微软3389远程漏洞CVE-2019-0708批量检测工具

Posted 2020-11-12 17bdw

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了微软3389远程漏洞CVE-2019-0708批量检测工具相关的知识，希望对你有一定的参考价值。

0x001 Win下检测

https://github.com/robertdavidgraham/rdpscan
C:UsersK8teamDesktop
dpscan-mastervs10Release 的目录


2019/06/02  02:11    <DIR>          .
2019/06/02  02:11    <DIR>          ..
2019/06/02  01:55         2,582,016 libcrypto-1_1.dll
2019/06/02  01:57           619,520 libssl-1_1.dll
2019/06/02  02:04           172,032 rdpscan.exe
3 个文件      3,373,568 字节
2 个目录  2,462,433,280 可用字节


C:UsersK8teamDesktop
dpscan-mastervs10Release>rdpscan 192.168.1.101-192.168.1.105
192.168.1.101 - VULNERABLE - CVE-2019-0708
192.168.1.102 - VULNERABLE - CVE-2019-0708


C:UsersK8teamDesktop
dpscan-mastervs10Release>rdpscan 192.168.1.101-192.168.1.105
192.168.1.102 - SAFE - CredSSP/NLA required
192.168.1.101 - VULNERABLE - CVE-2019-0708

0x002 Linux下检测

https://github.com/SugiB3o/Check-vuln-CVE-2019-0708
root@kali:~/Desktop# ./rdesktop 192.168.1.101:3389
ERROR: Failed to open keymap en-us
[+] Registering MS_T120 channel.
Failed to negotiate protocol, retrying with plain RDP.
[+] Sending MS_T120 check packet (size: 0x20 - offset: 0x8)
[+] Sending MS_T120 check packet (size: 0x10 - offset: 0x4)
[!] Target is VULNERABLE!!!

以上是关于微软3389远程漏洞CVE-2019-0708批量检测工具的主要内容，如果未能解决你的问题，请参考以下文章

cve-2019-0708 远程桌面代码执行漏洞复现

CVE-2019-0708—微软RDP远程桌面代码执行漏洞复现

CVE-2019-0708蠕虫级漏洞利用

windows RDP远程代码执行_CVE-2019-0708漏洞复现