Creating a vulnerable node based on the vulnerability MS17-010
Aleksey Novokhrestov, Anton Kalyakin, Aleksandr Kovalenko, Vladimir, Repkin
TL;DR
This paper demonstrates how to create a vulnerable node exploiting the MS17-010 vulnerability, using formalized attack modeling and automated scripting, to understand and analyze security weaknesses in SMBv1 protocol systems.
Contribution
It introduces a formalized representation of the MS17-010 exploit using Meta Attack Language and details an automated Python script implementation.
Findings
Formalized MS17-010 exploit in MAL graph
Automated Python script for exploitation
Security measures for SMBv1 systems
Abstract
The creation of a vulnerable node has been demonstrated through the analysis and implementation of the MS17-010 (CVE-2017-0144) vulnerability, affecting the SMBv1 protocol on various Windows operating systems. The principle and methodology of exploiting the vulnerability are described, with a formalized representation of the exploitation in the form of a Meta Attack Language (MAL) graph. Additionally, the attacker's implementation is outlined as the execution of an automated script in Python using the Metasploit Framework. Basic security measures for systems utilizing the SMBv1 protocol are provided.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Data Processing Techniques · Engineering Education and Technology · Economic and Technological Systems Analysis