• Stars
    star
    1,170
  • Rank 39,939 (Top 0.8 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Proof of concept for CVE-2019-0708

Bluekeep PoC

This repo contains research concerning CVE-2019-0708.

Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems:

  • Windows 2003
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2

The vulnerability occurs during pre-authorization and has the potential to run arbitrary malicious code in the NT Authority\system user security context.

How it works

By sending a specially crafted packet an attacker is able to set the value for the Channel ID to something the RDP service isn't expecting, this causes a memory corruption bug that will create the conditions for Remote Code Execution to occur. Should the attacker choose to follow up with packets designed to take advantage of this flaw remote code execution can be achieved with System user privileges.

Setup

sudo apt install python python-dev python-setuptools python-pip openssl openssl-dev git
git clone https://github.com/ekultek/bluekeep
cd bluekeep
pip install -r requirements.txt

That should do what you need done and fix any issue you have.

Credits

Research by Ekultek and (VectorSEC)/NullArray

Development & Testing by Ekultek

Follow us on Twitter

In Closing

You can see some of our research, along with a list of potentially vulnerable targets under the research directory. We started with very little and decided that we weren't going to stop until we had a working exploit. I have been able to execute commands on Windows XP with this PoC personally.

Note

There are no payloads. This is just a PoC. HOWEVER it is easily ported to an exploit since you can easily add payloads to this.

More Repositories

1

WhatWaf

Detect and bypass web application firewalls and protection systems
Python
2,604
star
2

WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information
Python
1,126
star
3

Zeus-Scanner

Advanced reconnaissance utility
Python
953
star
4

Pybelt

The hackers tool belt
Python
510
star
5

Graffiti

A tool to generate obfuscated one liners to aid in penetration testing
Python
176
star
6

Dagon

Advanced Hash Manipulation
Python
171
star
7

XanXSS

A simple XSS finding tool
Python
107
star
8

tadpole

Download files out of open AWS buckets
Python
37
star
9

HacApt

Package manager for hackers built by hackers
Python
35
star
10

Checkers

Determine everything you need to know to about a system
Python
30
star
11

GitRekt

Search .git folders for emails and URL's that should otherwise be hidden
Python
28
star
12

WhatDir

Multi-threaded web application directory bruteforcer
Python
24
star
13

Strutter

Proof of Concept for CVE-2018-11776
Python
20
star
14

PoC

Leveraging CVE-2018-19788 without root shells
Python
18
star
15

CVE-2019-17625

Working exploit code for CVE-2019-17625
Python
17
star
16

soapy

log file scrubber
Python
15
star
17

CVE-2019-7216

Filechucker filter bypass Proof Of Concept
10
star
18

letmein

Lightweight easy to use password manager
Python
9
star
19

Whisper

Intellegent detection system to determine if a computer has been compromised
8
star
20

arpper

Simple tool to determine live IP addresses on a local network
Python
7
star
21

ISIE

InfoSlut Image Editor
Python
6
star
22

pen-test

Pentesting tools
Python
6
star
23

elastic-custom-scraper

Python
4
star
24

Throwing-Shade

You all know what this is for.
3
star
25

codecademy

Python codecademy
Python
3
star
26

TikTok-Pixel-Code

Deobfuscated and comments TikTok pixel Javascript code
JavaScript
3
star
27

email-tool

An email generator CLI based tool
Ruby
3
star
28

charmed

Issues reported to jetbrains that they decided weren't issues
Python
3
star
29

Gignor

Stashing for computer cleaning
Python
2
star
30

Analyzer.

Simple text Analyzer
Ruby
2
star
31

Inventory-Management-Framework

A basic overview framework of an inventory management system
Python
2
star
32

archiver

Extremely quick file archiver, send files to a zip file in under 30 seconds.
C#
2
star
33

IDENT

Ip address DENying Tool
Python
1
star
34

u2b

Holding repo for a reimage
Python
1
star
35

exercism-io-answers

Exercism.IOanswers
Python
1
star
36

Python-Challenges

Challenges that I've done using Python
Python
1
star
37

C

Learning C from learncthehardway
C
1
star