关联漏洞
标题:
Microsoft Remote Desktop Services 资源管理错误漏洞
(CVE-2019-0708)
描述:Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Remote Desktop Services是其中的一个远程桌面服务组件。 Microsoft Remote Desktop Services中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。以下
描述
initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
介绍
# CVE-2019-0708
initial exploit for CVE-2019-0708, BlueKeep
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
## Vulnerable Application
This exploit should work against a vulnerable RDP service from one of these Windows systems:
* Windows 2000 x86 (All Service Packs))
* Windows XP x86 (All Service Packs))
* Windows 2003 x86 (All Service Packs))
* Windows 7 x86 (All Service Packs))
* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)
This exploit module currently targets these Windows systems running on several virtualized and physical targets.
* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)
## Verification Steps
- [ ] Start `msfconsole`
- [ ] `use exploit/windows/rdp/cve_2019_0708_bluekeep_rce`
- [ ] `set RHOSTS` to Windows 7/2008 x64
- [ ] `set TARGET` based on target host characteristics
- [ ] `set PAYLOAD`
- [ ] `exploit`
- [ ] **Verify** that you get a shell
- [ ] **Verify** that you do not crash
## Options
文件快照
[4.0K] /data/pocs/8d9e261b70c53d1794ac4c50767cbf9301d64789
├── [ 98K] 360VulcanTeam-RDP(CVE-2019-0708).jpg
├── [ 24K] 360VulcanTeam-RDP(CVE-2019-0708).md
├── [8.3K] cve_2019_0708_bluekeep.rb
├── [ 39K] cve_2019_0708_bluekeep_rce.rb
├── [ 31K] CVE-2019-0708-HowToRCE-Qiita.md
├── [212K] CVE-2019-0708-QKShield_1.0.1.8.zip
├── [140K] CVE-2019-0708_rapid7_metasploit-framework.md
├── [9.4K] cve-2019-0708-scanBatch.md
├── [5.8M] cve-2019-0708-scan.exe
├── [130K] CVE-2019-0708分析集锦.md
├── [ 33K] CVE-2019-0708漏洞检测修复工具.md
├── [206K] CVE-2019-0708漏洞热补丁工具使用手册-发布版.pdf
├── [285K] CVE-2019-0708远程快速扫描检测工具使用手册1.1.pdf
├── [ 46K] rdp.rb
├── [3.0K] rdp_scanner.rb
└── [1.3K] README.md
0 directories, 16 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。