ITNET302A_118 Advanced Network Security: CVE-2017-0144 Exploit Report

Verified

Added on  2023/06/12

|8
|1879
|487
Report
AI Summary
This report analyzes the CVE-2017-0144 vulnerability, also known as EternalBlue, and its exploitation within the context of a file hosting company, Files'R'Us. It explores the technical details of the vulnerability, its impact on network security, and the potential risks associated with unpatched systems. The report includes a risk assessment, a proof of concept, immediate remediation actions, and future prevention policies to mitigate the threat of EternalBlue and similar vulnerabilities. It emphasizes the importance of patch management, network segmentation, and proactive security measures to protect against cyberattacks leveraging SMB vulnerabilities.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Advanced Network Security
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Contents
Introduction.................................................................................................................................................3
CVE-2017-0144 - Three Issues...................................................................................................................3
EternalBlue..................................................................................................................................................4
Risk Assessment.....................................................................................................................................4
Proof of Concept....................................................................................................................................5
Immediate Remediation actions...........................................................................................................6
Future Prevention Policies....................................................................................................................6
Conclusion..............................................................................................................................................7
References..............................................................................................................................................7
Document Page
Introduction
This project is exploits the leveraging the vulnerability CVE-2017-0144 and it had the
name as Eternal Blue. The 'R' Us is a small company and it earns the profits from hosting files
for clients with 30 employees. It offers the hosting solutions across the all the file transfer
protocols such as WebDev, SCP, FTP, SMP and HTTP. The solutions of hosting are used to
allow an any customer to upload files and any internet user to download files using other
available file transfer protocols. Recently, the organization employed the undergraduate to
provide the responsibilities include the managing the customer service and file servers through
the file transfers and its configuration. It uses the normal file transfer protocols such as SMB and
user forced to use RDP. The RDP is used to speed up the DMZ process. User also notices
organization vulnerability patch management process. This project is used to SMB is being
targeted by the Eternal Blue exploit. It also addresses the CVE-2017-0411 vulnerability and it
perform the exploit Eternal blue. It also addresses the risk matrix and provide the proof of
concept against the File 'R' Us machines. It also immediate the remediation actions and provide
the prevention measures that can be reduce and eliminate the future events.
CVE-2017-0144 - Three Issues
The Critical issues in CVE-2017-0144 is exploit the vulnerability in SMB to spread over
LAN. It impacting the various institutions including the hospitals and it causing the disruption of
provided services. The attackers are massively spread the malware to exploit the CVE-2017-
2014 vulnerability in SMB. To reduce these issues to uses the ESET security solutions with up to
date version of detection engine because it able to detect and stop this malware. It protects the
remote exploitation of the vulnerability at the network level using the network protection
module. The CVE-2014-0014 also has windows SME remote code execution vulnerability issues
and it is allows the remote attackers to execute the arbitrary code through the crafted packets. It
Document Page
also has the Eternal Blue SMB remote windows kernel pool corruption is used to buffer the
overflow remove operation to authenticate to perform the exploit. It causes the system instability
and crashed such as reboot and BSOD (Comer, 2015).
EternalBlue
The open source software is providing the windows file sharing access to non-windows
machine using the CIFS and SMB protocol and it recently disclosed a similar remote code
execution vulnerability to WannaCry that allows users to authorized access through the SMB
protocol. It working the exploit the leveraging the CVE-2017-0014 for Metasploit. Metasploit
includes an exploit and scanner module for the eternal blue vulnerability. It currently delivering a
crypto mining protocol and targeting the raspberry Pi's that have the default credentials. It
exploiting the recent disclose from the CVE-2017-0014. It infects the network devices with port
22 because attackers are aggressively scanning the internet looking for vulnerable devices with
port 445 exposed (Peterson & Davie, 2012). It also infecting the various machines during the
campaign was due to users neglecting to install security updates in a timely fashion. It creates the
unfortunate exploitation of marketing the vulnerability CVE-2017-0014 was dubbed the
wannacry. It also exploits the empower the cyber criminals. It exploits the network framework
and payload used in the campaign. The best prevention for attacks is generally has the
maintenance and patching. It focuses on the risk analysis and security research for network and
application-based vulnerabilities. It focuses on Denial of services attacks includes the analysis of
botnets and malware. It helps to Radware develop the signatures and mitigation attacks
proactively for an organization ("EternalBlue: Metasploit Module for MS17-010", 2018).
Risk Assessment
The Eternal Blue exploit the vulnerability on windows environment and it is a remote
code execution vulnerability that takes place over SMB. The organizations behind on the patch
management will continue to be exposed to the risk of the malware and others the leveraging the
eternal blue vulnerability ("Risk Assessment | Ready.gov", 2018). To reduce the risk on the
eternal blue by using the below steps.
1. Use supported operating systems
