nomisec
WORKING POC
1,187 stars
by Ekultek · dos
https://github.com/Ekultek/BlueKeep
This repository contains a proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a remote code execution vulnerability in Windows RDP services. The PoC demonstrates memory corruption via crafted packets targeting the Channel ID, potentially leading to RCE with SYSTEM privileges.
Classification
Working Poc 95%
Target:
Windows RDP (Windows 2003, XP, Vista, 7, Server 2008, Server 2008 R2)
No auth needed
Prerequisites:
Network access to target RDP port (default 3389) · Vulnerable Windows system
nomisec
SCANNER
914 stars
by robertdavidgraham · poc
https://github.com/robertdavidgraham/rdpscan
This repository contains a scanner tool for detecting the CVE-2019-0708 (BlueKeep) vulnerability in Microsoft Remote Desktop. It is based on the rdesktop patch and is designed to scan networks for vulnerable systems.
Classification
Scanner 100%
Target:
Microsoft Remote Desktop (RDP) on Windows systems
No auth needed
Prerequisites:
Network access to target systems · RDP service running on target systems
nomisec
WORKING POC
497 stars
by n1xbyte · poc
https://github.com/n1xbyte/CVE-2019-0708
This repository contains a proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS) affecting older Windows systems. The exploit demonstrates a crash PoC by sending malformed RDP packets to trigger the vulnerability.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008
No auth needed
Prerequisites:
Network access to the target system's RDP port (3389) · Target system must be vulnerable (unpatched)
nomisec
WORKING POC
389 stars
by k8gege · remote
https://github.com/k8gege/CVE-2019-0708
This repository contains a working proof-of-concept exploit for CVE-2019-0708, a critical RCE vulnerability in Microsoft Remote Desktop Services (RDP). The exploit sends a maliciously crafted RDP packet to trigger the vulnerability on unpatched Windows 2003 and Windows 2008 systems.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 2003 and Windows 2008
No auth needed
Prerequisites:
Target system must be running an unpatched version of Windows 2003 or Windows 2008 with RDP (port 3389) exposed
nomisec
WORKING POC
346 stars
by algo7 · remote
https://github.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit
This repository contains a proof-of-concept for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The code includes a DoS script and a PoC script that attempts to exploit the vulnerability by crafting malicious RDP packets.
Classification
Working Poc 80%
Target:
Microsoft Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to the target system · RDP service exposed on the target system
nomisec
STUB
321 stars
by cbwang505 · poc
https://github.com/cbwang505/CVE-2019-0708-EXP-Windows
The repository appears to be a partial or incomplete clone of FreeRDP with no actual exploit code for CVE-2019-0708. The files listed are build artifacts and source files unrelated to the vulnerability.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
None identified
nomisec
WORKING POC
291 stars
by 0xeb-bp · remote
https://github.com/0xeb-bp/bluekeep
This repository contains a functional proof-of-concept exploit for CVE-2019-0708 (BlueKeep), targeting Windows 7 32-bit systems. The exploit includes kernel shellcode for privilege escalation and a Python script to trigger the vulnerability via RDP.
Classification
Working Poc 95%
Target:
Microsoft Windows 7 32-bit (RDP Service)
No auth needed
Prerequisites:
Network access to target RDP service · Target must be vulnerable to CVE-2019-0708
nomisec
SCANNER
243 stars
by Cyb0r9 · poc
https://github.com/Cyb0r9/ispy
This repository contains a scanner for CVE-2019-0708 (BlueKeep) and EternalBlue (MS17-010). It includes Python scripts to detect vulnerabilities in RDP services and SMB protocols, respectively. The code is designed for security testing purposes and automates Metasploit modules.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) and SMB
No auth needed
Prerequisites:
Network access to target systems · Python environment with required libraries
nomisec
WORKING POC
147 stars
by RICSecLab · remote
https://github.com/RICSecLab/CVE-2019-0708
This repository contains a Python-based exploit for CVE-2019-0708 (BlueKeep), a pre-authentication RCE vulnerability in Windows Remote Desktop Services. The exploit leverages a use-after-free in termdd.sys via crafted RDP messages to achieve arbitrary code execution with kernel privileges.
Classification
Working Poc 95%
Target:
Windows 7 SP1 (6.1.7601) x64, Remote Desktop Services
No auth needed
Prerequisites:
Python 3 · PyRDP library · Network access to target RDP service
nomisec
WORKING POC
127 stars
by Leoid · poc
https://github.com/Leoid/CVE-2019-0708
This is a Python-based proof-of-concept exploit for CVE-2019-0708, a pre-authentication RCE vulnerability in Remote Desktop Services (RDP) affecting Windows Server 2008 R2. The script implements the RDP connection sequence and crafts malicious packets to trigger the vulnerability.
Classification
Working Poc 90%
Target:
Windows Server 2008 R2 (Remote Desktop Services)
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Target system must be vulnerable (unpatched Windows Server 2008 R2)
nomisec
WORKING POC
122 stars
by dorkerdevil · remote
https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-
This is a PoC exploit for CVE-2019-0708, a pre-authentication RCE vulnerability in Remote Desktop Services (RDP). The script uses the pocsuite3 framework to craft malicious RDP packets targeting vulnerable Windows systems.
