search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.15k stars 13.97k forks source link

cve_2019_0708_bluekeep does not return target vulnerability status #12692

Closed ku4eto closed 4 years ago

ku4eto commented 4 years ago

Steps to reproduce

Run the scanner

How'd you do it?

  1. set RHOSTS <TARGET>
  2. Target uses default port, RDP with remmina prompts for Username and Password
  3. run or exploit

Expected behavior

Expecting a message on whats the status, whether the target is vulnerable or not

Current behavior

No message about vulnerabiltiy is displayed

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set RHOSTS <ofbuscated>
RHOSTS => 188.254.215.84

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 188.254.215.84:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > exploit

[*] 188.254.215.84:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

According to the README.md, it should provide any of the 3 messages listed there.

System stuff

Metasploit version

Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).

I installed Metasploit with:

ku4eto@ku4eto:~$ msfconsole -v
Framework Version: 5.0.64-dev-
ku4eto@ku4eto:~$ apt-cache policy | grep metasploit
 500 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main i386 Packages
     origin downloads.metasploit.com
 500 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 Packages
     origin downloads.metasploit.com
     metasploit-framework -> 5.0.64+20191209112848~1rapid7-1 with priority 1000

OS

What OS are you running Metasploit on?

Linux Mint 19

wvu commented 4 years ago

What happens when you set VERBOSE true?

ku4eto commented 4 years ago 
sf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set verbose true
verbose => true
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > exploit

[*] 188.254.215.84:3389   - Verifying RDP protocol...
[*] 188.254.215.84:3389   - Attempting to connect using TLS security
[*] 188.254.215.84:3389   - Verifying RDP protocol...
[*] 188.254.215.84:3389   - Attempting to connect using TLS security
[*] 188.254.215.84:3389   - Detected RDP on <obfuscated>:3389   (Windows version: 6.1.7601) (Requires NLA: No)
[*] 188.254.215.84:3389   - Sending erect domain request
[*] 188.254.215.84:3389   - Sending client info PDU
[*] 188.254.215.84:3389   - Received License packet (34 bytes)
[*] 188.254.215.84:3389   - Got license packet type 0xff (LICENSE_ERROR_ALERT)
[*] 188.254.215.84:3389   - License error/alert code 0x7 (LICENSE_ISSUED)
[*] 188.254.215.84:3389   - Waiting for Server Demand packet
[*] 188.254.215.84:3389   - Received Server Demand packet
[*] 188.254.215.84:3389   - Sending client confirm active PDU
[*] 188.254.215.84:3389   - Sending client synchronize PDU
[*] 188.254.215.84:3389   - Sending client control cooperate PDU
[*] 188.254.215.84:3389   - Sending client control request control PDU
[*] 188.254.215.84:3389   - Sending client input sychronize PDU
[*] 188.254.215.84:3389   - Sending client font list PDU
[*] 188.254.215.84:3389   - Sending patch check payloads
[-] 188.254.215.84:3389   - Error communicating RDP protocol.
[*] 188.254.215.84:3389   - Cannot reliably check exploitability.
[*] 188.254.215.84:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Oh, there we go.