iso image the latest Hotfixes installed on our target VM were: KB2888049 and KB976902Ī Linux machine where to setup Metasploit (it can be virtual machine or physical)ģ. VirtualBox 6 for hosting the target Windows VMĪn outdated Windows 2008 R2 64bit. Prerequisitesįor this scenario to work, we used the following: Furthermore, the module is now ranked as Manual since the user needs to provide additional information about the target, otherwise, it risks crashing it with BSOD. The Rapid7 team has also published an article about this exploit on their blog.Īs of now, the module is not yet integrated into the main Metasploit branch (it’s still a pull request) and it only targets Windows 2008 R2 and Windows 7 SP1, 64-bit versions. We published an in-depth analysis of the BlueKeep vulnerability to help you get the full picture.Ī few days ago, a Metasploit contributor – zerosum0x0 – submitted a pull request to the framework containing an exploit module for BlueKeep(CVE-2019-0708). Since the vulnerability is wormable, it has caught a great deal of attention from the security community, being in the same category as EternalBlue MS17-010 and Conficker MS08-067. Installing the Bluekeep exploit module in MetasploitīlueKeep is a critical Remote Code Execution vulnerability in Microsoft’s RDP service. We show how to obtain a Meterpreter shell on a vulnerable Windows 2008 R2 machine by adjusting the Metasploit module code (GROOMBASE and GROOMSIZE values) because the exploit does not currently work out of the box.įurther on, we explain the steps we took to make the module work properly on our target machine: In this article, we show our approach for exploiting the RDP BlueKeep vulnerability using the recently proposed Metasploit module.
0 kommentar(er)
