Code Monkey home page Code Monkey logo

cve-2019-0708's Introduction

CVE-2019-0708

The Crashing Part [BSOD] has been removed intentionally!

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

References:

Usage

usage: python3 poc.py -f ips.txt

Contribution, Credits & License

Ways to contribute

  • Suggest a feature
  • Report a bug
  • Fixing Issues

Licensed under the GNU GPLv3, see LICENSE for more information.

cve-2019-0708's People

Contributors

leoid avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

raystyle ryhanson xvredebreuk trevor3000 sucof pipi666 cev-code yhzx2013 blueicesir openkava radcet knooow u53r55 aklmtst attackgithub alex895 hacks2learn baraalmasri waterbolik ztk-009 wj158 briansandro x-vector akshay8043 dptechma t3st0r-git vismylover rafi693 johnwax autun12 microqs kmwin 5l1v3r1 xzvb12 lantern-r narayanr7 mfer125 richard6666 gh0st0ne maru7777 itcytandchenmeng

cve-2019-0708's Issues

Does the program not support xp sp3? 

                                                                 �[97m�[92m
                        # Developed by Bitwis3
                    # CVE-2019-0708 BSOD & Checker

�[93m[�[91m+�[93m] Targets were Loaded�[92m
�[93m[�[91m*�[93m] Start Checking, Please Wait.
�[92m
�[93m[�[92m+�[93m] HOST [�[92m192.168.88.111�[93m] Connected to The RDP Service!
�[92m

C:\Users\Test\Desktop>

hi!
The goal of my test is xp, and the result is not correct?
Does the program not support xp sp3?

Upgrade it to an exploit

Let's say I am going to port it into an actual exploit, at which stage should I introduce my own code.

In @Ekultek 's version of PoC it's clearly indicated. Just FYI.

ImportError: No module named impacket

Traceback (most recent call last):
File "0708.py", line 34, in
from impacket.structure import Structure
ModuleNotFoundError: No module named 'impacket'

Just a Scanner

I tested it on Windows Server 2008 R2,but ,,,,nothing hanppend.Just a simple scanner

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.