Assignment 1
Subject: ITNET302A_118
Title: Advanced Neteffect Shelter 1: EternalBlue
Lecturer: David Best
Due Date: 11:59pm Sunday 15th September
Background
On August 13th, 2016, the phantom brokers tweeted their sale page control an full-additive segregate-amongicularize sponsored cyber weapons toolkit exposed by the Equation Group.
No one bought.
In repartee, on April 14th, 2017, the phantom brokers tweeted …TheShadowBrokers rather nature getting stupefied with McAfee on a void island with pungent babes… and released the muniments exempt of entrust. One of these muniments, leveraging exposure CVE-2017-0144, has the specexamine EternalBlue.
Scenario
FilesRUs is a minute audience with 30 employees that earns its income from multitudeing perfects control clients.
FilesRUs is full subjoinitive, unstudiedering multitudeing breachs over full perfect give protocols such as, FTP, HTTP, SMB, SFTP, SCP, WorkDav and past. This multitudeing breach fullows any customer to upload perfects and any internet truthr to download perfects using any of the profitable perfect give protocols.
In this scenario you effect control PerfectsRUs as a of-late occupied undergraduate. Your work responsibilities apprehend customer benebeseem and managing the perfect servers through perfect gives and coercionm. This is a non-trivial function as you are in the Urbane Environment and the Windows perfectservers are segregated unstudied in a DMZ that is merely undetermined via RDP using a inclosure statement.
Withquenched the ability to truth recognized perfect give protocols, such as SMB, you are controlced to truth RDP. You entertain referableed you can RDP in and quenched of the DMZ speeding up this arrangement. Reviewing documentation on this, you referablee there is no audience exposure botch government arrangement.
Task
Your boss has of-late well-informed that SMB is nature targeted by the EternalBlue muniment and is solicitous abquenched the audience’s Windows perfect servers as they entertain SMB externally facing control customers and internet truthrs. He has gifted you with a simplified audience neteffect diagram (below) and asked you, the neteffect shelter learner, to transcribe a investigation article subjoinressing the subjoined concerns:
? Why does the CVE-2017-0144 exposure happen (cloak full 3 contents)
? How is CVE-2017-0144 leveraged to effect the EternalBlue muniment
? Using a endanger matrix, what endanger does the EternalBlue muniment puzzle to Perfects’R’Us?
(Apprehend a endanger rating with a mean advocacy)
? Provide a Proof of Concept (PoC) EternalBlue munimentation across one of Perfects’R’Us machines and, using your shell, imimprint the pine on the tafe truthr’s Desktop.
? Immediate abandonment and/or remediation actions
(Files’R’Us has referable been owned by Ransomware. Do referable apprehend scanning control Ransomware)
? Hinderance measures that can be enthralled to reduce/eliminate advenient facts
(Files’R’Us has referable been owned by Ransomware. Do referable apprehend scanning control Ransomware)
As segregate-among-among of the munimentation arrangement, apprehend screenshots of the subjoined:
? Neteffect thlearn of the Virtual Machine, including thlearn of ownn 445 nature unreserved.
? Exposure scanning control EternalBlue across the Virtual Machine
? Munimentation nature launched
? Successful shell habitual
? Using the shell, imprinting the perfect contents of C:Users afeDesktopflag.txt
Inclosure Application
As a modern rent, you nonproduction to print your boss by going overhead and more. You run to truth your scholarship of the audience’s interest operations and neteffect setup to determine, in the fact of a concerned DMZ, whether the Urbane environment can too be concerned.
Knowing that RDP is the merely fullowed ownn (3389) among the DMZ and Urbane environment, EternalBlue canreferable be truthd to onset the Urbane environment – referablewithstanding employees are quiescent using RDP to way the DMZ.
The topic remains:
If the DMZ is concerned and employees are quiescent waying it via RDP, can an onseter unfurl to
the urbane environment?
Your boss is a stickler control details and a one judgment dictum Yes or No gain referable satisfy.
In a chapter, excuse your Yes or No repartee. If you entertain clarified Yes, apprehend a hypothetical munimentation method.An munimentation method is a shrewd abstract of the steps enthralled to go from referablehing to owned. You do referable want to do a obscure thrust-under description, beseemting hypothetical conceptual steps. “I brutedistressing __________ and owned everything” is referable a strong repartee
Control pattern, a potential munimentation method to implicate a inclosure via phishing would be:
1. Clone audience’s Quenchedlook work login page and multitude it on an onseter-controlled server
2. Send phishing email inquiry audience employees to log in, including a subjoin to the onsetercontrolled quenchedlook work login page
3. Capture employee credentials as they click the phishing subjoin and examine to log in
4. Way the urbane neteffect using employee credentials
5. Using Wireshark, sniff HTTP exchange on ownn 80 to capture inclosure professional credentials
6. Once habitual, log into the inclosure leader and subjoin a fantastic inclosure professional truthr.
Neteffect Diagram

Note: This diagram has been simplified to tinge an not attributable attributable attributable attributable attributable attributable attributable attributable-difficult to discern paint control you in-reference-to the inclosure application topic. It is damage some inappropriate details on point, control pattern – how the urbane environment way the internet.
Tips
Ransomware is referable segregate-among-among of EternalBlue. EternalBlue does referable want Ransomware, it does referable apprehend Ransomware and is largely professional withquenched any Ransomware content. Ransomware is a post-exploitation precious by onseters to plunder control coin. If you apprehend Ransomware in your article, it is merely applicable to the assess the endanger individuality.
Contextual Metaphor: If Ransomware is a reversion roll, then EternalBlue is starch. The roll relies on starch to decline, save starch gain endure inconsiderate of the roll. EternalBlue gain endure inconsiderate of Ransomware.
I’ve listed an pattern article constituency underneath. This is by no media a “must follow” constituency, handle exempt to compound it up as you look beseem as covet as you cloak full the deliverables.
? Title page
? Table of Contents
? Introduction/Abstract
? CVE-2017-0144 Transcribeup o Cloak full 3 issues
? EternalBlue Transcribeup o Explain how EternalBlue leverages CVE-2017-0144 to effect an muniment
? Practical EternalBlue munimentation
? Endanger rate o Apprehend a endanger matrix and the assigned endanger rating you entertain clarified, with a mean advocacy why.
? Inclosure Application rate
? Immediate remediation/abandonment actions
? Advenient hinderance policies (learn the scenario carefully)
? References/Figures/Spelling/Grammar
Marking Rubric
Each content gain be assessed on the subjoined criteria:
• Organisation and Constituency
• Scholarship/Understanding
• Communication
• Spelling and grammar
• Figures/References
The associated marks control each content is as follows:
Content Total Marks
Title page 1
Table of Contents 1
Introduction 3
Discussion of primeval exposure 8
Discussion of avoid exposure 8
Discussion of third exposure 8
Description of how the vulnerabilities are totally to controlm the EternalBlue muniment 6
EternalBlue munimentation 10
Endanger Rate 10
Inclosure application rate 5
Immediate abandonment/remediation advice 9
Advenient hinderance policies 9
References and Figures 5
Spelling and Grammar 2
Total Marks 85

~~~For this or similar assignment papers~~~