0x00 Download Link
https://free.360totalsecurity.com/CVE-2019-0708/detector_release.zip
0x01 Instruction Manual
Ⅰ. Program description
The 0708detector.exe program released by 360Vulcan Team is a detection program for the Windows Remote Desktop Protocol vulnerability numbered CVE-2019-0708. In principle, the scanner will not cause a Blue Screen of Death on the target system. Anyway, please test it before using.
Currently, the program only supports to scan a single IP. You can construct a batch scanning program by yourself, thank you.
Note:
- Before using, please ensure to scan the target system under legal authorization;
- Before using, please ensure the digital signature of the test program is legal;
- The program may be unsuccessful due to network problems;
- If you have more questions, please contact the email: cert@360.cn
Ⅱ. Usages
Open the "Run" Program and input "cmd.exe", then press "enter" to run
Jump to the directory where the program is located, for example, to the "detector" directory in the C drive
c:>cd c:\detector\
- In the cmd.exe window, input the parameters of the program.
c:\detector>0708detector.exe -t 192.168.91.138 (target IP to be tested) -p 3389 (target port, usually 3389)
a) If the target has the vulnerability
CVE-2019-0708 Remote Detection tool by 360Vulcan Team
[+] Connecting to RDP server.
[+] Socket : could not find a selected socket
[+] Establish connection with RDP server successful.
[+] Start 2nd stage detection.
[+] Connecting to RDP server.
[+] Establish connection with RDP server successful.
[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[!] !!!!!!WARNING: SERVER IS VULNERABLE!!!!!!!
[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
b) If the target system has NLA turned on
CVE-2019-0708 Remote Detection tool by 360Vulcan Team
[+] Connecting to RDP server.
[!] Socket : recv error with -1 return
[!] Recv server TPDU req Failed
[*] Detect NLA enable! Server likely NOT vulnerable
c) If the target system has been patched
CVE-2019-0708 Remote Detection tool by 360Vulcan Team
[+] Connecting to RDP server.
[+] Establish connection with RDP server successful.
[+] Start 2nd stage detection.
[+] Connecting to RDP server.
[+] Establish connection with RDP server successful.
[*] Server likely NOT vulnerable
Ⅲ. Some suggestions to repair
- Users can download the 360 Remote Desktop Services vulnerability immunization tool to fix vulnerabilities and protect your system security and data security from http://dl.360safe.com/leakfixer/360SysVulTerminator_CVE-2019-0708.exe
- Please Download the security patch to fix vulnerabilities and protect the system by yourself.
Ⅳ. Check code of the program
MD5: febc027cee2782dba25b628ce3a893d6 *0708detector.exe
SHA256: ccea8afec177d15d78329770b29f361b876addaa19eb93cabfaf90b896e03827 *0708detector.exe