ekultek / bluekeep Goto Github PK

is there anyway i can contact you?
im intrested in buying the exploit.

Recomendation Change:
https://gofile.io/?c=Xgz5fc

Hi, winxp and 2003 don't support RDP with TLS, we need to modify it, right?

deleted

The heap spray part that was missing for full RCE and bypassing ASLR/DEP is discussed in multiple papers. Did you lost interest or should I make a pull request and finish this exploit to a working RCE? 🗡️

Already using patched code
Target: Windows XP SP3
Attacker: Kali with Python 2.7

[ + ] verifying RDP service on: 172.12.0.136
[ + ] successfully connected to RDP service on host: 172.12.0.136
[ + ] starting RDP connection on 1 targets

[ ! ] unable to connect: (104, 'ECONNRESET')

my e'mail:
[email protected]
thanks

I would really appreciate it if it was possible for you to send me the payload
email: [email protected]

i tried xp sp3, win7 64, win7 64 sp1, win2008 r2, all of them return me "unable to connect: (10054, 'WSAECONNRESET')", what can i do ?

[email protected].

thanksful.

i am korea

you facebook OR Discord please

[ + ] verifying RDP service on: 192.168.140.161
[ + ] successfully connected to RDP service on host: 192.168.140.161
[ + ] starting RDP connection on 1 targets

[ ! ] unable to connect: (104, 'ECONNRESET')

root@root:~/$ python3 bluekeep_poc
Traceback (most recent call last):
File "bluekeep_poc.py", line 6, in
from impacket.impacket.structure import Structure
ModuleNotFoundError: No module named 'impacket.impacket'

does any one occured this error? I tested this poc on windows7 x64 and x86, this error occured both.
[ �[32m+�[0m ] sending Client Security Exhcange PDU packets -->
[ �[32m+�[0m ] <-- received 0x22 bytes from host: 192.168.1.6
[ �[32m+�[0m ] sending Client Confirm Active PDU packet -->
[ �[32m+�[0m ] <-- received 0x1b9 bytes from host: 192.168.1.6
[ �[32m+�[0m ] sending Client Synchronization PDU packet -->
[ �[32m+�[0m ] sending Client Control Cooperate PDU packet -->
[ �[31m!�[0m ] unable to connect: (10054, 'WSAECONNRESET')

I found a windows server suffering from bluekeep vulnerability on a bug bounty program, but I can't write a detailed poc on the vulnerability using This script because it doesn't have any payload to run commands on the target... And I don't have an idea to generate one(metasploit module is not an option). Pls your help will be appreciated 🙏. Just 2 simple commands payload for steps to reproduce .Your twitter account is not reachable

I tried much various payloads, but noone of them works.
Maybe someone know what will work with it?
Pls send payload or any info what can help to [email protected] or here, if possible.
Thanks

OpenSSL.SSL.SysCallError: (104, 'ECONNRESET')

I think
from impacket.impacket.structure import Structure
It should be like this
from impacket.structure import Structure

Hello, was testing your code on clean installed and not updated systems (win 7 sp1, win 2008 r2) and got error (other crash pocs working on that system). How can i fix it? What problem it is?

[ + ] verifying RDP service on: 10.0.0.3
[ + ] successfully connected to RDP service on host: 10.0.0.3
[ + ] starting RDP connection on 1 targets

[ + ] sending Client MCS Connect Initial PDU request packet -->
[ + ] <-- received 0x70 bytes from host: 10.0.0.3
[ + ] sending Client MCS Domain Request PDU packet -->
[ + ] sending Client MCS Attach User PDU request packet -->
[ + ] <-- received 0xb bytes from host: 10.0.0.3
[ + ] sending MCS Channel Join Request PDU packets -->
[ + ] <-- received 0xf bytes from channel 1001 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1002 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1003 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1004 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1005 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1006 on host: 10.0.0.3
[ + ] <-- received 0xf bytes from channel 1007 on host: 10.0.0.3
[ + ] sending Client Security Exhcange PDU packets -->
[ + ] <-- received 0x22 bytes from host: 10.0.0.3
[ + ] sending Client Confirm Active PDU packet -->
[ + ] <-- received 0x1b9 bytes from host: 10.0.0.3
[ + ] sending Client Synchronization PDU packet -->
[ + ] sending Client Control Cooperate PDU packet -->
[ + ] sending Client Control Requesr PDU packet -->
[ + ] sending Client Persistent Key Length PDU packet -->
[ ! ] unable to connect: (104, 'ECONNRESET')

