0xeb-bp / bluekeep Goto Github PK
View Code? Open in Web Editor NEWPublic work for CVE-2019-0708
License: GNU General Public License v3.0
Public work for CVE-2019-0708
License: GNU General Public License v3.0
What should I use to generate shellcode?
thx.
Can you please provide assistance to address this error:
python3 win7_32_poc.py
[+] initializing connection
[+] sending basic settings exchange
[+] sending erect domain and attach user
[+] sending channel join requests
[+] sending security exchange
Traceback (most recent call last):
File "win7_32_poc.py", line 156, in <module>
main()
File "win7_32_poc.py", line 40, in main
crypter = rdp.connect(s)
File "/root/Documents/scripts/bluekeep_32bit/rdp.py", line 469, in connect
s.sendall(sec_exchange(pub_key, bit_len))
File "/root/Documents/scripts/bluekeep_32bit/rdp.py", line 113, in sec_exchange
enc_client_ran = pubkey.encrypt(b'A'*32, None)[0]
File "/usr/local/lib/python3.6/dist-packages/Crypto/PublicKey/RSA.py", line 375, in encrypt
raise NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead")
NotImplementedError: Use module Crypto.Cipher.PKCS1_OAEP instead
Want to see how to use 2003 for stable utilization
└─# python3 win7_32_poc.py 130 ⨯
[+] initializing connection
[+] sending basic settings exchange
[+] sending erect domain and attach user
[+] sending channel join requests
[+] sending security exchange
Traceback (most recent call last):
File "win7_32_poc.py", line 175, in
main()
File "win7_32_poc.py", line 40, in main
crypter = rdp.connect(s)
File "/home/kali/bluekeep/rdp.py", line 469, in connect
s.sendall(sec_exchange(pub_key, bit_len))
File "/home/kali/bluekeep/rdp.py", line 113, in sec_exchange
enc_client_ran = pubkey.encrypt(b'A'*32, None)[0]
File "/usr/local/lib/python3.8/dist-packages/Crypto/PublicKey/RSA.py", line 375, in encrypt
raise NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead")
NotImplementedError: Use module Crypto.Cipher.PKCS1_OAEP instead
This is what I get after running -> python3 win7_32_poc.py
Hi I tried to use the exploit and put my own shellcode inside. Unfortunetelly no matter what shellcode there is, it allways kills the victims PC. I think it may be due to function free_32 in rdp.py file.
Can you add users directly?
Hello there , i just run this code against one of my lab targets and nothing happend !
i mean no crash , no RCE , nothing !
If I'm correct, it uses the 'cliprdr' channel to groom the heap? If so, will that work for 2008 R2? I haven't gotten any success with it on a 2008 R2 VM.
'RDPSND' channel requires registry modification, and I don't think rapid-7's module has proper code for using MS_T120, apparently doesn't pop the correct number of args from the stack...
The virt_chan_data parameter in the function write_virtual_channel is the code we want to overflow?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.