Implementasi Pengujian Kerentanan Windows 10 Menggunakan EternalBlue dan Phising
DOI:
https://doi.org/10.54066/jptis.v3i1.3119Keywords:
Cybersecurity, Kali linux, Penetration Testing, Windows 10Abstract
Attacks on Windows can be carried out in various ways, one of which is exploiting SMBv1 vulnerabilities and phishing. Exploitation is an attack technique that takes advantage of system weaknesses. Windows 10 itself has vulnerabilities that can be exploited for hacking, which may include data theft, user data deletion, credential theft, and even damaging the Windows 10 system itself. A possible solution is to conduct penetration testing on the Windows 10 operating system. The testing is carried out based on the Cyber Kill Chain model, utilizing appropriate tools and following the stages outlined in the model. The test results indicate that Windows 10 vulnerabilities can be exploited, particularly through direct system attacks via SMBv1 with CVE-2017, codenamed EternalBlue, and phishing techniques that allow attackers to gain administrator privileges directly or inject malware into the target Windows 10 system.
References
Abraham, S., Greg, G., & Peter Baer, G. (2018). Operating system concepts (10th ed.).
Algarni, S. (2021). Cybersecurity attacks: Analysis of WannaCry attack and proposing methods for reducing or preventing such attacks in the future. In ICT systems and sustainability: Proceedings of ICT4SD 2020, Volume 1 (pp. 763–770). Springer.
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060.
Andhika, D. A. (2021). Pengujian penetrasi pada Windows 10 menggunakan Model Penetration Testing Execution Standard (PTES) [Tesis, Universitas Dinamika].
Desclaux, G., & Claverie, B. (2022). C2-command and control: A system of systems to control complexity. American Journal of Management, 22(2).
Fermana, M. F. N. (2022). Analisis kerentanan keamanan sistem pada Windows Server 2022 menggunakan metode Penetration Testing Execution Standard.
Gupta, M. R., Koli, Y. P., Patiyane, V. A., & Wagh, K. P. (2021). EternalBlue vulnerability.
Jayasuryapal, G., Pranay, P., Kaur, H., & Swati. (2021). A survey on network penetration testing. In 2021 2nd International Conference on Intelligent Engineering and Management (ICIEM) (pp. 373–378). IEEE.
Kumar, P. R., & Ramlie, H. R. E. B. H. (2021). Anatomy of ransomware: Attack stages, patterns and handling techniques. In Computational intelligence in information systems: Proceedings of the Computational Intelligence in Information Systems Conference (CIIS 2020) (pp. 205–214). Springer.
Lestari, D. P., Indarti, D., Setiawan, D. E., & Rasal, I. (2019). Platform digital tata kelola sumber daya yang terintegrasi untuk peningkatan kinerja dan daya saing usaha mikro, kecil, dan menengah.
Mohamed, N., & Abiodun, O. (2021). Protect governments and organizations’ infrastructure against cyber terrorism: Mitigation and stop of Server Message Block (SMB) remote code execution attack.
Naik, N., Jenkins, P., Grace, P., & Song, J. (2022). Comparing attack models for IT systems: Lockheed Martin’s Cyber Kill Chain, MITRE ATT&CK framework, and Diamond Model. In 2022 IEEE International Symposium on Systems Engineering (ISSE) (pp. 1–7). IEEE.
Ontko, R., Reeder, A., & Tanenbaum, A. (2020). Modern operating systems simulators (MOSS).
Yaacoub, J.-P. A., Noura, H. N., Salman, O., & Chehab, A. (2021). A survey on ethical hacking: Issues and challenges.
Yudha, F., & Prayudi, Y. (2021). Teknik eksplorasi bukti digital pada file sharing protokol SMB untuk mendukung forensika digital pada jaringan komputer.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jurnal Penelitian Teknologi Informasi dan Sains
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