Classification
Working Poc 90%
Target:
Windows RDP (win7, win2k8, win2k8 r2, win2k3, winxp)
No auth needed
Prerequisites:
Network access to target RDP service · Vulnerable Windows system
nomisec
STUB
120 stars
by p0p0p0 · poc
https://github.com/p0p0p0/CVE-2019-0708-exploit
The repository contains only a placeholder Python file with no functional exploit code, merely referencing CVE-2019-0708 (BlueKeep) without implementation.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
None
nomisec
WORKING POC
111 stars
by worawit · dos
https://github.com/worawit/CVE-2019-0708
This repository contains a functional proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Remote Desktop Services. It includes multiple PoC scripts for code execution and kernel pool manipulation on Windows 7 and Server 2008 R2.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2
No auth needed
Prerequisites:
Network access to target RDP service · Target system must be vulnerable (unpatched)
nomisec
SCANNER
82 stars
by biggerwing · poc
https://github.com/biggerwing/CVE-2019-0708-poc
This repository contains a Python script that uses a precompiled binary (0708detector.exe) to scan multiple targets for CVE-2019-0708 (BlueKeep RCE vulnerability in RDP). It reads IP addresses from a file and checks for vulnerability using a threaded approach.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and earlier unsupported versions
No auth needed
Prerequisites:
List of target IP addresses in a file named '3389_hosts' · Precompiled binary '0708detector.exe'
nomisec
WORKING POC
75 stars
by coolboy4me · poc
https://github.com/coolboy4me/cve-2019-0708_bluekeep_rce
This repository contains a working exploit for CVE-2019-0708 (BlueKeep), a remote code execution vulnerability in Microsoft Remote Desktop Services. The exploit uses heap spraying and a modified rdesktop client to achieve RCE on vulnerable Windows XP and Windows Server 2003 systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (Windows XP, Windows Server 2003)
No auth needed
Prerequisites:
Vulnerable Windows XP or Windows Server 2003 system with RDP enabled · Target system with at least 2GB of memory · Network access to the target system
nomisec
WRITEUP
47 stars
by hook-s3c · poc
https://github.com/hook-s3c/CVE-2019-0708-poc
The repository contains only a README.md file with no exploit code, referencing CVE-2019-0708 (BlueKeep) but providing no technical details or PoC. It includes a YouTube link, likely a rickroll.
Classification
Writeup 90%
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
SCANNER
40 stars
by umarfarook882 · remote
https://github.com/umarfarook882/CVE-2019-0708
This repository contains a Python-based scanner for CVE-2019-0708 (BlueKeep), which targets a vulnerability in Microsoft Windows RDP kernel driver (termdd.sys). The scanner checks for vulnerability by sending crafted RDP packets but does not include an actual exploit.
Classification
Scanner 90%
Target:
Microsoft Windows RDP (termdd.sys)
No auth needed
Prerequisites:
Network access to target RDP service · Target system must be vulnerable to CVE-2019-0708
nomisec
WRITEUP
39 stars
by syriusbughunt · poc
https://github.com/syriusbughunt/CVE-2019-0708
This repository provides a detailed writeup on CVE-2019-0708, a critical RCE vulnerability in Microsoft RDP services affecting older Windows versions. It includes technical analysis, impact assessment, and mitigation guidance but does not contain functional exploit code.
Classification
Writeup 90%
Target:
Microsoft Windows RDP (Windows XP, Windows 7, Windows Server 2003, Windows Server 2008)
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Target running unpatched Windows version
nomisec
WRITEUP
31 stars
by rockmelodies · poc
https://github.com/rockmelodies/CVE-2019-0708-Exploit
This repository contains a README file describing the use of CVE-2019-0708 for local privilege escalation on Windows 10 systems. No exploit code is present, only a brief description and an image link.
Classification
Writeup 90%
Target:
Windows 10 (unspecified versions)
Auth required
Prerequisites:
Local access to a vulnerable Windows 10 system
nomisec
WORKING POC
30 stars
by Jaky5155 · poc
https://github.com/Jaky5155/cve-2019-0708-exp
This repository contains a proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS). The exploit targets Windows XP and Windows 7 systems by crafting malicious RDP packets to trigger the vulnerability.
Classification
Working Poc 90%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows XP and Windows 7
No auth needed
Prerequisites:
Network access to the target system's RDP port (3389) · Vulnerable version of Windows (XP or 7) with RDS enabled
nomisec
SCANNER
27 stars
by HynekPetrak · remote
https://github.com/HynekPetrak/detect_bluekeep.py
This repository contains a Python script to detect the BlueKeep vulnerability (CVE-2019-0708) in RDP services. It checks for vulnerability status by sending crafted RDP packets and analyzing responses, supporting both standard RDP security and TLS/SSL.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Python 3 with pyasn1 and cryptography modules
nomisec
WORKING POC
25 stars
by mekhalleh · dos
https://github.com/mekhalleh/cve-2019-0708
This is a Metasploit auxiliary module for CVE-2019-0708 (BlueKeep) that performs a denial-of-service attack by binding the MS_T120 channel outside its normal slot and sending malformed packets. It includes checks for vulnerability and exploits unpatched RDP services.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target RDP service · Target system unpatched for CVE-2019-0708
nomisec
WORKING POC
19 stars
by jiansiting · poc
https://github.com/jiansiting/CVE-2019-0708
This repository contains a proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The code includes packet structures and sequences to trigger the vulnerability, potentially leading to remote code execution on unpatched systems.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to target RDP service · Unpatched Windows system (pre-May 2019 updates)
nomisec
WORKING POC
19 stars
by blacksunwen · remote
https://github.com/blacksunwen/CVE-2019-0708
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708, a pre-authentication RCE vulnerability in Remote Desktop Services (RDP). The exploit leverages crafted RDP protocol packets to achieve arbitrary code execution on vulnerable Windows systems.
Classification
Working Poc 90%
Target:
Windows Server 2008 R2 (Remote Desktop Services)
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Vulnerable RDP service (unpatched Windows Server 2008 R2)
nomisec
SCANNER
18 stars
by fourtwizzy · poc
https://github.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status
This PowerShell script checks for the presence of CVE-2019-0708 (BlueKeep) by querying the version of termdd.sys on target systems. It does not exploit the vulnerability but scans for unpatched systems.
