Home NICE Challenge 2
eternal blue

NICE Challenge 2

Summary of Today’s Challenge

Preventative Protection: Thwarting the Imminent Threat Write-Up

On January 23, 2022, at approximately 16:30 hours CST, I was given notice of an impending EternalBlue style attack on the corporate domain controller.

The debrief:

From: Ione Leventis

“Hold on, I think I’ve narrowed a few possible attack vectors down. I’m fairly > certain the attacker plans on using the EternalBlue exploit to compromise our server. @playerone, I need you to make sure that our Domain-Controller system is protected so that EternalBlue will no longer effect it. I still don’t have a time frame as to when this attack is going to happen so you need to get that machine secured as quickly as possible.”

Fortunately I have some familiarty with this exploit having practiced in my own home labs. I still found documentation such as this to be extremely helpful in thrwarting the incoming attack:

Course of Action

Connected to the domain controller, opened up powershell, and ran the following commands:

Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Get-WindowsOptionalFeature -Online -FeatureName SMB2Protoco
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Disable-WindowsOptionalFeature -Online -FeatureName SMB2Protocol
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-SmbServerConfiguration -EnableSMB2Protocol $false

Then, I, checked the services to make sure they were disabled with the following commands:

Get-SmbServerConfiguration | Select EnableSMB1Protocol
Get-SmbServerConfiguration | Select EnableSMB2Protocol

Both commands resulted in responses indicating the services were no longer running “false” thwarting the impending attack.

Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.

About The NICE Challenge Project

This post is licensed under CC BY 4.0 by the author.