CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source

https://github.com/k8gege/CVE-2019-0708

Associated Vulnerability

Title:Microsoft Remote Desktop Services 资源管理错误漏洞 (CVE-2019-0708)
Description:A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Description

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Readme

# 微软3389远程漏洞CVE-2019-0708批量检测工具
<p><span style="font-size: 16px;"><strong>0x001 Win下检测</strong></span></p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">https://github.com/robertdavidgraham/rdpscan

C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录

2019/06/02  02:11    &lt;DIR&gt;          .
2019/06/02  02:11    &lt;DIR&gt;          ..
2019/06/02  01:55         2,582,016 libcrypto-1_1.dll
2019/06/02  01:57           619,520 libssl-1_1.dll
2019/06/02  02:04           172,032 rdpscan.exe
               3 个文件      3,373,568 字节
               2 个目录  2,462,433,280 可用字节

C:\Users\K8team\Desktop\rdpscan-master\vs10\Release&gt;rdpscan 192.168.1.101-192.168.1.105
192.168.1.101 - VULNERABLE - CVE-2019-0708
192.168.1.102 - VULNERABLE - CVE-2019-0708

C:\Users\K8team\Desktop\rdpscan-master\vs10\Release&gt;rdpscan 192.168.1.101-192.168.1.105
192.168.1.102 - SAFE - CredSSP/NLA required
192.168.1.101 - VULNERABLE - CVE-2019-0708
</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1463611/201906/1463611-20190602110827397-225063907.png" alt="" /></p>
<p><span style="font-size: 16px;"><strong>0x002 Linux下检测</strong></span></p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">https://github.com/SugiB3o/Check-vuln-CVE-2019-0708

root@kali:~/Desktop# ./rdesktop 192.168.1.101:3389
ERROR: Failed to open keymap en-us
[+] Registering MS_T120 channel.
Failed to negotiate protocol, retrying with plain RDP.
[+] Sending MS_T120 check packet (size: 0x20 - offset: 0x8)
[+] Sending MS_T120 check packet (size: 0x10 - offset: 0x4)
[!] Target is VULNERABLE!!!
</pre>
</div>
<p>&nbsp;<img src="https://img2018.cnblogs.com/blog/1463611/201906/1463611-20190602111102444-194225778.png" alt="" /></p>
<p><span style="font-size: 16px;"><strong>0x003 Cscan批量检测</strong></span></p>
<p>将rdpscan.exe以及dll文件拷贝至Cscan目录,新建Cscan.ini文件,内容如下</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">[Cscan]
exe=rdpscan.exe
arg=$ip$
</pre>
</div>
<p>&nbsp;批量扫描</p>
<p>Cscan.exe 192.168.1.101/24&nbsp; (扫单个C段，多个C段或B段请参考Cscan说明)</p>
<p>本地可使用GUI(仅.net 2.0,请根据自身或目标电脑.net版本选择Cscan版本)</p>
<p><span style="font-size: 16px;"><strong><img src="https://img2018.cnblogs.com/blog/1463611/201906/1463611-20190602112902679-751026098.jpg" alt="" /></strong></span></p>
<p><span style="font-size: 16px;"><strong>0x004 Bin下载</strong> </span></p>
<p>Win下编译可能比较麻烦这里提供编译好的成品</p>
<p>分别是Win7 x86的exe，当然64系统下也可以用</p>
<p>Kali 2019 x64的可执行文件,其它版本自行编译</p>
<p><strong>POC:</strong>&nbsp; <a href="https://github.com/k8gege/CVE-2019-0708" target="_blank">https://github.com/k8gege/CVE-2019-0708</a></p>
<p><strong>Cscan:</strong> <a href="https://www.cnblogs.com/k8gege/p/10519321.html" target="_blank">https://www.cnblogs.com/k8gege/p/10519321.html</a></p>

File Snapshot


 [4.0K]  /data/pocs/92470676310a9a6f3efdf7a9bfd8b8fcbf499d28
├── [ 17K]  cve-2019-0708-poc.py
├── [309K]  kali.PNG
├── [2.5M]  libcrypto-1_1.dll
├── [605K]  libssl-1_1.dll
├── [5.0K]  MS12-002-POC.py
├── [1.1M]  rdesktop
├── [168K]  rdpscan.exe
├── [3.0K]  README.md
└── [ 93K]  win.png

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!