Classification
Scanner 95%
Target:
Microsoft Windows (Vista, 7, 2008, 2008 R2)
Auth required
Prerequisites:
Access to target systems via WMI · Valid credentials if scanning remote systems
nomisec
STUB
18 stars
by cve-2019-0708-poc · poc
https://github.com/cve-2019-0708-poc/cve-2019-0708
The repository contains only a README file with a brief description of CVE-2019-0708 and a link to a video demo. No actual exploit code or technical details are provided.
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Vulnerable Windows system with RDS enabled
nomisec
SCANNER
17 stars
by gobysec · poc
https://github.com/gobysec/CVE-2019-0708
This repository provides instructions for using Goby, a network security tool, to scan for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Remote Desktop Services. It includes screenshots and setup steps but no actual exploit code.
Classification
Scanner 90%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Goby installed · npcap installed · Network access to target systems on port 3389
nomisec
WORKING POC
17 stars
by at0mik · remote
https://github.com/at0mik/CVE-2019-0708-PoC
This repository contains a semi-functional exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Windows RDP. The PoC includes Python scripts to establish an RDP connection, perform heap spraying, and trigger the buffer overflow, though it lacks a complete payload for full exploitation.
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Vulnerable Windows system (unpatched for CVE-2019-0708)
nomisec
WRITEUP
14 stars
by cvencoder · poc
https://github.com/cvencoder/cve-2019-0708
This repository contains only a README file referencing CVE-2019-0708 (BlueKeep) with a link to a video PoC. No actual exploit code or technical details are provided.
Classification
Writeup 30%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Network access to vulnerable RDS service · Target system unpatched for CVE-2019-0708
nomisec
SCANNER
13 stars
by Pa55w0rd · poc
https://github.com/Pa55w0rd/CVE-2019-0708
This repository contains a Python script that uses 360's RDP vulnerability scanner to batch-check systems for CVE-2019-0708 (BlueKeep). It performs port scanning and vulnerability detection via multithreading.
Classification
Scanner 90%
Target:
Windows RDP (Remote Desktop Protocol)
No auth needed
Prerequisites:
Network access to target systems · 360's 0708detector.exe scanner
nomisec
WRITEUP
13 stars
by SherlockSec · poc
https://github.com/SherlockSec/CVE-2019-0708
This repository contains a README file describing CVE-2019-0708, a critical RDP vulnerability in Windows 7, but lacks actual exploit code. It includes screenshots and a brief explanation.
Classification
Writeup 90%
Target:
Windows 7 RDP
No auth needed
Prerequisites:
Network access to vulnerable RDP service
nomisec
SCANNER
13 stars
by closethe · poc
https://github.com/closethe/CVE-2019-0708-POC
This repository contains a proof-of-concept scanner for CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services. The code establishes a connection to an RDP server and checks for vulnerability by sending specific packets.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to the target RDP server
nomisec
STUB
12 stars
by ze0r · poc
https://github.com/ze0r/CVE-2019-0708-exp
The repository contains only a README.md file with minimal content, lacking any exploit code or technical details for CVE-2019-0708. It appears to be a placeholder or incomplete submission.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
WORKING POC
12 stars
by wqsemc · poc
https://github.com/wqsemc/CVE-2019-0708
This repository contains a Metasploit module for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft RDP. The exploit leverages a use-after-free in the termdd.sys driver via malformed Disconnect Provider Indication messages to achieve arbitrary code execution on vulnerable Windows systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 2000, XP, 2003, 7, and 2008 R2
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Metasploit Framework
nomisec
WORKING POC
12 stars
by skyshell20082008 · dos
https://github.com/skyshell20082008/CVE-2019-0708-PoC-Hitting-Path
This PoC exploits CVE-2019-0708 (BlueKeep) by sending maliciously crafted RDP packets to trigger a vulnerability in the Remote Desktop Protocol (RDP) service. It includes functions for encryption, hashing, and packet manipulation to hit the vulnerable path.
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (Remote Desktop Protocol) service
No auth needed
Prerequisites:
Network access to target RDP service · Target system must be vulnerable to CVE-2019-0708
nomisec
WORKING POC
12 stars
by RickGeex · remote
https://github.com/RickGeex/msf-module-CVE-2019-0708
This is a Metasploit module for CVE-2019-0708 (BlueKeep), a remote code execution vulnerability in Windows RDP. It exploits a use-after-free in the termdd.sys driver via malformed Disconnect Provider Indication messages and includes grooming techniques for reliable exploitation.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (Windows 7 SP1 / 2008 R2)
No auth needed
Prerequisites:
Target must be vulnerable to CVE-2019-0708 · RDP service accessible · Specific registry key settings for some targets
nomisec
WORKING POC
12 stars
by qing-root · remote
https://github.com/qing-root/CVE-2019-0708-EXP-MSF-
This repository contains a Metasploit module for CVE-2019-0708 (BlueKeep), which includes both a scanner to detect vulnerable RDP services and an exploit to trigger a denial-of-service (DoS) or potential RCE. The code is designed to integrate with Metasploit Framework 5.0.4+.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (Remote Desktop Protocol) service
No auth needed
Prerequisites:
Metasploit Framework 5.0.4+ · Network access to target RDP service
nomisec
WORKING POC
11 stars
by n0auth · poc
https://github.com/n0auth/CVE-2019-0708
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Microsoft Remote Desktop Services (RDP). The exploit sends a maliciously crafted RDP packet to trigger the vulnerability, potentially leading to arbitrary code execution on vulnerable systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 2003, Windows 2008, Windows 7, and Windows Server 2008 R2
No auth needed
Prerequisites:
Network access to the target system's RDP port (3389) · Target system must be vulnerable to CVE-2019-0708
nomisec
SCANNER
9 stars
by anquanscan · poc
https://github.com/anquanscan/CVE-2019-0708
This repository contains a Python script that scans for open RDP ports (3389) and attempts to exploit CVE-2019-0708 (BlueKeep) using Metasploit's auxiliary module. It does not contain a direct exploit but relies on external tools like Nmap and Metasploit.
