Skip to content
Only Hitting PoC [Tested on Windows Server 2008 r2]
Python
Branch: master
Clone or download
Latest commit 361a667 May 27, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
0708.py
README.md
sc.JPG

README.md

CVE-2019-0708

The Crashing Part [BSOD] has been removed intentionally!

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

References:

Usage

usage: python3 poc.py -f ips.txt

Contribution, Credits & License

Ways to contribute

  • Suggest a feature
  • Report a bug
  • Fixing Issues

Licensed under the GNU GPLv3, see LICENSE for more information.

You can’t perform that action at this time.