Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to reproduce the Windows remote Desktop code execution vulnerability CVE-2019-0708, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Brief introduction of vulnerabilities:

Microsoft officially released a security patch on May 14, 2019, fixing a remote code execution vulnerability in the windows remote Desktop service that affected some older versions of Windows systems. This vulnerability is pre-authentication and does not require user interaction, which means that this vulnerability can be exploited in the form of a network worm. Any malware that exploits this vulnerability can spread from infected computers to other vulnerable computers.

Threat Typ

Remote code execution

Threat level

High

Vulnerability number

CVE-2019-0708

Affected system and application version

Windows 7

Windows server 2008 R2

Windows server 2008

Windows 2003

Windows xp

Note: Windows 8 and windows10 and later versions are not affected by this vulnerability

Windows Server version 1909 (server core installation)

Loophole recurrence: demand environment

Target machine: windows 7 IP:192.168.10.171

Attack aircraft: kali system, another windows (install python3 environment, install impacket module)

Condition: the target machine opens port 3389 and turns off the firewall

Build an environment

(1) first, update the kali environment to msf5, and uninstall it first because it cannot be update:

(2) install msf5:

(installation tutorial.. Just skip it, ha, if there is an environment, just look down and ok)

(3) Target machine: win7

(4) allow remote desktop connections:

Modify advanced sharing settings:

(5) add and open port 3389

3389 has been opened:

Attack environment

(1) download attack suite

Wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rbwget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rbwget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary / scanner/rdp/cve_2019_0708_bluekeep.rb

(2) replace the corresponding file in msf:

Cve_2019_0708_bluekeep_rce.rb

Add to:

/ usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

Rdp.rb

Replace to

/ usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb

Rdp_scanner.rb

Replace to

/ usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

Cve_2019_0708_bluekeep.rb

Replace to

/ usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

(3) start msfconsole

(4) search for CVE-2019-0708 script

(5) use script to set parameters

(6) start the attack. The following figure shows that the target has a loophole.

(7) Win10 attack machine installs python3.6 and impacket module

(8) download EXP and run EXP

EXP download address: https://github.com/n1xbyte/CVE-2019-0708

(9) Blue screen of victim win7

The loophole reappeared successfully!

2. Repair suggestion

1. Download the hot patch repair tool at https://www.qianxin.com/other/CVE-2019-0708

2. Turn off remote Desktop and enable Firewall

3. Update the system

After reading the above, do you have any further understanding of how to reproduce the Windows remote Desktop code execution vulnerability CVE-2019-0708? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.