Classification
Scanner 90%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Nmap installed · Metasploit Framework installed · Root privileges
nomisec
STUB
7 stars
by thugcrowd · poc
https://github.com/thugcrowd/CVE-2019-0708
The repository contains only a README.md file with no exploit code or technical details. It appears to be a placeholder or joke entry referencing CVE-2019-0708 (BlueKeep RDP vulnerability).
Target:
Microsoft Windows RDP (CVE-2019-0708)
No auth needed
nomisec
SCANNER
7 stars
by SugiB3o · poc
https://github.com/SugiB3o/Check-vuln-CVE-2019-0708
This repository contains a scanner for CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Windows Remote Desktop Services. It includes a forked version of rdesktop to detect vulnerable hosts without causing a denial-of-service.
Classification
Scanner 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to the target's RDP port (3389)
github
SUSPICIOUS
6 stars
by Y5neKO · pythonpoc
https://github.com/Y5neKO/ExpAndPoc_Collection/tree/main/CVE-2019-0708
The repository contains a README that references a 360 public vulnerability detection tool but lacks actual exploit code or technical details. It appears to be a placeholder or lure for external content.
Classification
Suspicious 90%
Target:
unknown
No auth needed
nomisec
STUB
6 stars
by NullByteSuiteDevs · poc
https://github.com/NullByteSuiteDevs/CVE-2019-0708
The repository claims to be a PoC for CVE-2019-0708 (BlueKeep) but contains no functional exploit code. The PoC.py file is a placeholder with no actual exploit logic.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
SCANNER
6 stars
by major203 · poc
https://github.com/major203/cve-2019-0708-scan
This repository contains a scanner for CVE-2019-0708 (BlueKeep), which checks for vulnerable RDP services. It includes scripts to generate IP lists and scan them using an external detector tool, storing results in a MySQL database.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
External detector tool '0708detector.exe' · MySQL database setup · Python 2.7 environment
nomisec
WRITEUP
6 stars
by infiniti-team · poc
https://github.com/infiniti-team/CVE-2019-0708
This repository contains only a README file with screenshots and attribution to Infiniti Team - VinCSS, but no actual exploit code or technical details for CVE-2019-0708 (BlueKeep).
Classification
Writeup 90%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
none
nomisec
WORKING POC
5 stars
by eastmountyxz · dos
https://github.com/eastmountyxz/CVE-2019-0708-Windows
This repository contains a working proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Windows Remote Desktop Services. It includes Python scripts for crashing the target system and Metasploit modules for achieving remote code execution via a reverse shell.
Classification
Working Poc 95%
Target:
Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to the target's RDP port (3389) · Vulnerable version of Windows RDS
nomisec
SCANNER
5 stars
by ht0Ruial · poc
https://github.com/ht0Ruial/CVE-2019-0708Poc-BatchScanning
This repository provides a batch scanning tool for CVE-2019-0708 (BlueKeep) based on 360's detector. It allows single or batch detection of vulnerable systems via RDP (port 3389) and outputs results to a file.
Classification
Scanner 90%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target systems · List of target IPs with open RDP (port 3389)
nomisec
SCANNER
5 stars
by blockchainguard · poc
https://github.com/blockchainguard/CVE-2019-0708
This is a Metasploit auxiliary module designed to scan for the CVE-2019-0708 vulnerability in Microsoft Remote Desktop Services. It checks for the presence of the vulnerability without triggering a denial-of-service condition.
Classification
Scanner 90%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to the target RDP service (port 3389)
nomisec
SCANNER
4 stars
by Ravaan21 · poc
https://github.com/Ravaan21/Bluekeep-Hunter
This repository provides a bash script that automates the use of Metasploit's scanner module for CVE-2019-0708 (BlueKeep) to check for vulnerable RDP services. It processes a list of target IPs and runs the Metasploit module against each one.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Metasploit Framework installed · List of target IPs in a text file
nomisec
WORKING POC
4 stars
by FrostsaberX · remote
https://github.com/FrostsaberX/CVE-2019-0708
This is a Metasploit module for CVE-2019-0708 (BlueKeep), which checks for the vulnerability in Microsoft Remote Desktop Services by binding the MS_T120 channel outside its normal slot and sending non-DoS packets. It can also trigger a denial-of-service condition.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to the target RDP service · Target system must be unpatched and not require NLA (CredSSP)
nomisec
SCANNER
4 stars
by pry0cc · poc
https://github.com/pry0cc/BlueKeepTracker
This Ruby script monitors GitHub for repositories related to CVE-2019-0708 (BlueKeep) and tweets updates about new or modified repositories. It does not contain exploit code but tracks public PoCs.
Classification
Scanner 100%
Target:
GitHub API, Twitter API
Auth required
Prerequisites:
GitHub API access · Twitter API credentials
nomisec
SCANNER
4 stars
by turingcompl33t · poc
https://github.com/turingcompl33t/bluekeep
This repository contains a Python-based scanner for detecting CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Windows RDP. It includes a port of the Metasploit scanner module and references related research but does not include a full exploit PoC.
