BlueKeep Vulnerability - New Metasploit Exploit on Kali Linux

The much awaited BlueKeep exploit for Metasploit-Framework was made publicly available by RAPID7 only 5 days ago, so I took the opportunity to give it a try in my test environment and make a video about it.

For more information about the BlueKeep vulnerability and the BlueKeep scanner module for Metasploit - please check my previous post.

Check this RAPID7 blog post for more information in regards to the initial release.

The exploit released by RAPID7 is currently in initial / development state and it is NOT available via the usual Kali Linux updates repository.
In order to install the BlueKeep exploit, we will perform first a new Metasploit-Framework installation from the RAPID7 Github repository located at the following URL: https://github.com/rapid7/metasploit-framework
After that we will perform a pull request for the BlueKeep exploit.
The following commands were used for the steps described above:
cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
git fetch origin pull/12283/head:bluekeep
git checkout bluekeep
gem install bundler && bundle
The new Metasploit-Framework installation was launched by using the command below:
./msfconsole -q
... and the new BlueKeep exploit module was loaded with the following command:
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

The commands and options used to configure the BlueKeep exploit are similar to the ones used to configure the EternalBlue exploit modules that were presented before - please check my older EternalBlue posts if needed.

BlueKeep Vulnerability - 
New Metasploit Exploit on Kali Linux



Comments


  1. This is a great article with lots of informative resources. I appreciate your work this is really helpful for everyone. Check out our website computer sales Australia Yorke Peninsula for more related info!

    ReplyDelete
  2. You are really really good

    ReplyDelete
  3. Great Article! I got too much information from this post. Thanks for sharing such a helpful article. Click here for more information about it

    ReplyDelete
  4. IEEE Final Year Project centers make amazing deep learning final year projects ideas for final year students Final Year Projects for CSE to training and develop their deep learning experience and talents.

    IEEE Final Year projects Project Centers in India are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation.

    corporate training in chennai corporate training in chennai

    corporate training companies in india corporate training companies in india

    corporate training companies in chennai corporate training companies in chennai

    I have read your blog its very attractive and impressive. I like it your blog. Digital Marketing Company in Chennai Project Centers in Chennai

    ReplyDelete
  5. Incredible post. Articles that have significant and savvy remarks are more agreeable, at any rate to me. It’s fascinating to peruse what other individuals thought and how it identifies them or their customers, as their point of view could help you later on. Professional Hacker For Hire Online

    ReplyDelete
  6. Thanks for sharing this article here about the hacker. Your article is very informative and I will share it with my other friends as the information is really very useful. Keep sharing your excellent work.Password hacker

    ReplyDelete

Post a comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux