Attack in to The Server Message Block (CVE-2020-0796) Vulnerabilities in Windows 10 using Metasploit Framework

Authors

  • M. Faturrohman Politeknik Siber dan Sandi Negara
  • Angelita Salsabila Sekolah Tinggi Manajemen Informatika dan Komputer Jakarta STI&K
  • Zulma Mardiah Sekolah Tinggi Manajemen Informatika dan Komputer Jakarta STI&K
  • Aqwam Rosadi Kardian Sekolah Tinggi Manajemen Informatika dan Komputer Jakarta STI&K

DOI:

https://doi.org/10.26905/jeemecs.v6i1.9056

Keywords:

Server Message Block, Operation System, Framework Metasploit, CVE 2020-0796

Abstract

Advances in information and communication technology encourage the development of operating systems. Windows 10 is one of the most widely used operating systems today. Unfortunately, there are still many who do not know that in the Windows 10 system there are several system vulnerabilities and some bugs. One example is the vulnerability in Server Message Block (SMB) on Windows 10 (CVE-2020-0796). This vulnerability exploits the Buffer Overflow method on one of the Execution Server Message Block (SMB) files. The impact of this attack is that the attacker can perform Remote Control Access on the target device. One of the reasons why this attack can occur is an operating system that has never been updated or uses an old operating system that has lots of bugs. The automatic updating feature is actually very helpful in overcoming this problem. However, there are still many device users who understand the importance of this. This research will explain how the process of attacking the Windows 10 operating system uses the CVE-2020-0796 vulnerability. The hope is that after understanding the readers can know the importance of using the latest version of the operating system and immediately updating the system.

References

G. Fritsche, “Understanding Windows 10â€, Proceedings of the 2015 ACM Annual Conference on SIGUCCS - SIGUCCS ’15, 2015.

Windows SMBv3 Client/Server Remote Code Execution Vulnerability CVE-2020-0796. Access on https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0796

O. Valea, C. Oprisa, “Towards Pentesting Automation Using the Metasploit Frameworkâ€, IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP), 2020.

S. Raj, N. K. Walia, “A Study on Metasploit Framework: A Pen-Testing Tool†International Conference on Computational Performance Evaluation (ComPE), July 2–4, 2020.

S. Rani, R. Nagpal, “PENETRATION TESTING USING METASPLOIT FRAMEWORK: AN ETHICAL APPROACHâ€, International Research Journal of Engineering and Technology (IRJET), Vol 06, 2019.

N. A. Mohamed,A. Jantan , O. I. Abiodun, “Protect Governments, and organizations Infrastructure against Cyber Terrorism (Mitigation and Stop of Server Message Block (SMB) Remote Code Execution Attack)â€, International Journal of Engineering Research and Technology. Volume 11, Number 2, pp. 261-272, 2018.

Dr. S. Kurariya, “Buffer Overflow Attack –Vulnerability in Heap†BSSS Journal of Computer, Vol. XI, pp 1-11, 2020.

A. Smirnov, T. Chiueh, “Automatic Patch Generation for Buffer Overflow Attacksâ€, Third International Symposium on Information Assurance and Security, 2007.

Kaushik, Keshav, et al. "A novel approach to generate a reverse

shell: Exploitation and Prevention." International Journal of Intelligent Communication, Computing and Networks (IJICCN), Open Access Journal 2, 2021.

C. Cowan, S. Beattie, J. Walpole, C. Pu, and Perry Wagle, “Buffer Overflows:Attacks and Defenses for the Vulnerability of the Decade, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, 2002.

S. Rahalkar, “Metasploit for Beginnersâ€, Packt Publishing Ltd, Livery Place, 35 Livery Street, Birmingham, B3 2PB, UK, July 2017.

Downloads

Published

2023-02-27

Issue

Vol. 6 No. 1 (2023): February 2023

Section

Articles

License

Our ethic statements are based on COPE’s Best Practice Guidelines for Journal Editors.

Hasil gambar untuk committee on publication ethics logo

Publication decisions
The editor is responsible for deciding which of the articles submitted to the journal should be published.
The editor may be guided by the policies of the journal's editorial board and constrained by such legal requirements as shall then be in force regarding libel, copyright infringement and plagiarism. The editor may confer with other editors or reviewers in making this decision.

Fair play
An editor at any time evaluate manuscripts for their intellectual content without regard to race, gender, sexual orientation, religious belief, ethnic origin, citizenship, or political philosophy of the authors.

Confidentiality
The editor and any editorial staff must not disclose any information about a submitted manuscript to anyone other than the corresponding author, reviewers, potential reviewers, other editorial advisers, and the publisher, as appropriate.

Disclosure and conflicts of interest
Unpublished materials disclosed in a submitted manuscript must not be used in an editor's own research without the express written consent of the author.

Duties of Reviewers

Contribution to Editorial Decisions
Peer review assists the editor in making editorial decisions and through the editorial communications with the author may also assist the author in improving the paper.

Promptness
Any selected referee who feels unqualified to review the research reported in a manuscript or knows that its prompt review will be impossible should notify the editor and excuse himself from the review process.

Confidentiality
Any manuscripts received for review must be treated as confidential documents. They must not be shown to or discussed with others except as authorized by the editor.

Standards of Objectivity
Reviews should be conducted objectively. Personal criticism of the author is inappropriate. Referees should express their views clearly with supporting arguments.

Acknowledgement of Sources
Reviewers should identify relevant published work that has not been cited by the authors. Any statement that an observation, derivation, or argument had been previously reported should be accompanied by the relevant citation. A reviewer should also call to the editor's attention any substantial similarity or overlap between the manuscript under consideration and any other published paper of which they have personal knowledge.

Disclosure and Conflict of Interest
Privileged information or ideas obtained through peer review must be kept confidential and not used for personal advantage. Reviewers should not consider manuscripts in which they have conflicts of interest resulting from competitive, collaborative, or other relationships or connections with any of the authors, companies, or institutions connected to the papers.

Duties of Authors

Reporting standards
Authors of reports of original research should present an accurate account of the work performed as well as an objective discussion of its significance. Underlying data should be represented accurately in the paper. A paper should contain sufficient detail and references to permit others to replicate the work. Fraudulent or knowingly inaccurate statements constitute unethical behavior and are unacceptable.

Originality and Plagiarism
The authors should ensure that they have written entirely original works, and if the authors have used the work and/or words of others that this has been appropriately cited or quoted.

Multiple, Redundant or Concurrent Publication
An author should not in general publish manuscripts describing essentially the same research in more than one journal or primary publication. Submitting the same manuscript to more than one journal concurrently constitutes unethical publishing behaviour and is unacceptable.

Acknowledgement of Sources
Proper acknowledgment of the work of others must always be given. Authors should cite publications that have been influential in determining the nature of the reported work.

Authorship of the Paper
Authorship should be limited to those who have made a significant contribution to the conception, design, execution, or interpretation of the reported study. All those who have made significant contributions should be listed as co-authors. Where there are others who have participated in certain substantive aspects of the research project, they should be acknowledged or listed as contributors.

The corresponding author should ensure that all appropriate co-authors and no inappropriate co-authors are included on the paper, and that all co-authors have seen and approved the final version of the paper and have agreed to its submission for publication.

Disclosure and Conflicts of Interest
All authors should disclose in their manuscript any financial or other substantive conflict of interest that might be construed to influence the results or interpretation of their manuscript. All sources of financial support for the project should be disclosed.

Fundamental errors in published works
When an author discovers a significant error or inaccuracy in his/her own published work, it is the author’s obligation to promptly notify the journal editor or publisher and cooperate with the editor to retract or correct the paper.