Published: 16/05/2019 Updated: 07/04/2025

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows
microsoft windows server
microsoft windows 7 -
microsoft windows server 2008 -
microsoft windows server 2008 r2
siemens axiom multix m firmware
siemens axiom vertix md trauma firmware
siemens axiom vertix solitaire m firmware
siemens mobilett xp digital firmware
siemens multix pro acss p firmware
siemens multix pro p firmware
siemens multix pro firmware
siemens multix pro acss firmware
siemens multix pro navy firmware
siemens multix swing firmware
siemens multix top firmware
siemens multix top acss firmware
siemens multix top p firmware
siemens multix top acss p firmware
siemens vertix solitaire firmware
siemens atellica solution firmware
siemens aptio firmware
siemens streamlab firmware
siemens centralink firmware
siemens viva e firmware
siemens viva twin firmware
siemens syngo lab process manager
siemens rapidpoint 500 firmware
siemens lantis firmware
huawei agile controller-campus firmware v100r002c00
huawei agile controller-campus firmware v100r002c10
huawei bh620 v2 firmware v100r002c00
huawei bh621 v2 firmware v100r002c00
huawei bh622 v2 firmware v100r001c00
huawei bh640 v2 firmware v100r002c00
huawei ch121 firmware v100r001c00
huawei ch140 firmware v100r001c00
huawei ch220 firmware v100r001c00
huawei ch221 firmware v100r001c00
huawei ch222 firmware v100r002c00
huawei ch240 firmware v100r001c00
huawei ch242 firmware v100r001c00
huawei ch242 v3 firmware v100r001c00
huawei e6000 firmware v100r002c00
huawei e6000 chassis firmware v100r001c00
huawei gtsoftx3000 firmware v200r001c01spc100
huawei gtsoftx3000 firmware v200r002c00spc300
huawei gtsoftx3000 firmware v200r002c10spc100
huawei oceanstor 18500 firmware v100r001c30spc300
huawei oceanstor 18800 firmware v100r001c30spc300
huawei oceanstor 18800f firmware v100r001c30spc300
huawei oceanstor hvs85t firmware v100r001c00
huawei oceanstor hvs85t firmware v100r001c30spc200
huawei oceanstor hvs88t firmware v100r001c00
huawei oceanstor hvs88t firmware v100r001c30spc200
huawei rh1288 v2 firmware v100r002c00
huawei rh1288a v2 firmware v100r002c00
huawei rh2265 v2 firmware v100r002c00
huawei rh2268 v2 firmware v100r002c00
huawei rh2285 v2 firmware v100r002c00
huawei rh2285h v2 firmware v100r002c00
huawei rh2288 v2 firmware v100r002c00
huawei rh2288a v2 firmware v100r002c00
huawei rh2288e v2 firmware v100r002c00
huawei rh2288h v2 firmware v100r002c00
huawei rh2485 v2 firmware v100r002c00
huawei rh5885 v2 firmware v100r001c00
huawei rh5885 v3 firmware v100r003c00
huawei smc2.0 firmware v500r002c00
huawei smc2.0 firmware v600r006c00
huawei seco vsm firmware v200r002c00
huawei uma firmware v200r001c00
huawei uma firmware v300r001c00
huawei x6000 firmware v100r002c00
huawei x8000 firmware v100r002c20
huawei elog firmware v200r003c10
huawei espace ecs firmware v300r001c00

The RDP termddsys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution ...

Proof of concept exploit for a remote code execution vulnerability in Microsoft's RDP service ...

Microsoft Windows Remote Desktop BlueKeep denial of service exploit ...

import socket, sys, struct from OpenSSL import SSL from impacketstructure import Structure # I'm not responsible for what you use this to accomplish and should only be used for education purposes # Could clean these up since I don't even use them class TPKT(Structure): commonHdr = ( ('Version','B=3'), ('Reserved','B=0'), ('Length','>H= ...

#RDP Blue POC by k8gege #Local: Win7 (python) #Target: Win2003 & Win2008 (open 3389) import socket import sys import os import platform buf="" buf+="\x03\x00\x00\x13" # TPKT, Version 3, lenght 19 buf+="\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x00\x00\x00\x00" # ITU-T Rec X224 buf+="\x03\x00\x01\xd6" # TPKT, Version 3, lenght 470 buf+=" ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## # Exploitation and Caveats from zerosum0x0: # # 1 Register with channel MS_T120 (and others such as RDPDR/RDPSND) nominally # 2 Perform a full RDP handshake, I like to wait for RDPDR handshake too (cod ...

# EDB Note: Download ~ githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683zip import rdp import socket import binascii import time def pool_spray(s, crypter, payload): times = 10000 count = 0 while count < times: count += 1 #print('time through %d' % count) try: ...

# Exploit Title: Bluekeep Denial of Service (metasploit module) # Shodan Dork: port:3389 # Date: 07/14/2019 # Exploit Author: RAMELLA Sebastien (githubcom/mekhalleh/) # Vendor Homepage: microsoftcom # Version: all affected RDP services by cve-2019-0708 # Tested on: Windows XP (32-bits) / Windows 7 (64-bits) # CVE : 2019-0708 # I ...

This module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts It can optionally trigger the DoS vulnerability ...

msf > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf auxiliary(cve_2019_0708_bluekeep) > show actions
    ...actions...
msf auxiliary(cve_2019_0708_bluekeep) > set ACTION < action-name >
msf auxiliary(cve_2019_0708_bluekeep) > show options
    ...show and set options...
msf auxiliary(cve_2019_0708_bluekeep) > run

msf > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf auxiliary(cve_2019_0708_bluekeep) > show actions
    ...actions...
msf auxiliary(cve_2019_0708_bluekeep) > set ACTION < action-name >
msf auxiliary(cve_2019_0708_bluekeep) > show options
    ...show and set options...
msf auxiliary(cve_2019_0708_bluekeep) > run

网络资产端口探测及漏洞检测图形化工具

功能介绍工具支持IP存活检测工具不支持ARP存活检测工具支持IP端口检测，分为三种模式：Masscan，Nmap以及Sock探测的方式，可针对IP的数量，以及性能的预算进行选择使用 IP端口检测支持全端口检测，Top1000检测，风险端口检测工具针对检测出来的风险端口可进行漏洞检测工具支持单个IP

Black-box network penetration testing project using tools like Nmap, Nessus, Metasploit & Burp Suite. Includes CVSS-based risk assessment & remediation roadmap.

Network Penetration Testing Report Project Title: Black Box Approach for Multiple IPs Domain: Cybersecurity & Ethical Hacking (VAPT) Duration: January 2025 - February 2025 Mentor: Mr Nishchay Gaba (Cybersecurity Researcher at Hacking Articles) Overview Conducted black box penetration testing on 30 public IP addresses to identify security vulnerabilities from an externa

Dựa trên tài liệu bạn đã tải lên, dưới đây là hướng dẫn chuẩn hóa dữ liệu PCAP với CICFlowMeter, đánh nhãn và cài đặt huấn luyện mô hình Random Forest để phát hiện tấn công: 1 Chuẩn hóa dữ liệu với CICFlowMeter 11 Tr&iacu

eJPTv2 Cheat Sheet Reconocimiento $ whois <URL> $ host <URL> $ whatweb <URL> $ dnsrecon -d <URL> dnsdumpstercom $ wafw00f <URL>

Log Source securitydatasetscom/notebooks/atomic/windows/introhtml ieeexploreieeeorg/abstract/document/9678773/references#references dlacmorg/doi/abs/101145/33389063338931 Günlük verilerinin istikrarsızlığı iki kaynaktan gelir: 1) günlük ifadelerinin evrimi ve 2) günlük verilerindeki işleme gürült&uum

eJPT Study Notes Author: Samuel Pérez López Introduction These notes are intended to serve as a comprehensive guide for the eJPT (Junior Penetration Tester) certification They cover various aspects of the certification, including assessment methodologies, host and network auditing, host and network penetration testing, and web application penetration testing Tab

RedOps is a network and security testing tool. Key features: subdomain discovery, port scanning, and vulnerability testing. New features: Reverse DNS Lookup, DNS Zone Transfer Testing, Open Redirect Testing, Command Injection Testing, and CVE Exploit Checker.

RedOps Code Documentation RedOps is a multifunctional tool designed for basic security testing on web applications and servers The tool allows users to execute various testing functions for reconnaissance and vulnerability assessment, including: Subdomain Discovery: Searches for subdomains associated with a given domain using the crtsh database GET Request Flooding: Sends m

Security-EternalBlue-Bluekeep Relatório de Segurança da Informação em Ambiente Interno com Kali Linux Este repositório contém o relatório completo do projeto acadêmico desenvolvido no curso de Sistemas de Informação do Centro Universitário UNIFACISA, cujo objetivo principal foi realizar uma análi

elevate-labs-task-3 tool used - Nessus scan type - Vulnerability scan Target ip - 1981050 Done the scan to the ip gone through the findings from the result scan summary: Severity Count Critical 2 High 4 Medium 7 Low 5 Info 12 vulnerabilities found: i)Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness CVE-2019-070

DevTools is a network and security testing tool. Key features: subdomain discovery, port scanning, and vulnerability testing. New features: Reverse DNS Lookup, DNS Zone Transfer Testing, Open Redirect Testing, Command Injection Testing, and CVE Exploit Checker.

DevTools Code Documentation DevTools is a multifunctional tool designed for basic security testing on web applications and servers The tool allows users to execute various testing functions for reconnaissance and vulnerability assessment, including: Subdomain Discovery: Searches for subdomains associated with a given domain using the crtsh database GET Request Flooding: Sen

CVE-Exploitation-Reports CVE Exploitation Reports: CVE-2007-3280, CVE-2017-0144, CVE-2019-0708 This repository contains detailed exploitation reports for the following Common Vulnerabilities and Exposures (CVEs): CVE-2007-3280: A buffer overflow vulnerability in the RealPlayer ActiveX control, which allows remote attackers to execute arbitrary code via a crafted URL CVE-2017-0

eJPTv2-Notes Information Gathering - Reconnaissance (the first step) (part of Assessment Methodologies) Obtaining information about the target both actively and passively passive (reconnaissance) - finding the ip, domain address of the target, finding subdomains, social media profiles, domain ownership information, web technologies used in the website (not engaging with the ta

This repository contains the documentation and results of an advanced Vulnerability Assessment and Penetration Testing (VAPT) project conducted on a Windows 7 machine using Kali Linux. The objective of this project is to identify, exploit, and document known vulnerabilities in the Windows 7 operating system.