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Ensure all the operating systems being ran by the organizations are receiving the
ongoing the security patched from the vendor.
2. Host based firewalls
Consider the applying the firewall rules at the window host level that is used to
prevent the unnecessary system to system communication
3. Properly manage backups
The backups are properly not stored within a network that might be susceptible to
infected by a worm (White, 2018).
4. Patch management
The patch program is used to ensure the all windows systems are receiving the
security patches. It is used to fixing the eternal blue vulnerability.
5. Network Segmentation
The network segmentation is used to applying the routing and firewall rules that
create the security zones in user network.
Proof of Concept
The Eternal blue proof of concept in uncontrolled environment and without prior authorization
may be illegal ("10 Major Security Threats in Cloud Computing | TCS Cyber Security
Community", 2018). It making the several leaks that contained the some of the hacking tools and
it affected were the firewall, Microsoft and antivirus products. It has five Filtration,
Equation Group cyber weapons Auction
Trick or Treat
Black Friday and cyber Monday sale
Don't forget your base
Lost in Translation
Document Page
These are containing the exploits targeting Microsoft windows. The relationship between
the most of the vulnerability found that are ued to attack the windows vulnerability. It leaks the
network infrastructure and it focused on the windows system. The vulnerabilities are point to the
server message block service and Net Bios protocol. It is used to exchange the protocol that
allows ti applications to write and Read the files and requires services from the server programs
on Microsoft network. Generally, these vulnerabilities have the big impact that was exploited
massively and it patched the vulnerabilities ("How To Delete SMB: CVE-2017-0144 Virus
Completely From Windows PC? - PC Malware Security", 2018).
Immediate Remediation actions
Immediate Remediation actions to takes the eternal vulnerabilities to ransom ware variant that
targets the unpatched windows operating systems and it infected the users experience file
encryption ("Vulnerability CVE-2017-0144 in SMB exploited by WannaCryptor ransomware to
spread over LAN", 2018). It ensures the systems are patched and up to date. Generally, Eternal
blue needs the immediate actions because it has been infected. The immediate actions are listed
in below ("SMB Vulnerabilities – WannaCry, Adylkuzz and SambaCry", 2018).
Threat Intelligence
Communicate
Patch or Inoculate OS
Incident Response
Communicate
Locate backups and restore the date
Takes a proactive approach to identified the vulnerability
Consider the disabling unused legacy protocol
Formalize the incident response procedures
Future Prevention Policies
The Eternal blue has the horrific trojan virus that must be removed immediately from the
windows systems. So, perform the several malicious activities in victimized computer remotely.
Document Page
The threats are creating the several critical issues in their windows system including the data
loss, application malfunction, very slow system performance, hard drive and more. To prevent
the vulnerability by using the critical system protection to restrict the software installation and
executable modification and it used to protect the windows-based system ("Microsoft Windows
SMB Server CVE-2017-0144 Remote Code Execution Vulnerability | Symantec", 2018). It used
the windows prevention policy strategy including whitelisting, hardening and basic. It used to
prevent the windows-based systems from the attacks. It encrypting the ransomware may laterally
spread from a compromised system.
Conclusion
The 'R' Us organization is provides and exploits the leverage the vulnerability of CVE-
2017-00114. It also known as Eternal blue. The 'R' Us is a small company and it earns the profits
from hosting files. It offers the hosting solutions across the all the file transfer protocols such as
WebDev, SCP, FTP, SMP and HTTP. The solutions of hosting are used to allow an any
customer to upload files and any internet user to download files using other available file transfer
protocols. This project is to analysis the SMB to perform the exploit eternal blue. The SMB is a
transport protocol used by windows machines and it has various purposed such as printer
sharing, file sharing and access to remote window services. The shadow brokers are released an
SMB vulnerability named Eternal blue. It takes the advantages of this vulnerability to
compromise the windows machines, propagate and load malware to other machines in a network.
It also discussed and analyzed the Critical issues on Eternal blue. This project also discussed the
proof of concept, immediate actions and risk assessment based on Eternal blue.
References
10 Major Security Threats in Cloud Computing | TCS Cyber Security Community. (2018).
Securitycommunity.tcs.com. Retrieved 16 April 2018, from
https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/02/14/10-major-security-threats-
cloud-computing
Comer, D. (2015). Computer networks and internets. Harlow, England: Pearson Education.
EternalBlue: Metasploit Module for MS17-010. (2018). Rapid7 Blog. Retrieved 18 April 2018, from
https://blog.rapid7.com/2017/05/19/metasploit-the-power-of-the-community-and-eternalblue/
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
How To Delete SMB: CVE-2017-0144 Virus Completely From Windows PC? - PC Malware Security .
(2018). PC Malware Security. Retrieved 18 April 2018, from
https://www.pcmalwaresecurity.com/trojan/delete-smb-cve-2017-0144-virus-completely-windows-
pc/
Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability | Symantec.
(2018). Symantec.com. Retrieved 18 April 2018, from
https://www.symantec.com/security_response/vulnerability.jsp?bid=96704
Peterson, L., & Davie, B. (2012). Computer networks. Burlington: Morgan Kaufmann / Elsevier.
Risk Assessment | Ready.gov. (2018). Ready.gov. Retrieved 16 April 2018, from
https://www.ready.gov/risk-assessment
SMB Vulnerabilities – WannaCry, Adylkuzz and SambaCry. (2018). Radware Blog. Retrieved 18 April
2018, from https://blog.radware.com/security/2017/06/smb-vulnerabilities-wannacry-adylkuzz-
sambacry/
Vulnerability CVE-2017-0144 in SMB exploited by WannaCryptor ransomware to spread over LAN.
(2018). Support.eset.com. Retrieved 18 April 2018, from https://support.eset.com/ca6443/?
locale=en_US&viewlocale=en_US
White, C. (2018). Wannacry Ransomware & Mitigation Steps. risk3sixty LLC. Retrieved 18 April 2018,
from https://www.risk3sixty.com/2017/05/13/alert-wannacry-ransomware/
chevron_up_icon
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]