Attack in to The Server Message Block (CVE-2020-0796) Vulnerabilities in Windows 10 using Metasploit Framework
Abstract
Advances in information and communication technology encourage the development of operating systems. Windows 10 is one of the most widely used operating systems today. Unfortunately, there are still many who do not know that in the Windows 10 system there are several system vulnerabilities and some bugs. One example is the vulnerability in Server Message Block (SMB) on Windows 10 (CVE-2020-0796). This vulnerability exploits the Buffer Overflow method on one of the Execution Server Message Block (SMB) files. The impact of this attack is that the attacker can perform Remote Control Access on the target device. One of the reasons why this attack can occur is an operating system that has never been updated or uses an old operating system that has lots of bugs. The automatic updating feature is actually very helpful in overcoming this problem. However, there are still many device users who understand the importance of this. This research will explain how the process of attacking the Windows 10 operating system uses the CVE-2020-0796 vulnerability. The hope is that after understanding the readers can know the importance of using the latest version of the operating system and immediately updating the system.
Keywords
Full Text:
PDFReferences
G. Fritsche, “Understanding Windows 10”, Proceedings of the 2015 ACM Annual Conference on SIGUCCS - SIGUCCS ’15, 2015.
Windows SMBv3 Client/Server Remote Code Execution Vulnerability CVE-2020-0796. Access on https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0796
O. Valea, C. Oprisa, “Towards Pentesting Automation Using the Metasploit Framework”, IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP), 2020.
S. Raj, N. K. Walia, “A Study on Metasploit Framework: A Pen-Testing Tool” International Conference on Computational Performance Evaluation (ComPE), July 2–4, 2020.
S. Rani, R. Nagpal, “PENETRATION TESTING USING METASPLOIT FRAMEWORK: AN ETHICAL APPROACH”, International Research Journal of Engineering and Technology (IRJET), Vol 06, 2019.
N. A. Mohamed,A. Jantan , O. I. Abiodun, “Protect Governments, and organizations Infrastructure against Cyber Terrorism (Mitigation and Stop of Server Message Block (SMB) Remote Code Execution Attack)”, International Journal of Engineering Research and Technology. Volume 11, Number 2, pp. 261-272, 2018.
Dr. S. Kurariya, “Buffer Overflow Attack –Vulnerability in Heap” BSSS Journal of Computer, Vol. XI, pp 1-11, 2020.
A. Smirnov, T. Chiueh, “Automatic Patch Generation for Buffer Overflow Attacks”, Third International Symposium on Information Assurance and Security, 2007.
Kaushik, Keshav, et al. "A novel approach to generate a reverse
shell: Exploitation and Prevention." International Journal of Intelligent Communication, Computing and Networks (IJICCN), Open Access Journal 2, 2021.
C. Cowan, S. Beattie, J. Walpole, C. Pu, and Perry Wagle, “Buffer Overflows:Attacks and Defenses for the Vulnerability of the Decade, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, 2002.
S. Rahalkar, “Metasploit for Beginners”, Packt Publishing Ltd, Livery Place, 35 Livery Street, Birmingham, B3 2PB, UK, July 2017.
DOI: https://doi.org/10.26905/jeemecs.v6i1.9056
Refbacks
- There are currently no refbacks.
JEEMECS (Journal of Electrical Engineering, Mechatronic and Computer Science) |
Mailling Address:
|