and use the latest versions such as SMBv2 or SMBv3 only after
appropriate testing.
Use of Group Policy Objects needs to be encouraged in order to set Windows Firewall
rule which will restrict incoming SMB communication to vulnerable systems. In case the
organization is utilizing alternative host-based intrusion prevention systems then it is suggested
to implement custom modifications in order to control SMB communication through the use of
the Group Policy Objects.
It is always important to follow the Principle of Least Privilege for the work stations or
system services. Most of the software’s should be executed as a non-privileged user without
administrative privileges.
1 out of 21
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.