Project Overview The objective of this project is to conduct an advanced Vulnerability Assessment and Penetration Testing (VAPT) on a Windows 7 system Using various tools and techniques, this project aims to identify, exploit, and document known vulnerabilities, thereby demonstrating practical cybersecurity skills in a controlled environment Key Objectives Identify Vulnerabi

data_from_pentest

Themes for Repeat: Enumeration (Linux, Windows) Which new tools I learn and for what purpose? Phishing with reverse shell (bypass and hidden) RE-exploitation techniques (RID, Pstools, creating new users with high privileges) Enumeration of domain Pass The Hash (Sym, system dump) API [+] API [+] githubcom/arainho/awesome-api-security Types of reconnaissance activities

Sistemas Operativos

Importancia del Conocimiento en Sistemas Operativos y Seguridad Grupo 2 Juan Dominid Muñoz Eslava Introducción El conocimiento profundo de los sistemas operativos es fundamental para cualquier profesional de la tecnología, especialmente en el ámbito de la ciberseguridad Comprender cómo funcionan los sistemas operativos, sus vulnerabilidad

IS HITCON Pacific Day 1 Temp 惡意知識庫 owlnchcorgtw/ drivegooglecom/open?id=1hNKwzxx5QuPjn1wTKguwGLmgzVW9etsc drivegooglecom/open?id=0B9qqqzOjzwW9UFUxY1Rlb0diS00 drivegooglecom/file/d/0B6cOjCkh6yRSeEc1a0hnaHU3aGM/view?usp=sharing TeamViewer Hack Could Be Used By Anyone thehackernewscom/2017/12/teamviewer-hacking-toolhtml

About An archive of created past projects No more tixes, no more fixes Beware of fakes! Signed with PGP key at keybaseio/zerosum0x0 Inventory CVE-2016-6366: improvements to the EXTRABACON exploit CVE-2019-0708: Scanner/exploit PoC for BlueKeep RDP RCE vuln defcon-25-workshop: Windows Post-Exploitation / Malware Forward Engineering DEF CON 25 Workshop FPG: Flying Pro

Vulnerability-Scanning-Task-Solution Step 1: Install OpenVAS or Nessus Essentials Option A: Nessus Essentials (easier setup) Go to wwwtenablecom/products/nessus Choose Nessus Essentials (Free) and register for an activation code Download and install it for your OS (Windows/Linux/Mac) Once installed, open localhost:8834 in your browser and activate it using t

Dự Án Kiểm Thử Xâm Nhập BlueKeep Giới Thiệu Repository này chứa các tài liệu và script từ dự án kiểm thử xâm nhập white-box nhắm vào lỗ hổng BlueKeep (CVE-2019-0708) trên Windows Server 2008 R2 Dự án mô phỏng cả tấn công từ bên ngoài (qua

SIGMA detection rules Project purpose: SIGMA detection rules provides a free set of >320 advanced correlation rules to be used for suspicious hunting activities How to use the rules: The SIGMA rules can be used in different ways together with your SIEM: Using the native SIGMA converter: githubcom/SigmaHQ/sigma Using SOC Prime online SIGMA converter: un

Set of SIGMA rules (>320) mapped to MITRE Att@k tactic and techniques

cve_scraper python script to scrape tenable website for plugin data associated with a CVE import data via excel workbook (xlsx) exports plugin data via csv create workbook with no field headers, just list the CVE numbers in the column A, starting with A1; ensure to save as workbook (xlsx); for example: (cell A1), type "CVE-2019-0708" (without quotes), (cell A2) &qu

RDP Breaker Tool Authors @samir Features Key Features Fetch RDP Hosts: The tool allows users to specify the number of RDP hosts they want to fetch for further assessment Masscan Integration: Users can choose to use masscan, a fast port scanning tool, to identify hosts with open RDP ports Metasploit Integration: Users can choose to use Metasploit, a popular penetration

A repository for a cybersecurity pentesting lab

Cybersecurity Pentesting Lab This project is part of a cybersecurity pentesting lab for a company, comprising of 100 or more Windows 11 PCs on the same network The goal is to include as many attack modules as necessary to ensure maximum success in compromising and controlling all Windows PCs in the network Finalized Attack Modules & Automation Flow 1 Initial WiFi Cra

🔒 Vulnerability Assessment and Penetration Testing (VAPT) Reports This repository contains detailed reports from internal Vulnerability Assessment and Penetration Testing (VAPT) exercises conducted on various hosts within a private network (1723100/16) The testing was performed using Kali Linux, Nmap, and Tenable Nessus Essentials, as part of a cybersecurity project focu

CVE-2019-0708, A tool which mass hunts for bluekeep vulnerability for exploitation.

