bwatters-r7
commented
4 years ago The exploit relies on corrupting kernel memory on the remote host just enough to force it to access a particular location. The exact amount and location of the memory it needs to corrupt varies depending on multiple factors. It is possible that when you exploit a target using bluekeep, it may not corrupt enough memory, and no session happens, or alternatively, we may corrupt too much memory and bluescreen the target. That variability is a consequence of the vulnerability.
its0x08
I ran the module in a remote host.Though no meterpreter session was opened but the host down after the exploit.Can you please explain why session not created.Is the exploit was successful. [] Started reverse TCP handler on 172.31.23.143:4444 [] IP:3389 - Detected RDP on IP:3389 (Windows version: 6.1.7601) (Requires NLA: No) [+] IP:3389 - The target is vulnerable. [] IP:3389 - Using CHUNK grooming strategy. Size 1MB, target address 0xfffffa8003900000, Channel count 1. [] IP:3389 - Surfing channels ... [] IP:3389 - Lobbing eggs ... [] IP:3389 - Forcing the USE of FREE'd object ... [*] Exploit completed, but no session was created.