Disclaimer: This blog is for educational purpose only!!!
In this blog we will discuss about Denial-of-Service (DoS) condition which can happen on vulnerable Windows 7 machine due to RDP and RDP service not able to handle and process the packets in a memory. To demonstrate this attack we are using vulnerable Windows 7 machine on VirtualBox. This issue report in CVE (Common vulnerabilities and Exposures) “CVE-2012-0002”.
What is Denial-of-Service (DoS):
Denial-of-Service (DoS) attack is a type of attack in which attacker aims to slow down the machine or crash the machine or make the system unavailable for everyone by sending huge amount of traffic from attacker machine to the target machine, so that the target machine gets overloaded or flooded with requests and regular traffic unable to access that machine or application.
We already scanned the Windows 7 virtual machine by using Nmap tool and we saw port number 3389/TCP is open which is referring to the service of “Microsoft Terminal Service” and this service may present with vulnerability of MS12_020 if in case it was not patched.
So, we started Metasploit-Framework in my main Kali machine and search scanner for RDP protocol and found out.
After successfully scanned, we found that this system is vulnerable to “MS-WBT-SERVER” Microsoft Terminal Service.
Now, we search for exploit of this vulnerability in Metasploit-Framework in main Kali Linux machine and we found “MS12_020_MAXCHANNELIDS”
Check the available options to set by using the command “show option” because different exploit have different options to set.
After setting the options for this exploit we run the command “run” or “exploit” to exploit this vulnerability.
After successfully running the exploit and when it works perfectly then Window7 gets crashed and shows blue screen.
Now, Windows 7 machine crashed and restarted automatically.
How to Prevent:
- Enable automatic updates in Windows 7 machine, so that all required security update will be downloaded and installed automatically or upgraded to new windows version which will receive all security or important updates and support from Microsoft.
- For enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately by using update management software.
- Block TCP port on which service is running at the enterprise perimeter firewall.
- Enable network level authentication on system.