Bluekeep-Hunter CVE-2019-0708 This uses metasploit module in order to scan and check if CVE-2019-0708 exists or not The objective of this is to check and confirm if computers in the organisations are actually vulnerable or not rather than using a simple checking of version and other parameters not being met This checker solves that problem It will hunt and exploit, just get

___ ' I ' |-"""-| _;-"""-;_ _-' _--_ '-_ ';---(_o_I_o_)---;' ` | | | | | | ` `-\| | | |/-' | | | | | \_/ | _'; __ ;'_ _-'

Wh1teZe 的个人博客 - 记录精彩的程序人生

Wh1teZe 的个人博客记录精彩的程序人生最新 BuuCTF刷题之旅之WarmUp 基于SQLMap的tamper模块bypass姿态学习 CVE-2019-0708远程桌面代码执行漏洞复现 Web页面解析及HTTP协议简单总结 SQL注入相关语句归类总结数据库系统表相关学习关系型数据库VS非关系型数据库 Mysql基本操作 LEMP环境搭建及安全

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 githubcom/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 <DIR> 2019/06/02 02:11 <DIR> 2019/06/02 01:55 2,582,016 libcrypto-1_1dll 2019/06/02 01:57 619,520 libs

CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7

CVE-2019-0708 (BlueKeep) pre-auth RCE POC on Windows7 This repository demonstrates the remote code execution bug in Windows Remote Desktop Services (RDS) Here is a POC code and technical report about BlueKeep vulnerability, which we developed before NOTE: Our goal is helping analysts to get better understanding about critical vulnerabilities How to use Prerequisites Our exp

bluekeep Public work for CVE-2019-0708 2019-11-17 Update Added Windows 7 32bit exploit POC code Using the address within the POC exploit code I had ~80% success rate against my test VM It could likely be modfied to increase Usage Replace the buf variable with your shellcode Update the host variable to your target python3 win7_32_pocpy Requirements Python3 Legal Disclaim

Pentest Tools Framework (exploits, Scanner, Password) Details NEWS Modules PTF UPDATE! PTF OPtions ------------------------------------------------------------------------------------- | Global Option |

nmap扫描工具

Python nmap Scripts are example of use of python nmap and possibility to integrate it with other python module like Metasploit or ServiceNow Alone it can provide clear report, without needed to parser or formatting it after scan finished Script also improve speed and reliability by scan phases and some other additional functions List of scripts: cisco_SIE_Scanpy - Discover

CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell

CVE-2019-0708-EXP-Windows-Version 申明作者poc仅供研究目的,如果读者利用本poc从事其他行为,与本人无关目录 [toc] 介绍 CVE-2019-0708-EXP-Windows版单文件exe运行,无需linux,python,ruby等,运行后直接在当前控制台反弹System权限Shell 编译采用全静态库模式内联所有dll,集成netcat和openssl,支持进度条显示,shell回�

Metasploit module for CVE-2019-0708 (BlueKeep) - https://github.com/rapid7/metasploit-framework/tree/5a0119b04309c8e61b44763ac08811cd3ecbbf8d/modules/exploits/windows/rdp

CVE-2019-0708 (Bluekeep) Metasploit module for CVE-2019-0708 (BlueKeep) Pulled from githubcom/rapid7/metasploit-framework/tree/5a0119b04309c8e61b44763ac08811cd3ecbbf8d/modules/exploits/windows/rdp and fixed File copy instructions Make a folder named 'rdp' in /usr/share/metasploit-framework/modules/exploits/windows/ Copy the files 'cve_2019_0708_bluekeep

ispy ispy : Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploiter ( Metasploit automation ) How to install : git clone githubcom/Cyb0r9/ispygit cd ispy chmod +x setupsh /setupsh Screenshots : Tested On : Parrot OS Kali linux Youtube Channel ( Cyborg ) youtubecom/c/Cyborg_TN Tutorial ( How to us

RDP-Implementation-OF Creating os fingerprint using RDP My main goals: Implement SSL handshake Get the init mcs get minor and major versions detect os was not enough so i parsed ntlmm challange - got minor, major and build add windowsize for more checks local machines tests azure machines tests domain tests Thanks to, docsmicrosoftcom/en-us/openspecs/wi

CVE-2019-0708-EXP(MSF) Vulnerability exploit program for cve-2019-0708

CVE-2019-0708-EXP-MSF- CVE-2019-0708-EXP(MSF) Vulnerability exploit program for cve-2019-0708 要求msf版本在504以上~~~~ mkdir -p /usr/share/metasploit-framework/modules/exploit/windows/rdp/ mkdir -p /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/ mkdir -p /usr/share/metasploit-framework/modules/exploits/windows/rdp/ cp rdprb /usr/share/metasploit-fr

Public work for CVE-2019-0708

CVE-2019-0708 BlueKeep漏洞批量扫描工具和POC，暂时只有蓝屏。

CVE-2019-0708 CVE-2019-0708 BlueKeep漏洞批量扫描工具和POC，暂时只有蓝屏。 0x01 扫描 - windows usage： rdpscanexe ip1-ip2 > \rdpscanexe 19216811-19216812 19216811 - VULNERABLE - CVE-2019-0708 19216812 - SAFE - CredSSP/NLA required rdpscanexe --file iptxt > \rdpscanexe --file iptxt 1921

CVE-2019-0708 (BlueKeep)

CVE-2019-0708 (BlueKeep) Currently, I public only the exploitation note for Windows 7 x64 only See NOTEmd Note: Windows 2008 R2 with default configuration (fDisableCam=1) can be exploited Reliability is same as Windows 7 Update (July 2020) Add info for Windows Server 2008 to NOTEmd Add PoCs for filling target kernel unpaged pool Add script for detecting target info Add Po

Collection of resources related to infosec

Infosec Resources Collection of resources related to infosec All files, articles or anything here were publicly available, and collected for personal use Tools available at github were forked for archiving Please always refer to the original repo when available Tools Vulnerability Scanners Windows Rdpscan - Scanner PoC for CVE-2019-0708 RDP RCE vuln - githubcom/cgo

Bluekeep PoC This repo contains research concerning CVE-2019-0708 Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems: Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 The vulnerability occurs during pre-authorization and has the potential to run arbitrary malicious code in the NT Author

南昊阅卷信息系统自动崩溃器

Dysy-Scoring-Killer 南昊阅卷信息系统自动崩溃器本代码基于CVE-2019-0708,因为原代码库未添加任何协议,因此此存储库无权添加开源协议。运行(Linux) 前提:Python 30+环境,Pip3环境,Git环境 git clone githubcom/Dysyzx/Dysy-Scoring-Killergit cd Dysy-Scoring-Killer chmod +x runsh pip3 install impacket sh runsh 运�

Bluekeep(CVE 2019-0708) exploit released

bluekeep-exploit Bluekeep(CVE 2019-0708) exploit released blograpid7com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ How To use: Simply make folder named rdp (for convenience) in /usr/share/metasploit-framework/modules/exploits/windows/ paste this exploit file(cve_2019_0708_bluekeep_rcerb) in the folder(rdp) and use ur metasploit skills Al

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

CVE-2019-0708 With Metasploit-Framework Exploit

CVE-2019-0708 CVE-2019-0708 with Metasploit-Framework CVE-2019-0708漏洞是通过检查用户的身份认证，导致可以绕过认证，不用任何的交互，直接通过rdp协议进行连接发送恶意代码执行命令到服务器中去。如果被攻击者利用，会导致服务器入侵，中病毒，像WannaCry 永恒之蓝漏洞一样大规模的感染。 2019年9�

Core A2P2V functionality (command line based)

README Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal The aim of the tool is to simplify process so that non-security experts can generate clear, actionable intelligence from basic inputs using as much automation as pos

A flexible scanner

ALLiN English | 简体中文 A comprehensive tool that assists penetration testing projects It is a flexible, compact and efficient scan tool mainly used for lateral penetration of the intranet The format of targets can be written by most of the various forms of link or CIDR and add any ports and paths to it Core developers @Like0x @Christasa @CoColi @MiluOWO Pene

A PowerShell wrapper around Tenable Security Center API

PSTenable A cross-platform PowerShell Module that uses the Tenable Security Center API Overview This is a PowerShell Module that functions as an API wrapper around Tenable Security Center's API version 510 PSTenable works with Windows PowerShell 51 and PowerShell 6 PSTenable automatically handles token refresh for you, specified in Tenable's documentation here

这篇文章将分享Windows远程桌面服务漏洞（CVE-2019-0708），并详细讲解该漏洞及防御措施。作者作为网络安全的小白，分享一些自学基础教程给大家，主要是关于安全工具和实践操作的在线笔记，希望您们喜欢。同时，更希望您能与我一起操作和进步，后续将深入学习网络安全和系统安全知识并分享相关实验。总之，希望该系列文章对博友有所帮助，写文不易，大神们不喜勿喷，谢谢！

CVE-2019-0708-Windows 这篇文章将分享Windows远程桌面服务漏洞（CVE-2019-0708），并详细讲解该漏洞及防御措施。作者作为网络安全的小白，分享一些自学基础教程给大家，主要是关于安全工具和实践操作的在线笔记，希望您们喜欢。同时，更希望您能与我一起操作和进步，后续将深入学习网络�

ispy ispy : Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploiter ( Metasploit automation ) How to install : git clone githubcom/The-Mario/MarioBgit cd ispy chmod +x setupsh /setupsh Screenshots : Disclaimer : usage of ispy for attacking targets without prior mutual consent is illegal ispy is for securit

just for fun

CVE-2019-0708-Learning just for fun Screenshot Reference securingtomorrowmcafeecom/other-blogs/mcafee-labs/rdp-stands-for-really-do-patch-understanding-the-wormable-rdp-vulnerability-cve-2019-0708/ docsmicrosoftcom/en-us/openspecs/windows_protocols/ms-rdpbcgr/18a27ef9-6f9a-4501-b000-94b1fe3c2c10 docsmicrosoftcom/en-us/openspecs/windows_protocols/m

Vulnerability analysis is a critical process in cybersecurity that involves identifying, evaluating, and addressing security weaknesses in systems, networks, and applications.

Vulnerability-Analysis Vulnerability analysis is a critical process in cybersecurity that involves identifying, evaluating, and addressing security weaknesses in systems, networks, and applications CVE-2019-0708-BlueKeep BlueKeep (CVE-) is the name given to an RDP vul in Windows that could potentially allow attacker to remotly execute arbitary code and gain access to a windo

Penetration Testing Insights: RDP, Macro Exploits, and PHP Shell Uploads Author: Mst Awalunnisa Student ID: 242-56-002 Course: CS516: Ethical Hacking University: Daffodil International University Semester: Fall 2024 Date: November 2024 Abstract This project examines three major cyber exploitation techniques: RDP exploitation, malicious macros, and PHP backdoors via file upload

This repo has the comprehensive Cheatsheet that I made during my eJPT exam prep...

Note These are all the notes I took while following the INE course for eJPT certification, I strongly think everything you need to pass the exam is in this 'cheatsheet' Notes by @!abdu11ah, exam passed with 91% score Info about ICCA certification here Also read my blog post about eJPT certification eJPT Cheat Sheet Find IP address of a website: host <url&a

BlueKeep (CVE-2019-0708) Exploit Toolkit Bu toolkit, BlueKeep (CVE-2019-0708) güvenlik açığından etkilenen Windows sistemlerine yönelik çeşitli sömürü ve test araçları içerir İçindekiler Genel Bilgi Desteklenen Sistemler Kurulum Kullanım Proof of Concept (PoC) Denial of Service (DoS) Metasploit ile Söm

A simple Cyber Risk Assessment Template for Cyber Insurance and Risk Management.

Cyber Insurance Risk Assessment: Artemis Gas, Inc Version: 10 Date: April 2025 1 Client Overview Client Name: Artemis Gas, Inc Industry: Oil and Gas Company Size: 500+ employees, ~$50 million annual revenue Headquarters Location: Houston, Texas (example) Critical Assets: SCADA systems, customer databases, proprietary gas pipeline control software (APOLLO system) 2 Execut

Nessus扫描结果-端口及漏洞自动归类脚本

0x00 前言之前写的一个脚本, 近期又用上了, 分享一下如果你有批量扫描IP的工作场景, 那么此脚本对你是很有帮助的工作需求: 经常使用Nessus会发现有时会有漏洞漏扫的情况, 此时需要我们根据扫描出来的服务及端口去确认是否存在未扫描出来的漏洞但Nessus上查看端口太过繁琐, 为了解�

Skills IT Infrastructure Implementation/Management (Windows/Linux Server, IPS, IDS, VPN, Firewall, WAF, NAC, Cisco Router/Switch) Penetration Test(MetaSploit, SolidStep, Application, DDoS, Web, Network) Network Security Traffic Analysis(Wireshark, Snort, ELK, Splunk, Graylog, SOAR, TMS) Programming(Python, Bash, Powershell, C++) AWS(Gamelift, DynamoDB, API Gateway, EC2, LightS

Docker version

Bluekeep scanner (CVE-2019-0708) Esta es una implementación de docker del escaneador creado por zerosum0x0 Todo crédito hacia esta persona, solo subí el contenedor a Dockerhub para su rápido uso Ver su github original en: zerosum0x0/CVE-2019-0708 Uso docker run --rm mdiazcl/scanner-bluekeep <direccion_ip>

PwnWiki 数据库搜索命令行工具；该工具有点像 searchsploit 命令，只是搜索的不是 Exploit Database 而是 PwnWiki 条目

PWSearch PwnWiki 数据库搜索命令行工具。该工具有点像 searchsploit 命令，只是搜索的不是 Exploit Database 而是 PwnWiki 条目。安装您可以直接用 pip 命令从 PyPI 安装 PWSearch： pip3 install -U pwsearch 您也可以 clone 该仓库并直接从源码启动： git clone githubcom/k4yt3x/pwsea

A simple Python script to run a Metasploit module over the hosts in an Nmap scan

MetaMap A simple Python script to run a Metasploit module over the hosts in an Nmap scan Usage usage: metamappy [-h] (--xml-file XML_FILE | --regex-file REGEX_FILE | --target TARGET_IP) [--filter [SUBNET [SUBNET ]]] [--verbose] [--debug] [--module-options MODULE_OPTIONS] output-file module-path Run the IP addresses in a Nmap xml file or

The fastest BlueKeep scanner in the world.

