Ethical Hacking

BLUEKEEP & MS17_010_PSEXEC

Khant Soe Win

+6591833404

s10186594@connect.np.edu.sg

https://readyytowin.wixsite.com/website-1

Chin Shao Yang

+6584887829

s10189278@connect.np.edu.sg

https://chinshaoyang343.wixsite.com/shaoyangpersonalpage

Iphigene Peh

+6583593820

s10187911@connect.edu.np.sg

https://iphigenepeh888.wixsite.com/mysite-2

INTRODUCTION

Our target is a hypothetical small business, WinPehSy, that hosts a server as well as a client machine in their network, to be used by the business’ employees. The assumption is that the company has not invested well in cybersecurity. The company has failed to place the server in a DMZ and RDP is enabled without Network Level Authentication. The Windows XP machine, however, does not have RDP enabled. We would be exploiting CVE-2019-0708 & CVE-2017-0143 in our attack.

Attack process

Reconnaissance

The art of reconnoitering and gathering information needed to support the activities in the pre-testing phase as well as the testing phase.

Exploitation

Exploitation is the act of taking advantage of vulnerabilities using software or scripts that can allow hackers to take control over a system.

Post Exploitation

The phase of operation once a victim's system has been compromised.

The main goals include credentials & persistence.

Clearing our traces

Leaving no traces behind or removing them after hacking attempts is the most important thing to do to remain untraceable or undetected.

CVE-2019-0708

RDP Remote Code Execution Vulnerability

CVE-2019-0708, also known as Bluekeep, affects Windows machines that have the Remote Desktop Protocol enabled. It has the potential to result in Total Compromise of the victim machine.

Go To Bluekeep

CVE-2017-0143

EternalChampion SMB Remote Windows Code Execution

CVE-2017-0143 is a vulnerability in how requests are handled by the Microsoft Server Message Block 1.0 (SMBv1), which allows attackers to remotely execute arbitrary code. An attacker can exploit the vulnerability sending specially crafted packets to a targeted SMBv1 server.

As Bluekeep is our main vulnerability, we would not be going too in-depth for the scope of this project.

Home: Text

SETUP

For our attack, we would use a Kali Linux 2020 virtual machine which is equipped with the tools we require, including Metasploit Framework.

Updated EH Assignment Diagram (with IPs)

Go To Network Setup

ATTACK VECTOR

To access the server running on Windows Server 2008 R2, we would exploit CVE-2019-0708 with the Bluekeep module. Upon exploiting the server, we would then proceed to perform a pivot attack on the Windows XP machine exploiting an SMB vulnerability via the MS17_010_PSEXEC module.

Go To Reconnaissance

Go To Exploitation

POST-EXPLOITATION

Upon the successful exploitation of these 2 vulnerable machines, we would have established meterpreter sessions and would then be able to perform the following post-exploitation activities on them:

Go to Post-exploitation