CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source

Associated Vulnerability

Description

CVE-2019-0708

Readme

# BlueKeepScan

Simple wrapper over PoC from [@zerosum0x0](https://twitter.com/zerosum0x0) for checking CVE-2019-0708 in large network in multithreading.


### Prepare

First of all you shouldn download and install original: 

```

git clone https://github.com/zerosum0x0/CVE-2019-0708.git
cd CVE-2019-0708/rdesktop-fork-bd6aa6acddf0ba640a49834807872f4cc0d0a773/
./bootstrap
./configure --disable-credssp --disable-smartcard
make
```

We *strongly* recommend to read original README from [original](https://github.com/zerosum0x0/CVE-2019-0708)

Then scan you network and find open 3389/tcp ports and pull the found addresses to file.
You can use masscan/nmap/etc for this purpose.

### Running

```
go get -v github.com/Rostelecom-CERT/bluekeepscan
cd $GOPATH/github.com/Rostelecom-CERT/bluekeepscan/cmd/bluekeepscan/main
go run main.go -f FILE_WITH_IP -b PATH_TO_RDESKTOP

```

If you don't have go, you can start binary file

```
./bluekeepscan -f FILE_WITH_IP -b PATH_TO_RDESKTOP
```

bluekeepscan create file log.log with results.

File Snapshot

 [4.0K]  /data/pocs/bc134a091c20026b4be39889dce9e92684e12231
├── [2.0K]  bluekeep.go
├── [4.0K]  cmd
│   └── [4.0K]  bluekeepscan
│       └── [4.0K]  main
│           ├── [3.0M]  bluekeepscan
│           ├── [2.4M]  bluekeepscan.exe
│           └── [ 613]  main.go
└── [1.0K]  README.md

3 directories, 5 files

Remarks