Classification
Scanner 95%
Target:
Windows RDP (Windows 7, Windows Server 2008/R2, Windows Server 2003, Windows XP)
No auth needed
Prerequisites:
Network access to target RDP port (3389)
nomisec
SCANNER
3 stars
by andripwn · remote
https://github.com/andripwn/CVE-2019-0708
This repository contains a scanner for CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of rdesktop and is designed to detect vulnerable hosts without causing a denial-of-service.
Classification
Scanner 95%
Target:
Microsoft Windows Remote Desktop Services
No auth needed
Prerequisites:
Network access to the target system · RDP port (3389) open and accessible
nomisec
STUB
3 stars
by areusecure · poc
https://github.com/areusecure/CVE-2019-0708
The repository contains only a README.md file with a placeholder message indicating a future PoC for CVE-2019-0708. No actual exploit code or technical details are provided.
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
nomisec
SCANNER
3 stars
by victor0013 · infoleak
https://github.com/victor0013/CVE-2019-0708
This repository contains a scanner for CVE-2019-0708, a Microsoft Windows Remote Desktop Services Remote Code Execution vulnerability. It includes a fork of rdesktop to detect vulnerable hosts and a Metasploit module for scanning purposes.
Classification
Scanner 90%
Target:
Microsoft Windows Remote Desktop Services
No auth needed
Prerequisites:
Network access to the target system · RDP port (3389) open and accessible
nomisec
STUB
3 stars
by pry0cc · poc
https://github.com/pry0cc/cve-2019-0708-2
The repository contains only a placeholder README and an empty exploit.py file with no functional exploit code. It appears to be a stub or test repository.
Target:
N/A
No auth needed
nomisec
SCANNER
3 stars
by Rostelecom-CERT · poc
https://github.com/Rostelecom-CERT/bluekeepscan
This repository provides a multithreaded scanner for detecting CVE-2019-0708 (BlueKeep) vulnerabilities in RDP services. It wraps the original PoC by zerosum0x0 to check large networks efficiently.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
List of target IPs with open 3389/tcp ports · Compiled rdesktop binary from zerosum0x0's CVE-2019-0708 repository
nomisec
WORKING POC
2 stars
by smallFunction · poc
https://github.com/smallFunction/CVE-2019-0708-POC
This repository contains a proof-of-concept exploit for CVE-2019-0708, also known as 'BlueKeep'. The exploit targets a vulnerability in the Remote Desktop Protocol (RDP) service on Windows systems, allowing for remote code execution without authentication.
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (Remote Desktop Protocol) service
No auth needed
Prerequisites:
Target system must be running a vulnerable version of Windows with RDP enabled · Network access to the target system
nomisec
WORKING POC
2 stars
by infenet · poc
https://github.com/infenet/CVE-2019-0708
This is a proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Windows Remote Desktop Services. The PoC contains shellcode designed to execute a reverse shell, targeting x86 Windows systems.
Classification
Working Poc 95%
Target:
Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and earlier unsupported versions
No auth needed
Prerequisites:
Network access to target system with RDS enabled · Target system must be vulnerable (unpatched)
nomisec
STUB
2 stars
by ShadowBrokers-ExploitLeak · poc
https://github.com/ShadowBrokers-ExploitLeak/CVE-2019-0708
The provided code is a minimal stub that does not demonstrate exploitation of CVE-2019-0708 (BlueKeep). It only sets CPU affinity and loops before spawning a shell, lacking any RDP protocol interaction or vulnerability triggering logic.
Target:
Microsoft Windows RDP (CVE-2019-0708)
No auth needed
Prerequisites:
None demonstrated in code
nomisec
WORKING POC
2 stars
by skommando · remote
https://github.com/skommando/CVE-2019-0708
This repository contains a proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Remote Desktop Services. The PoC triggers a blue screen (DoS) by sending malformed RDP packets to vulnerable systems.
Classification
Working Poc 90%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Vulnerable RDP service without CredSSP/NLA
nomisec
SCANNER
2 stars
by haishanzheng · poc
https://github.com/haishanzheng/CVE-2019-0708-generate-hosts
This repository contains Python scripts to scan CIDR ranges for hosts with open RDP (3389) ports using nmap, generating a list of potential targets for CVE-2019-0708 testing. It does not include exploit code but aids in target discovery.
Classification
Scanner 100%
Target:
Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
nmap installed · CIDR ranges provided in '3389_cidrs' file
nomisec
TROJAN
2 stars
by ttsite · poc
https://github.com/ttsite/CVE-2019-0708-
The repository is a scam and does not contain any exploit code for CVE-2019-0708. It is designed to deceive users with false information and contact details.
Classification
Trojan 100%
Target:
none
No auth needed
nomisec
SCANNER
2 stars
by edvacco · poc
https://github.com/edvacco/CVE-2019-0708-POC
This repository contains a Python script that scans multiple targets for CVE-2019-0708 (BlueKeep) vulnerability by invoking an external executable '0708detector.exe'. It uses multithreading to check IP:port pairs listed in 'ip.txt' for vulnerability status.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
List of target IPs and ports in 'ip.txt' · External executable '0708detector.exe'
nomisec
WORKING POC
1 stars
by ulisesrc · remote
https://github.com/ulisesrc/-2-CVE-2019-0708
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RDP vulnerability in Windows. The exploit leverages a use-after-free bug to achieve remote code execution, though it is noted to be unstable (~75% reliability).
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Vulnerable Windows system (unpatched for CVE-2019-0708)
nomisec
SCANNER
1 stars
by DeathStroke-source · poc
https://github.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit
This repository contains a Python script designed to scan multiple IPs for vulnerability to CVE-2019-0708 (BlueKeep RDP RCE). It uses the rdesktop binary to check for vulnerability status and outputs results to a file if specified.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
rdesktop binary · list of target IPs
nomisec
WORKING POC
1 stars
by nochemax · poc
https://github.com/nochemax/bLuEkEeP-GUI
This repository contains a functional GUI-based exploit for CVE-2019-0708 (BlueKeep), targeting vulnerable RDP services on Windows systems. It includes both a scanner and an exploit module, leveraging Metasploit for verification and a custom PoC for exploitation.
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (Windows 7, Server 2008, etc.)
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Vulnerable Windows system (pre-patch)
nomisec
STUB
1 stars
by Barry-McCockiner · poc
https://github.com/Barry-McCockiner/CVE-2019-0708
The provided code is a minimal stub that attempts to exploit CVE-2019-0708 (BlueKeep) but lacks the necessary RDP protocol handling or exploit logic. It only sets CPU affinity and loops before spawning a shell, which is insufficient for a working PoC.
Target:
Microsoft Windows Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Target system must be unpatched and exposed
nomisec
WRITEUP
1 stars
by ttsite · poc
https://github.com/ttsite/CVE-2019-0708
This repository is a warning about fraudulent websites and individuals exploiting the CVE-2019-0708 vulnerability to scam users out of Bitcoin. It does not contain any exploit code or technical details about the vulnerability itself.
Classification
Writeup 90%
Target:
none
No auth needed
nomisec
SCANNER
1 stars
by tranqtruong · poc
https://github.com/tranqtruong/Detect-BlueKeep
This repository contains a Python script designed to detect potential CVE-2019-0708 (BlueKeep) vulnerabilities by analyzing RDP traffic patterns. It uses pyshark to capture and analyze network packets for signatures associated with the vulnerability.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to monitor RDP traffic · Python 3 with pyshark and keyboard libraries
nomisec
WORKING POC
1 stars
by freeide · poc
https://github.com/freeide/CVE-2019-0708
This repository contains a working PoC for CVE-2019-0708, which exploits a vulnerability in Chrome's password storage. The ChromePassDecryptor.c file extracts and decrypts saved passwords from Chrome's Login Data database using Windows API calls and SQLite operations.
Classification
Working Poc 90%
Target:
Google Chrome (versions affected by CVE-2019-0708)
No auth needed
Prerequisites:
Access to the local file system where Chrome's Login Data database is stored · Windows environment with Chrome installed
nomisec
STUB
1 stars
by temp-user-2014 · poc
https://github.com/temp-user-2014/CVE-2019-0708
The repository contains only a placeholder Python file and a README describing CVE-2019-0708 (BlueKeep), a pre-authentication RCE vulnerability in Remote Desktop Services. No functional exploit code is present.
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target's RDP port (3389)
nomisec
STUB
1 stars
by wdfcc · poc
https://github.com/wdfcc/CVE-2019-0708
This repository appears to be a snapshot of the rdesktop client codebase, with minimal context or modifications to demonstrate CVE-2019-0708. The README.md only mentions a 'crash poc' without further details or exploit code.
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Vulnerable RDP service exposed · Network access to target
nomisec
SCANNER
1 stars
by JSec1337 · infoleak
https://github.com/JSec1337/Scanner-CVE-2019-0708
This repository contains a Python-based scanner for detecting CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The scanner checks for vulnerability status by analyzing RDP protocol responses.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP service · Python 3.x with required dependencies
nomisec
WORKING POC
1 stars
by adyanamul · poc
https://github.com/adyanamul/Remote-Code-Execution-RCE-Exploit-BlueKeep-CVE-2019-0708-PoC
This repository contains a Proof-of-Concept (PoC) exploit for CVE-2019-0708 (BlueKeep), a remote code execution vulnerability in Windows RDP. The exploit includes implementations in Java, C++, Python, and Ruby, each designed to send a crafted RDP packet with shellcode to trigger the vulnerability.
Classification
Working Poc 80%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Target IP address · Network access to RDP port (3389) · Vulnerable Windows system (unpatched for CVE-2019-0708)
nomisec
STUB
1 stars
by HackerJ0e · poc
https://github.com/HackerJ0e/CVE-2019-0708
The repository contains only a README.md with a placeholder message in Chinese, indicating no actual exploit code or technical details are present. It appears to be an empty or unfinished stub.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
WRITEUP
1 stars
by 0x6b7966 · poc
https://github.com/0x6b7966/CVE-2019-0708-RCE
This repository provides instructions for exploiting CVE-2019-0708 (BlueKeep) using Metasploit modules. It includes steps to install Metasploit and place exploit files in the appropriate directories.
Classification
Writeup 90%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Metasploit Framework · Network access to target RDP service · Vulnerable Windows system (pre-patch)
nomisec
WORKING POC
1 stars
by zjw88282740 · remote
https://github.com/zjw88282740/CVE-2019-0708-win7
This PoC exploits CVE-2019-0708 (BlueKeep) by sending crafted RDP packets to trigger a vulnerable path in Windows 7 systems. It includes packet construction and encryption routines to interact with the RDP protocol.
Classification
Working Poc 90%
Target:
Microsoft Windows 7 (RDP)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Vulnerable Windows 7 system
nomisec
SCANNER
1 stars
by hotdog777714 · poc
https://github.com/hotdog777714/RDS_CVE-2019-0708
This script checks for open RDP ports and attempts to exploit CVE-2019-0708 using Metasploit's auxiliary module. It is more of a scanner than a full exploit PoC.
Classification
Scanner 80%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
nmap installed · Metasploit installed · root privileges
nomisec
WORKING POC
1 stars
by cream-sec · poc
https://github.com/cream-sec/CVE-2019-0708-Msf--
This repository contains a scanner and Metasploit module for detecting CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of rdesktop that checks for vulnerability without causing denial-of-service.
