Add Msf::Exploit::Remote::RDP mixin and refactor BlueKeep (CVE-2019-0708) scanner

[TomSellers]

This PR is a WIP and refactors RDP protocol code into a Msf::Exploit::Remote mixin. The intent is for this to serve as a point of discussion during the process. If it reaches a usable state a new PR will be created against the current master branch.

This PR will be noisy as I iterate over the changes and address feedback.

Desired for #12170.

[wvu]

Haven't tested it, but this looks good enough from a code standpoint. Thanks for doing this!

[OJ]

Nice work Tom :)

[wvu]

Vuln Win7 SP1 x64 with NLA disabled

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.117:3389   - Verifying RDP protocol...
[*] 192.168.56.117:3389   - Attempting to connect using TLS security
[*] 192.168.56.117:3389   - Sending erect domain request
[*] 192.168.56.117:3389   - Sending client info PDU
[*] 192.168.56.117:3389   - Received License packet
[*] 192.168.56.117:3389   - Waiting for Server Demand packet
[*] 192.168.56.117:3389   - Received Server Demand packet
[*] 192.168.56.117:3389   - Sending client confirm active PDU
[*] 192.168.56.117:3389   - Sending client synchronize PDU
[*] 192.168.56.117:3389   - Sending client control cooperate PDU
[*] 192.168.56.117:3389   - Sending client control request control PDU
[*] 192.168.56.117:3389   - Sending client input sychronize PDU
[*] 192.168.56.117:3389   - Sending client font list PDU
[*] 192.168.56.117:3389   - Sending patch check payloads
[+] 192.168.56.117:3389   - The target is vulnerable.
[*] 192.168.56.117:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >

Vuln Win7 SP1 x64 with NLA enabled

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.117:3389   - Verifying RDP protocol...
[*] 192.168.56.117:3389   - Attempting to connect using TLS security
[*] 192.168.56.117:3389   - Server requires NLA (CredSSP) security which mitigates this vulnerability.
[*] 192.168.56.117:3389   - The target is not exploitable.
[*] 192.168.56.117:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >

Not vuln Win10 x64 with NLA disabled

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.112:3389   - Verifying RDP protocol...
[*] 192.168.56.112:3389   - Attempting to connect using TLS security
[*] 192.168.56.112:3389   - Sending erect domain request
[*] 192.168.56.112:3389   - Sending client info PDU
[*] 192.168.56.112:3389   - Received License packet
[*] 192.168.56.112:3389   - Waiting for Server Demand packet
[*] 192.168.56.112:3389   - Received Server Demand packet
[*] 192.168.56.112:3389   - Sending client confirm active PDU
[*] 192.168.56.112:3389   - Sending client synchronize PDU
[*] 192.168.56.112:3389   - Sending client control cooperate PDU
[*] 192.168.56.112:3389   - Sending client control request control PDU
[*] 192.168.56.112:3389   - Sending client input sychronize PDU
[*] 192.168.56.112:3389   - Sending client font list PDU
[*] 192.168.56.112:3389   - Sending patch check payloads
[*] 192.168.56.112:3389   - The target is not exploitable.
[*] 192.168.56.112:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >

Not vuln Win10 x64 with NLA enabled

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.112:3389   - Verifying RDP protocol...
[*] 192.168.56.112:3389   - Attempting to connect using TLS security
[*] 192.168.56.112:3389   - Server requires NLA (CredSSP) security which mitigates this vulnerability.
[*] 192.168.56.112:3389   - The target is not exploitable.
[*] 192.168.56.112:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >

[wvu]

Release Notes

The BlueKeep (CVE-2019-0708) scanner code has been moved into an Msf::Exploit::Remote::RDP mixin for consolidation and reuse.