Summary of Today’s Challenge
On January 23, 2022, at approximately 16:30 hours CST, I was given notice of an impending EternalBlue style attack on the corporate domain controller.
From: Ione Leventis
“Hold on, I think I’ve narrowed a few possible attack vectors down. I’m fairly > certain the attacker plans on using the EternalBlue exploit to compromise our server. @playerone, I need you to make sure that our Domain-Controller system is protected so that EternalBlue will no longer effect it. I still don’t have a time frame as to when this attack is going to happen so you need to get that machine secured as quickly as possible.”
Fortunately I have some familiarty with this exploit having practiced in my own home labs. I still found documentation such as this to be extremely helpful in thrwarting the incoming attack:
Connected to the domain controller 172.16.30.5, opened up powershell, and ran the following commands:
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Get-WindowsOptionalFeature -Online -FeatureName SMB2Protoco
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Disable-WindowsOptionalFeature -Online -FeatureName SMB2Protocol
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-SmbServerConfiguration -EnableSMB2Protocol $false
Then, I, checked the services to make sure they were disabled with the following commands:
Get-SmbServerConfiguration | Select EnableSMB1Protocol
Get-SmbServerConfiguration | Select EnableSMB2Protocol
Both commands resulted in responses indicating the services were no longer running “false” thwarting the impending attack.
Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.
About The NICE Challenge Project