CVE-2019-0708: Windows RDP Remote Vulnerability Non-destructive Testing Tool Download
2019-05-22 14:07

https://free.360totalsecurity.com/CVE-2019-0708/detector_release.zip

0x01 Instruction Manual

Ⅰ. Program description

The 0708detector.exe program released by 360Vulcan Team is a detection program for the Windows Remote Desktop Protocol vulnerability numbered CVE-2019-0708. In principle, the scanner will not cause a Blue Screen of Death on the target system. Anyway, please test it before using.

Currently, the program only supports to scan a single IP. You can construct a batch scanning program by yourself, thank you.

Note:

  1. Before using, please ensure to scan the target system under legal authorization;
  2. Before using, please ensure the digital signature of the test program is legal;
  3. The program may be unsuccessful due to network problems;
  4. If you have more questions, please contact the email: cert@360.cn

Ⅱ. Usages

  1. Open the "Run" Program and input "cmd.exe", then press "enter" to run

  2. Jump to the directory where the program is located, for example, to the "detector" directory in the C drive

c:>cd c:\detector\

  1. In the cmd.exe window, input the parameters of the program.

c:\detector>0708detector.exe -t 192.168.91.138 (target IP to be tested) -p 3389 (target port, usually 3389)

a) If the target has the vulnerability

CVE-2019-0708 Remote Detection tool by 360Vulcan Team

[+] Connecting to RDP server.

[+] Socket : could not find a selected socket

[+] Establish connection with RDP server successful.

[+] Start 2nd stage detection.

[+] Connecting to RDP server.

[+] Establish connection with RDP server successful.

[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[!] !!!!!!WARNING: SERVER IS VULNERABLE!!!!!!!

[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

b) If the target system has NLA turned on

CVE-2019-0708 Remote Detection tool by 360Vulcan Team

[+] Connecting to RDP server.

[!] Socket : recv error with -1 return

[!] Recv server TPDU req Failed

[*] Detect NLA enable! Server likely NOT vulnerable

c) If the target system has been patched

CVE-2019-0708 Remote Detection tool by 360Vulcan Team

[+] Connecting to RDP server.

[+] Establish connection with RDP server successful.

[+] Start 2nd stage detection.

[+] Connecting to RDP server.

[+] Establish connection with RDP server successful.

[*] Server likely NOT vulnerable

Ⅲ. Some suggestions to repair

  1. Users can download the 360 ​​Remote Desktop Services vulnerability immunization tool to fix vulnerabilities and protect your system security and data security from http://dl.360safe.com/leakfixer/360SysVulTerminator_CVE-2019-0708.exe
  2. Please Download the security patch to fix vulnerabilities and protect the system by yourself.

Ⅳ. Check code of the program

MD5: febc027cee2782dba25b628ce3a893d6 *0708detector.exe

SHA256: ccea8afec177d15d78329770b29f361b876addaa19eb93cabfaf90b896e03827 *0708detector.exe