BlueKeep Vulnerability - New Metasploit Exploit on Kali Linux

The much awaited BlueKeep exploit for Metasploit-Framework was made publicly available by RAPID7 only 5 days ago, so I took the opportunity to give it a try in my test environment and make a video about it.

For more information about the BlueKeep vulnerability and the BlueKeep scanner module for Metasploit - please check my previous post.

Check this RAPID7 blog post for more information in regards to the initial release.

The exploit released by RAPID7 is currently in initial / development state and it is NOT available via the usual Kali Linux updates repository.
In order to install the BlueKeep exploit, we will perform first a new Metasploit-Framework installation from the RAPID7 Github repository located at the following URL: https://github.com/rapid7/metasploit-framework
After that we will perform a pull request for the BlueKeep exploit.
The following commands were used for the steps described above:
cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
git fetch origin pull/12283/head:bluekeep
git checkout bluekeep
gem install bundler && bundle
The new Metasploit-Framework installation was launched by using the command below:
./msfconsole -q
... and the new BlueKeep exploit module was loaded with the following command:
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

The commands and options used to configure the BlueKeep exploit are similar to the ones used to configure the EternalBlue exploit modules that were presented before - please check my older EternalBlue posts if needed.

BlueKeep Vulnerability - 
New Metasploit Exploit on Kali Linux



Comments


  1. This is a great article with lots of informative resources. I appreciate your work this is really helpful for everyone. Check out our website computer sales Australia Yorke Peninsula for more related info!

    ReplyDelete
  2. You are really really good

    ReplyDelete

Post a comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux