Microsoft credential security support provider remote code execution Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-04-13 |
Type : remote |
Platform : windows
[+] Code ...
# credssp
This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only.
It relies on a fork of the rdpy project(https://github.com/preempt/rdpy), allowing also credssp relay.
Written by Eyal Karni, Preempt
ekarni@preempt.com
# Build
## Instructions (Linux)
If you are using Ubuntu 14 , check the install file..
It was tested on Ubuntu 16.04.
```
$ git clone https://github.com/preempt/rdpy.git rdpy
$ git clone https://github.com/preempt/credssp.git
$ cd credssp/install
$ sh install.sh
$ cd ../../rdpy
$ sudo python setup.py install
```
* It assumes a pretty clean inital state. Best to uninstall first relevant compontants such as cryptography,pyopenssl maybe (pip uninstall cryptography).
* A different version of openssl needed to be installed for this to run successfully. The install script does that.
* Please follow the instructions in the described order.
# Running the exploit
Export a certificate suitable for Server Authentication from any domain.
To generate a suitable certificate for the command to execute :