CVE-2019-0708 远程桌面代码执行漏洞复现

漏洞环境

Target machine IP: 172.16.105.129

Attack aircraft IP: 172.16.105.1

Install Windows 7 SP1 using VMware Fusion under mac. The download link is as follows:

Windows 7 SP1 Download Link :

ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/

Note: Since exp currently only supports the following versions of the system, systems that install other versions of the system may not be able to utilize.

Open the remote desktop function of win7:

msf 环境准备

Download https://github.com/rapid7/metasploit-framework/pull/12283/files The attack suite in https://github.com/rapid7/metasploit-framework/pull/12283/files places the file into the corresponding folder of msf (if the file with the same name already exists, just overwrite it)

1

2

3

4

rdp.rb - /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb

rdp_scanner.rb - /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

cve_2019_0708_bluekeep.rb - /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

cve_2019_0708_bluekeep_rce.rb - /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

漏洞利用

Enter msfconsole

After entering, use reload_all to reload 0708RDP to utilize module

Use use exploit/windows/rdp/cve_2019_0708_bluekeep_rce to enable the 0708RDP attack module

Use show options to view the options you need to configure:

使用默认的 shell

Fill in the configuration information and execute the attack:

使用 meterpreter 的 shell

Note: Please restart the target machine between two attacks, otherwise the attack will fail!