Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source
https://github.com/wqsemc/CVE-2019-0708
Associated Vulnerability
Title:Microsoft Remote Desktop Services 资源管理错误漏洞 (CVE-2019-0708)
Description:Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Remote Desktop Services是其中的一个远程桌面服务组件。 Microsoft Remote Desktop Services中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。以下
Description
initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free  The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
Readme
# CVE-2019-0708
initial exploit for CVE-2019-0708, BlueKeep
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free

The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free.  With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.

## Vulnerable Application

This exploit should work against a vulnerable RDP service from one of these Windows systems:

* Windows 2000 x86 (All Service Packs))
* Windows XP x86 (All Service Packs))
* Windows 2003 x86 (All Service Packs))
* Windows 7 x86 (All Service Packs))
* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)

This exploit module currently targets these Windows systems running on several virtualized and physical targets.

* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)

## Verification Steps

- [ ] Start `msfconsole`
- [ ] `use exploit/windows/rdp/cve_2019_0708_bluekeep_rce`
- [ ] `set RHOSTS` to Windows 7/2008 x64
- [ ] `set TARGET` based on target host characteristics
- [ ] `set PAYLOAD`
- [ ] `exploit`
- [ ] **Verify** that you get a shell
- [ ] **Verify** that you do not crash

## Options
File Snapshot

 [4.0K]  /data/pocs/8d9e261b70c53d1794ac4c50767cbf9301d64789
├── [ 98K]  360VulcanTeam-RDP(CVE-2019-0708).jpg
├── [ 24K]  360VulcanTeam-RDP(CVE-2019-0708).md
├── [8.3K]  cve_2019_0708_bluekeep.rb
├── [ 39K]  cve_2019_0708_bluekeep_rce.rb
├── [ 31K]  CVE-2019-0708-HowToRCE-Qiita.md
├── [212K]  CVE-2019-0708-QKShield_1.0.1.8.zip
├── [140K]  CVE-2019-0708_rapid7_metasploit-framework.md
├── [9.4K]  cve-2019-0708-scanBatch.md
├── [5.8M]  cve-2019-0708-scan.exe
├── [130K]  CVE-2019-0708分析集锦.md
├── [ 33K]  CVE-2019-0708漏洞检测修复工具.md
├── [206K]  CVE-2019-0708漏洞热补丁工具使用手册-发布版.pdf
├── [285K]  CVE-2019-0708远程快速扫描检测工具使用手册1.1.pdf
├── [ 46K]  rdp.rb
├── [3.0K]  rdp_scanner.rb
└── [1.3K]  README.md

0 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.