Wrong git sorry

Need to remove double impacket due to the folder. or else it will keep asking for impacket module.

from impacket.impacket.structure import Structure

to

from impacket.structure import Structure

Instead of just having them in the main source file, i suggest we add a file for these in the Research directory as well.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/04c60697-0d9a-4afd-a0cd-2cc133151a9c
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/f5d6a541-9b36-4100-b78f-18710f39f247
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/772d618e-b7d6-4cd0-b735-fa08af558f9d
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4c3c2710-0bf0-4c54-8e69-aff40ffcde66
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/2d122191-af10-4e36-a781-381e91c182b7
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9cde84cd-5055-475a-ac8b-704db419b66f

why nothing happend

[ + ] verifying RDP service on: 192.168.255.151
[ + ] successfully connected to RDP service on host: 192.168.255.151
[ + ] starting RDP connection on 1 targets

[ + ] sending Client MCS Connect Initial PDU request packet -->
[ + ] <-- received 0x70 bytes from host: 192.168.255.151
[ + ] sending Client MCS Domain Request PDU packet -->
[ + ] sending Client MCS Attach User PDU request packet -->
[ + ] <-- received 0xb bytes from host: 192.168.255.151
[ + ] sending MCS Channel Join Request PDU packets -->
[ + ] <-- received 0xf bytes from channel 1001 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1002 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1003 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1004 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1005 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1006 on host: 192.168.255.151
[ + ] <-- received 0xf bytes from channel 1007 on host: 192.168.255.151
[ + ] sending Client Security Exhcange PDU packets -->
[ + ] <-- received 0x22 bytes from host: 192.168.255.151
[ + ] sending Client Confirm Active PDU packet -->
[ + ] <-- received 0x19e bytes from host: 192.168.255.151
[ + ] sending Client Synchronization PDU packet -->
[ + ] sending Client Control Cooperate PDU packet -->
[ + ] sending Client Control Request PDU packet -->
[ + ] sending Client Persistent Key Length PDU packet -->
[ + ] sending Client Font List PDU packet -->
[ + ] <-- received 0x24 bytes from host: 192.168.255.151
[ + ] closing the connection now, this is a PoC not a working exploit

Hello, Ekultek. I'm a college student from School of Cyberspace Security, BUPT, in China. I took a course named Network Security Experiment last term and I found great interest in it. So this summer holiday, I decide to study more about Network Security. I downloaded your BlueKeep on Github last night and it really helps me so much. I found that there is some missing code of payload, I really want to have it and try to exploit my win7 on my VMware. I guarantee that this is only for study and I will never use it for bad things or commercial purpose. So could you help me with my study and send me a working payload. My email is '[email protected]' Thank you so much!

How can we add our own payloads to this so we can try out different things against our own hardware?

(Also minor typo at end of README, its just, not jsut)

There are no payloads. This is just a PoC. HOWEVER it is easily ported to an exploit since you can easily add payloads to this.

I have with each vulnerable IP this error:
[ ! ] unable to connect: [('SSL routines', 'state_machine', 'internal error')]

after freed the ms_t120 channel,I tried to find one channel which I can send data to,however I cannot find one channel is binded before I login,I can send data to some channel but it cannot reach exallocatepoolwithtag because findchannel return 0,would you please give me some advice,thanks

ModuleNotFoundError: No module named 'impacket.impacket'

I'm a script kiddy has lots of dream. I'm from Lao.
I build and have one error here and other cve 2019-0708 PoC solutions too.
the error happen after tls.do_handshake()
error number (104, "ECONNRESET").
I think this analysis 3 days but I can't know what it is.
So help me. What can I do?

C:\BlueKeep-master>python test.py -i 192.168.132.131
[+] DoSing target: 192.168.132.131 a total of 60 times
[+] DoS attempt: 1
[+] establishing initialization
[+] sending ClientData PDU packets
[!] error on target: 192.168.132.131 (<method 'extend' of 'bytearray' objects> r
eturned a result with an error set), if this happened after a successful attack,
change the wait time. How can I solve it? Thank you!

Hi All.
plz help me fixed Error:

'SSL routines', '', 'no protocols available'

windows version: cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598
run your script, the system will reboot.
and install windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu the vulnerability will be repaired, but it shows that there is a vulnerability still, and the system not reboot.