Classification
Working Poc | Scanner 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP port (3389)
nomisec
WORKING POC
1 stars
by ntkernel0 · poc
https://github.com/ntkernel0/CVE-2019-0708
This repository contains multiple proof-of-concept exploits for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The exploits include DoS and RCE capabilities, targeting unpatched Windows systems via crafted RDP packets.
Classification
Working Poc 90%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP service · Unpatched Windows system (pre-May 2019 updates)
nomisec
SCANNER
1 stars
by herhe · poc
https://github.com/herhe/CVE-2019-0708poc
This repository contains a batch detection script for CVE-2019-0708, based on a single-IP detection tool developed by 360Vulcan Team. It is a single-threaded scanner and does not include exploit code.
Classification
Scanner 80%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Network access to target systems
nomisec
WORKING POC
1 stars
by CircuitSoul · poc
https://github.com/CircuitSoul/CVE-2019-0708
This is a proof-of-concept exploit for CVE-2019-0708 (BlueKeep), targeting vulnerable RDP implementations in Windows systems. It sends a crafted packet to trigger a remote code execution vulnerability.
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (Windows 7, Server 2008, etc.)
No auth needed
Prerequisites:
Target system with vulnerable RDP service exposed on port 3389
nomisec
WORKING POC
1 stars
by gildaaa · poc
https://github.com/gildaaa/CVE-2019-0708
This is a functional exploit for CVE-2019-0708 (BlueKeep), targeting vulnerable RDP services on non-English Windows 7/2008 and Chinese XP/2003 systems. It includes shellcode for a message box payload, demonstrating remote code execution.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Target system unpatched for CVE-2019-0708
nomisec
WORKING POC
1 stars
by AdministratorGithub · poc
https://github.com/AdministratorGithub/CVE-2019-0708
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708 (BlueKeep), which targets a remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP). The exploit sends maliciously crafted packets to trigger a denial-of-service (DoS) condition, causing a blue screen on vulnerable systems.
Classification
Working Poc 90%
Target:
Microsoft Windows 7, Windows Server 2008, Windows Server 2008 R2 (RDP)
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Vulnerable RDP implementation
nomisec
SCANNER
1 stars
by JasonLOU · poc
https://github.com/JasonLOU/CVE-2019-0708
This repository contains a Python script that uses a precompiled binary (0708detector.exe) to scan multiple RDP hosts for CVE-2019-0708 (BlueKeep) vulnerability. It reads target IPs from a file and uses threading for concurrent scanning.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and earlier unsupported versions
No auth needed
Prerequisites:
List of target IPs in a file named '3389_hosts' · Precompiled binary '0708detector.exe'
gitlab
SCANNER
1 stars
by aceldama · poc
https://gitlab.com/aceldama/cve-2019-0708-checker
This repository contains a C# tool that checks for the presence and version of the termdd.sys file to determine if a system is vulnerable to CVE-2019-0708 (BlueKeep). It does not exploit the vulnerability but scans for it by comparing file versions against known patched versions.
Classification
Scanner 95%
Target:
Microsoft Windows (affected versions include Windows 7, Windows Server 2008, etc.)
No auth needed
Prerequisites:
access to the target system's file system and WMI
nomisec
STUB
1 stars
by YSheldon · poc
https://github.com/YSheldon/MS_T120
This repository contains only a README.md file referencing CVE-2019-0708 (BlueKeep) with a link to Microsoft's RDP protocol documentation. No actual exploit code or PoC is present.
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Network access to vulnerable RDP service
nomisec
SCANNER
1 stars
by l9c · poc
https://github.com/l9c/rdp0708scanner
This repository contains a Python-based scanner for CVE-2019-0708 (BlueKeep), which checks for vulnerable RDP services. It uses a multi-threaded approach to scan single or multiple targets by invoking an external executable (0708Detector_v2.exe).
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target RDP services · 0708Detector_v2.exe executable
nomisec
SCANNER
1 stars
by Gh0st0ne · poc
https://github.com/Gh0st0ne/rdpscan-BlueKeep
This repository contains a scanner for CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Remote Desktop. The tool checks for vulnerable systems by sending crafted RDP requests and interpreting responses to determine if a target is patched, vulnerable, or unknown.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to target RDP port (typically 3389) · No authentication required for scanning
nomisec
WORKING POC
1 stars
by 303sec · poc
https://github.com/303sec/CVE-2019-0708
This PoC exploits CVE-2019-0708 (BlueKeep) via a crafted buffer overflow payload targeting RDP services. It includes shellcode execution and ROP chain construction for remote code execution on vulnerable systems.
Classification
Working Poc 80%
Target:
Microsoft Windows Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Target system must be unpatched for CVE-2019-0708
nomisec
STUB
1 stars
by yushiro · poc
https://github.com/yushiro/CVE-2019-0708
This repository contains a Windows GUI application stub for CVE-2019-0708 (BlueKeep) but lacks actual exploit implementation. The code includes a basic UI with buttons and a text field, but no functional exploit logic is present.
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Vulnerable Windows system with RDS exposed
nomisec
STUB
1 stars
by UraSecTeam · poc
https://github.com/UraSecTeam/CVE-2019-0708
The repository contains only a README.md file with no actual exploit code or technical details. It appears to be a placeholder or a response to criticism rather than a functional PoC.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
SCANNER
1 stars
by 0xFlag · poc
https://github.com/0xFlag/CVE-2019-0708-test
This repository contains a C# GUI application designed to scan for CVE-2019-0708 (BlueKeep) by executing an external detector tool. It does not include exploit code but provides a frontend for vulnerability detection.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
External detector tool '0708detector.exe' must be present
nomisec
WRITEUP
1 stars
by safly · poc
https://github.com/safly/CVE-2019-0708
This repository appears to be a writeup or commentary related to CVE-2019-0708 (BlueKeep), but it lacks actual exploit code or technical details. The content is primarily in Chinese and includes images/gifs, suggesting it may be a humorous or satirical post rather than a functional PoC.