BlueFinder This project is a fast BlueKeep scanner written in Golang It allows you to scan for vulnerable systems affected by the BlueKeep vulnerability (CVE-2019-0708) in Microsoft Windows Remote Desktop Services (RDS) Installation To use the BlueKeep Scanner, ensure that Golang is installed on your system If you haven't installed Golang yet, please refer to the offici

Bluekeep vulnerability remote checker

Description This script checks multiple IP addresses for the BlueKeep vulnerability (CVE-2019-0708), which is a critical Remote Desktop Protocol (RDP) vulnerability found in older versions of Windows operating systems The vulnerability allows attackers to remotely execute code on a target machine without any user interaction, potentially leading to full system compromise Inst

Metasploit module for massive Denial of Service using #Bluekeep vector.

CVE-2019-0708 This module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending DoS packets I just modified the initial metasploit module for this vuln to produce a denial of service attack

All the materials in BlueHat 2019 Seattle will be realeased here.

BlueHat-2019-Seattle All the materials in BlueHat 2019 Seattle will be realeased here Pool Fengshui in Windows RDP Vulnerability Exploitation Abstract: Heap Fengshui is one of the most important techniques in userland vulnerability exploitations under modern mitigations, seemingly Pool Fengshui plays the same role in Windows RDP vulnerability exploitations In this topic, we w

Checker and exploit for Bluekeep CVE-2019-0708 vulnerability

CVE-2019-0708 Exploit With 100% Success Ratio

CVE-2019-0708 CVE-2019-0708 Exploit With 100% Success Ratio Bluekeep Exploit: Unleash the Power of Remote Code Execution The Bluekeep exploit is a powerful tool that leverages a critical vulnerability (CVE-2019-0708) in Microsoft's Remote Desktop Protocol (RDP) to achieve remote code execution on vulnerable Windows systems With a staggering 100% exploit success rate, thi

A Splunk Technology Add-on to forward filtered ETW events.

Splunk-ETW A Splunk Technology Add-on to forward filtered ETW events The main purpose of this plugin is to select, filter and forward ETW events to Splunk Build from source Splunk-ETW is written in C# and powered by cmake: git clone githubcom/airbus-cert/Splunk-ETW mkdir build cd build cmake \Splunk-ETW cmake --build --target package --config release

Scanner CVE-2019-0708

Scanner-CVE-2019-0708 This Scanner BlueKeep CVE-2019-0708 Install and Running #git clone githubcom/JSec1337/Scanner-CVE-2019-0708 cd Scanner-CVE-2019-0708 pip3 install pyasn1 pyasn1_modules cryptography==27 chmod +x scan_bluekeeppy /scan_bluekeeppy 19216817 Or /scan_bluekeeppy 19216811/24 Code Status SAFE - Not Vulnerable VULNERABLE - Vunerable to CVE

Research Regarding CVE-2019-0708.

CVE-2019-0708 aka Bluekeep Scanner A simple scanner to determine system vulnerability to CVE-2019-0708 This is a Python port of the original metasploit module scanner by JaGoTu and zerosum0x0, available on Github here Proof of Concept Proof of concept RCE via exploitation of the Bluekeep vulnerability Related 0xeb-bp Github: bluekeep Pointed out by zerosum0x0, has code for

Python Library for AttackerKB API

AttackerKB API This is a python wrapper around the AttackerKB RESTful API For more details on the API referer to apiattackerkbcom/api-docs/docs Status Installation python3 -m pip install attackerkb-api pip3 install attackerkb-api Usage import json from attackerkb_api import AttackerKB API_KEY = "GET AN API KEY FROM attackerkbcom/" api = Attacke

Some of my publicly available Malware analysis and Reverse engineering.

Malware-analysis-and-Reverse-engineering Some of my publicly available Malware analysis and Reverse engineering (Reports, Tips, Tricks) [Reverse engineering KPOT v20 Stealer] [Debugging MBR - IDA + Bochs Emulator (CTF example)] [TLS decryption in Wireshark] [Ryuk Ransomware - API Resolving and Imports reconstruction] [Formbook Reversing] [Reversing encoded shellcode] [WIND

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exppy -h usage: exppy [-h] [-y {1999,2000,2001,2002,2003,2004,2005,2006,2007,20

CVE-2019-0708 Exploit using Python

CVE-2019-0708 [BlueKeep] Exploit CVE-2019-0708 RCE and Crash Exploit using Python Crash Exploit [Published] Usage: python3 crashexploitpy 127001 64 RCE Exploit [Not Published] Usage: python3 exploitrcepy 127001 payload

POC-CVE-2019-0708

CVE-2019-0708 POC-CVE-2019-0708 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based System

cve-2019-0708 crash poc

POC CVE-2019-0708 with python script!

cve-2019-0708 POC CVE-2019-0708 with python script! Video POC: wwwyoutubecom/watch?v=XVmCtUMELdU

CVE-2019-0708-exp

CVE-2019-0708 Exploit Tool

cve-2019-0708 CVE-2019-0708 Exploit Tool Tool exploit Remote Desktop Service with CVE-2019-0708 Video Demo: wwwyoutubecom/watch?v=SCsJ9Uq3POk

exploit CVE-2019-0708 RDS

RDS_CVE-2019-0708

auto_capture in SRC

Overview 演示自动截图使用的demo 测试使用的poc是360的cve-2019-0708的poc,只是随便找了个现成的感谢360的大佬们 How to use python autopy -f listtxt

rce exploit , made to work with pocsuite3

Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708- rce exploit , made to work with pocsuite3 githubcom/knownsec/pocsuite3 install the pocsuite 3 from above link If you have any issues ,please contact knownsec-404 team Do not open any issues here as this is not mine and I don't take any responsibility And is shared for educational purpose

