0X01 vulnerability introduction
MS12-020 stands for Microsoft Windows Remote Desktop Protocol RDP Remote Code Execution Vulnerability
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. If an attacker sends a series of specially crafted RDP packets to the affected system, the more serious of these vulnerabilities may allow remote code execution. By default, the Remote Desktop Protocol (RDP) is not enabled in any Windows operating system. Systems without RDP enabled are not at risk.
0X02 scope of influence
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2 (for Itanium-based systems)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 R2
Windows 7
0X03 experimental environment
Attacking machine: Kali 192.168.213.136
Victim machine: Windows 7 192.168.213.133
0X04 Vulnerability Exploitation Conditions
1. Open the 3389 port of the target machine
2. Open the remote desktop service
3. Not apply the MS12-020 patch
0X05 Vulnerability Recurrence
- Whether nmap scans the target machine to open port 3389
- Found that port 3389 is open, use msf to search for available modules
- Found that there are two modules, one detection module, one utilization module, first use module 2 to detect whether the target machine has vulnerabilities
- After run, it was found that the target machine had the vulnerability
- After discovering the vulnerability, use Module 1 to launch an attack on it
- Checking the drone, the blue screen we want has appeared
