Attack in to The Server Message Block (CVE-2020-0796) Vulnerabilities in Windows 10 using Metasploit Framework

M. Faturrohman, Angelita Salsabila, Zulma Mardiah, Aqwam Rosadi Kardian

Abstract


Advances in information and communication technology encourage the development of operating systems. Windows 10 is one of the most widely used operating systems today. Unfortunately, there are still many who do not know that in the Windows 10 system there are several system vulnerabilities and some bugs. One example is the vulnerability in Server Message Block (SMB) on Windows 10 (CVE-2020-0796). This vulnerability exploits the Buffer Overflow method on one of the Execution Server Message Block (SMB) files. The impact of this attack is that the attacker can perform Remote Control Access on the target device. One of the reasons why this attack can occur is an operating system that has never been updated or uses an old operating system that has lots of bugs. The automatic updating feature is actually very helpful in overcoming this problem. However, there are still many device users who understand the importance of this. This research will explain how the process of attacking the Windows 10 operating system uses the CVE-2020-0796 vulnerability. The hope is that after understanding the readers can know the importance of using the latest version of the operating system and immediately updating the system.


Keywords


Server Message Block;Operation System;Framework Metasploit;CVE 2020-0796

Full Text:

PDF

References


G. Fritsche, “Understanding Windows 10”, Proceedings of the 2015 ACM Annual Conference on SIGUCCS - SIGUCCS ’15, 2015.

Windows SMBv3 Client/Server Remote Code Execution Vulnerability CVE-2020-0796. Access on https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0796

O. Valea, C. Oprisa, “Towards Pentesting Automation Using the Metasploit Framework”, IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP), 2020.

S. Raj, N. K. Walia, “A Study on Metasploit Framework: A Pen-Testing Tool” International Conference on Computational Performance Evaluation (ComPE), July 2–4, 2020.

S. Rani, R. Nagpal, “PENETRATION TESTING USING METASPLOIT FRAMEWORK: AN ETHICAL APPROACH”, International Research Journal of Engineering and Technology (IRJET), Vol 06, 2019.

N. A. Mohamed,A. Jantan , O. I. Abiodun, “Protect Governments, and organizations Infrastructure against Cyber Terrorism (Mitigation and Stop of Server Message Block (SMB) Remote Code Execution Attack)”, International Journal of Engineering Research and Technology. Volume 11, Number 2, pp. 261-272, 2018.

Dr. S. Kurariya, “Buffer Overflow Attack –Vulnerability in Heap” BSSS Journal of Computer, Vol. XI, pp 1-11, 2020.

A. Smirnov, T. Chiueh, “Automatic Patch Generation for Buffer Overflow Attacks”, Third International Symposium on Information Assurance and Security, 2007.

Kaushik, Keshav, et al. "A novel approach to generate a reverse

shell: Exploitation and Prevention." International Journal of Intelligent Communication, Computing and Networks (IJICCN), Open Access Journal 2, 2021.

C. Cowan, S. Beattie, J. Walpole, C. Pu, and Perry Wagle, “Buffer Overflows:Attacks and Defenses for the Vulnerability of the Decade, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, 2002.

S. Rahalkar, “Metasploit for Beginners”, Packt Publishing Ltd, Livery Place, 35 Livery Street, Birmingham, B3 2PB, UK, July 2017.




DOI: https://doi.org/10.26905/jeemecs.v6i1.9056

Refbacks

  • There are currently no refbacks.




JEEMECS (Journal of Electrical Engineering, Mechatronic and Computer Science)
Electrical Engineering Department, Faculty of Engineering



Mailling Address:

  • Address: Taman Agung Street No. 1, Sukun, Malang City, East Java, 65146, Indonesia.
  • Website: http://jurnal.unmer.ac.id/index.php/jeemecs/
  • Phone: +62 856 - 4850 - 9998 
  • Email: [email protected]


JEEMECS (Journal of Electrical Engineering, Mechatronic and Computer Science) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License Creative Commons License

Copyright ©2020 University of Merdeka Malang Powered by Open Journal Systems.