CVE-2019-0708

bluekeep exploit

rapid7/metasploit-framework#12283 githubcom/TinToSer/bluekeep-exploit cve_2019_0708_bluekeep_rcerb 添加 /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rcerb rdprb 替换 /usr/share/metasploit-framework/lib/msf/core/exploit/rdprb rdp_scannerrb 替换 /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scannerrb

CVE-2019-0708

CVE-2019-0708 C#验证漏洞

CVE-2019-0708-test CVE-2019-0708 C#验证漏洞编程语言：C# 编程软件：Visual Studio 2012 编程环境：Net Framework 45 C# 写的一个验证编号CVE-2019-0708漏洞的软件调用360公司的360Vulcan Team发布的0708detectorexe

CVE-2019-0708

BlueKeep Vulnerability DOS attack exploitation

BlueKeep BlueKeep Vulnerability DOS attack exploitation BlueKeep (CVE-2019–0708) Vulnerability exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows Operating Systems including both 32- and 64-bit versions, as well as all Service Pack versions: • Windows 2000 • Windows Vista • Windows XP • Windows 7 • Windows Server 2003 &b

vulnerabilidad CVE-2019-0708 testing y explotacion

bLuEkEeP-GUI vulnerabilidad CVE-2019-0708 testing y explotacion No me hago responsable del mal uso del software todo es con fines educativos bleukee-GUI sirve tanto para testear máquinas con la vulneravilidad CVE-2019-0708 como se puede de igual manera hakear por eso dejo montado el codigo totalmente funcional pero sin instalador asi como con la demo de la vulnerabili

Как это работает? Сканирование производится с помощью metasploit Сканирование выполняется с целью определения уязвимости хоста к CVE-2019-0708 На основании результатов сканирования строится таблица Как использова�

Microsoft Patch Tuesday – May 2019

Symantec Threat Intelligence Blog • Ratheesh PM • 15 May 2025

This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.

Posted: 15 May, 201924 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – May 2019This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid ha...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 29 Nov 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network: In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it could delive...

The Register • Shaun Nichols in San Francisco • 11 Nov 2019

Admins snoozing on fixes despite reports of active attacks With more hints dropped online on how to exploit BlueKeep, you've patched that Windows RDP flaw, right?

The flurry of alerts in recent weeks of in-the-wild exploitation of the Windows RDP BlueKeep security flaw did little to change the rate at which people patched their machines, it seems. This is according to eggheads at the SANS Institute, who have been tracking the rate of patching for the high-profile vulnerability over the last several months and, via Shodan, monitoring the number of internet-facing machines that have the remote desktop flaw exposed. First disclosed in May of this year, BlueK...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...

APT trends report Q2 2019

Securelist • GReAT • 01 Aug 2019

For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They aim to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focusing on activities tha...

The Register • Shaun Nichols in San Francisco • 24 Jul 2019

Someone just revealed the tricky kernel heap spray part Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

Vital clues on how to exploit the notorious Windows RDP bug, aka CVE-2019-0708 aka BlueKeep, and hijack vulnerable boxes, emerged online this week. The growing number of hints can be used by folks to develop working code that attacks Microsoft's Remote Desktop Services software, on Windows XP through to Server 2008, and gains kernel-level code execution without any authentication or user interaction. You just need to be able to reach a vulnerable RDP server across the network or internet. Such a...

The Register • Shaun Nichols in San Francisco • 28 May 2019

If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time Your specialist subject? The bleedin' obvious... Feds warn of RDP woe

The critical Windows Remote Desktop flaw that emerged this month may have set the stage for the worst malware attack in years. The vulnerability, designated CVE-2019-0708 and dubbed BlueKeep, can be exploited by miscreants to execute malicious code and install malware on vulnerable machines without the need for any user authentication: a hacker simply has to be able to reach the box across the internet or network in order to commandeer it. It is said to be a "wormable" security hole because it i...

The Register • Gareth Corfield • 20 May 2019

Yes, the one with the critical security fixes

Brit security software slinger Sophos has advised its customers to uninstall Microsoft's most recent Patch Tuesday run – the same patches that protect PCs and servers against the latest Intel cockups. In an advisory note published over the weekend, Sophos admitted the latest batch of Windows updates are causing the machines of some people using its AV wares to hang on boot, getting stuck while displaying the line "Configuring 30%". "We have currently only identified the issue on some customers...

The Register • Iain Thomson in San Francisco • 15 May 2019

Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws

Patch Tuesday It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003. Usually support for such aging operating systems costs an arm and a leg, though Redmond has released a freebie because of the serious nature of the critical flaw, assigned CVE-2019-0708, in Remote Desktop Services, or Terminal Services as it was. The vulnerability allows remote code execut...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...

Get Started

CVE-2019-0708

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect