Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source
https://github.com/wqsemc/CVE-2019-0708
Associated Vulnerability
Title:Microsoft Remote Desktop Services 资源管理错误漏洞 (CVE-2019-0708)
Description:A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Description
initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free  The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
Readme
# CVE-2019-0708
initial exploit for CVE-2019-0708, BlueKeep
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free

The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free.  With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.

## Vulnerable Application

This exploit should work against a vulnerable RDP service from one of these Windows systems:

* Windows 2000 x86 (All Service Packs))
* Windows XP x86 (All Service Packs))
* Windows 2003 x86 (All Service Packs))
* Windows 7 x86 (All Service Packs))
* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)

This exploit module currently targets these Windows systems running on several virtualized and physical targets.

* Windows 7 x64 (All Service Packs)
* Windows 2008 R2 x64 (All Service Packs)

## Verification Steps

- [ ] Start `msfconsole`
- [ ] `use exploit/windows/rdp/cve_2019_0708_bluekeep_rce`
- [ ] `set RHOSTS` to Windows 7/2008 x64
- [ ] `set TARGET` based on target host characteristics
- [ ] `set PAYLOAD`
- [ ] `exploit`
- [ ] **Verify** that you get a shell
- [ ] **Verify** that you do not crash

## Options
File Snapshot

 [4.0K]  /data/pocs/8d9e261b70c53d1794ac4c50767cbf9301d64789
├── [ 98K]  360VulcanTeam-RDP(CVE-2019-0708).jpg
├── [ 24K]  360VulcanTeam-RDP(CVE-2019-0708).md
├── [8.3K]  cve_2019_0708_bluekeep.rb
├── [ 39K]  cve_2019_0708_bluekeep_rce.rb
├── [ 31K]  CVE-2019-0708-HowToRCE-Qiita.md
├── [212K]  CVE-2019-0708-QKShield_1.0.1.8.zip
├── [140K]  CVE-2019-0708_rapid7_metasploit-framework.md
├── [9.4K]  cve-2019-0708-scanBatch.md
├── [5.8M]  cve-2019-0708-scan.exe
├── [130K]  CVE-2019-0708分析集锦.md
├── [ 33K]  CVE-2019-0708漏洞检测修复工具.md
├── [206K]  CVE-2019-0708漏洞热补丁工具使用手册-发布版.pdf
├── [285K]  CVE-2019-0708远程快速扫描检测工具使用手册1.1.pdf
├── [ 46K]  rdp.rb
├── [3.0K]  rdp_scanner.rb
└── [1.3K]  README.md

0 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →