BlueKeep Vulnerability - Scanning using Metasploit on Kali Linux
BlueKeep is the nickname for the CVE-2019-0708 - Remote Desktop Services Remote Code Execution Vulnerability.
This vulnerability was disclosed by Microsoft in May 2019 and it could be potentially as disruptive as the previous EternalBlue vulnerability.
Same as EternalBlue, the BlueKeep vulnerability could allow a remote attacker to completely take over a vulnerable Windows system by executing arbitrary code on the target system.
Check the following links for more information in regards to the BlueKeep vulnerability:
Microsoft Security Bulletin CVE-2019-0708
Wikipedia
ZDNET
In this video we will use Kali Linux and the Metasploit BlueKeep scanner module to scan a test vulnerable Windows 7 workstation, then we will apply the patch provided by Microsoft and recheck.
The following Metasploit commands were used:
search BlueKeep
This command lists the Metasploit modules containing the string "BlueKeep".
use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
This command selects the BlueKeep scanner module.
show options
This command displays the options available for the selected module.
set RHOSTS <IP_Address or IP_Address_Range>
This command will set the target IP address (addresses) for the module.
run
This command will run the Metasploit module.
This vulnerability was disclosed by Microsoft in May 2019 and it could be potentially as disruptive as the previous EternalBlue vulnerability.
Same as EternalBlue, the BlueKeep vulnerability could allow a remote attacker to completely take over a vulnerable Windows system by executing arbitrary code on the target system.
Check the following links for more information in regards to the BlueKeep vulnerability:
Microsoft Security Bulletin CVE-2019-0708
Wikipedia
ZDNET
In this video we will use Kali Linux and the Metasploit BlueKeep scanner module to scan a test vulnerable Windows 7 workstation, then we will apply the patch provided by Microsoft and recheck.
The following Metasploit commands were used:
search BlueKeep
This command lists the Metasploit modules containing the string "BlueKeep".
use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
This command selects the BlueKeep scanner module.
show options
This command displays the options available for the selected module.
set RHOSTS <IP_Address or IP_Address_Range>
This command will set the target IP address (addresses) for the module.
run
This command will run the Metasploit module.
This is really nice post, I found and love this content. I will prefer this, thanks for sharing. windows pro original.
ReplyDelete