1.1. Vulnerability Information Microsoft Security Bulletins MS12-020 Remote Desktop vulnerabilities may allow remote executionCode Official Microsoft release date: December 1, March 13, 2012 Attackers exploit MS12-020 vulnerability The affected system sends a series of specially crafted RDP data packets, which may cause a blue screen of the attacked system, restart or arbitrary generation. Code execution. For more information about vulnerabilities, see the following link: Http://technet.microsoft.com/zh-cn/security/bulletin/MS12-020 1. Tools and scripts required for testing Attacks: Ruby186-26.exe : Http://rubyforge.org/frs/download.php/29263/ruby186-26.exe Note: To use Linux or other systems for demonstration, download the appropriate installation package on the ruby Official Website:
Http://www.ruby-lang.org/zh_cn/downloads/ 52353. RB script Http://www.securityfocus.com/data/vulnerabilities/exploits/52353.rb Note: renaming after download does not affect usage.
1. Enable the Remote Desktop Access Function (use the default port 2003) on the Windows 3389 vulnerability website server system without kb2621440 installed ). 2. install the ruby runtime environment on the test host and download the ruby186-26.exe to install it directly. download the ruby script 52363.rb to the test host, for example, E: \ yangtao \ setool \ 52363. rb4. open a cmd window on the test host, change the directory to the directory where ruby.exe is located, and run the following command: ruby.exe X: \ XXX \ 52353.rb a. B .c.d command Description: ruby.exe runs the script. Program X: \ XXX \ 52353.rb is the complete path of the Attack Script. a. B .c.d is the IP address of the attacked server. For example, after running the ruby E: \ 52353.rb 192.168.1.100 script, you can see the blue screen of the server caused by rdpwd. sys.