worawit/CVE-2019-0708 worawit/CVE-2019-0708

  • Stars
    star
    103
  • Rank 322,239 (Top 7 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
worawit/CVE-2019-0708
github

worawit

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2019-0708 (BlueKeep)

CVE-2019-0708 (BlueKeep)

Currently, I public only the exploitation note for Windows 7 x64 only. See NOTE.md

Note: Windows 2008 R2 with default configuration (fDisableCam=1) can be exploited. Reliability is same as Windows 7.

Update (July 2020)

  • Add info for Windows Server 2008 to NOTE.md
  • Add PoCs for filling target kernel unpaged pool
  • Add script for detecting target info
  • Add PoC code execution on Windows 7 x86

Files

  • myrdp.py My RDP library (messy)
  • myasn1.py My ASN.1 for RDP (required by myrdp.py)
  • rdp4mppc.py MPPC-Based Bulk Data Compression for RDP 4.0
  • rdp_detect_info.py For detecting info related to vulnerability from RDP server
  • poc_rdpsnd.py PoC code execution on Windows 7 x86
  • poc_rdpsnd_fill.py PoC for filling kernel nonpaged pool over RDPSND channel
  • poc_rdpdr_fill.py PoC for filling kernel nonpaged pool over RDPDR channel
  • poc_refreshrect_fill.py PoC for filling kernel nonpaged pool with REFRESHRECT pdu

More Repositories

1

MS17-010

MS17-010
Python
2,002
star
2

CVE-2021-3156

Sudo Baron Samedit Exploit
Python
598
star
3

malk

Demonstrate calling a kernel function and handle process creation callback against HVCI
C++
15
star
4

beaengine-fork

Fork of BeaEngine
C
11
star
5

blutter

Flutter Mobile Application Reverse Engineering Tool
1
star