Classification
Writeup 90%
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
none
nomisec
WORKING POC
1 stars
by distance-vector · remote
https://github.com/distance-vector/CVE-2019-0708
This is a Metasploit module for detecting and exploiting CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Remote Desktop Services. It includes functionality to scan for vulnerable hosts and trigger a denial-of-service (DoS) condition.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP service · Target system must be unpatched and not require NLA (CredSSP)
nomisec
WORKING POC
1 stars
by 1aa87148377 · remote
https://github.com/1aa87148377/CVE-2019-0708
This repository contains a Metasploit module for detecting and exploiting CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The module includes functionality to scan for vulnerable hosts and trigger a denial-of-service condition.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to the target RDP service · Target system must be unpatched and not require NLA (Network Level Authentication)
nomisec
WRITEUP
by denuwanjayasekara · poc
https://github.com/denuwanjayasekara/CVE-Exploitation-Reports
This repository contains detailed exploitation reports for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Services. It includes in-depth analysis, reproduction steps, and mitigation strategies, but no actual exploit code.
Classification
Writeup 90%
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
Network access to vulnerable RDS service · Suitable exploit payload
nomisec
WRITEUP
by sbkcbig · poc
https://github.com/sbkcbig/CVE-2019-0708-EXPloit-3389
This repository contains only a README file describing CVE-2019-0708, a remote code execution vulnerability in Remote Desktop Services (RDP). No exploit code or technical details are provided.
Classification
Writeup 30%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Vulnerable RDP service exposed
nomisec
STUB
by yetiddbb · poc
https://github.com/yetiddbb/CVE-2019-0708-PoC
The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or incomplete submission.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
nomisec
STUB
by go-bi · poc
https://github.com/go-bi/CVE-2019-0708-EXP-Windows
The repository appears to be a partial or incomplete clone of FreeRDP with no actual exploit code for CVE-2019-0708. The files listed are build system artifacts and source files unrelated to the vulnerability.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
None identified; exploit code not present
nomisec
WORKING POC
by f8al · poc
https://github.com/f8al/CVE-2019-0708-POC
This is a Python-based proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS). The exploit sends a maliciously crafted packet to trigger the vulnerability and includes a shellcode payload for execution.
Classification
Working Poc 90%
Target:
Microsoft Windows XP, XP Embedded, Windows 7, Server 2003, Server 2008 (RDS)
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Vulnerable version of Remote Desktop Services
nomisec
STUB
by CPT-Jack-A-Castle · poc
https://github.com/CPT-Jack-A-Castle/Haruster-CVE-2019-0708-Exploit
The repository contains only a minimal Python file with an import statement and a README with a brief description. No functional exploit code is present.
Target:
Microsoft Windows Remote Desktop Services (RDS)
No auth needed
Prerequisites:
None identified due to lack of functional code
nomisec
WRITEUP
by GopeshKachhadiya · poc
https://github.com/GopeshKachhadiya/Windows-2
This repository provides a detailed writeup and lab setup instructions for CVE-2019-0708 (BlueKeep), a critical pre-authentication RCE vulnerability in Microsoft RDP. It includes educational resources, exploitation methodology, and disclaimers for ethical use.
Classification
Writeup 100%
Target:
Microsoft Remote Desktop Protocol (RDP) on Windows 7 Professional SP1
No auth needed
Prerequisites:
Kali Linux with Metasploit · Unpatched Windows 7 SP1 target · RDP service exposed on port 3389 · NLA disabled
gitlab
WORKING POC
by ntkernel · poc
https://gitlab.com/ntkernel/bluekeep
This repository contains functional exploit code for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The code includes RDP packet crafting, encryption handling, and exploit logic to trigger the vulnerability.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Python environment with required dependencies (OpenSSL, Crypto)
gitlab
WORKING POC
by ntkernel · poc
https://gitlab.com/ntkernel/CVE-2019-0708
This repository contains functional exploit code for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The code includes multiple PoC implementations from different authors, demonstrating the vulnerability through crafted RDP packets.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (Remote Desktop Protocol)
No auth needed
Prerequisites:
Network access to vulnerable RDP service · Python environment with required dependencies
gitlab
SCANNER
by AlexHeylin · poc
https://gitlab.com/AlexHeylin/cve-2019-0708-checker
This repository contains a C# tool that checks for the presence and version of the termdd.sys file to determine if a system is vulnerable to CVE-2019-0708 (BlueKeep). It does not exploit the vulnerability but scans for it by comparing file versions against known patched versions.
Classification
Scanner 95%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and older versions
No auth needed
Prerequisites:
local or remote access to the target system · WMI access for OS information
gitlab
WORKING POC
by alessio_ · poc
https://gitlab.com/alessio_/CVE-2019-0708
This repository contains a functional exploit for CVE-2019-0708 (BlueKeep), a critical RDP vulnerability. The Python script demonstrates the exploit chain, including grooming and memory corruption techniques, though it is noted as unstable (75% reliability).
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (Remote Desktop Protocol)
No auth needed
Prerequisites:
Target system with RDP exposed · Vulnerable Windows version (pre-patch)
nomisec
WORKING POC
by Ameg-yag · dos
https://github.com/Ameg-yag/Wincrash
This is a Python-based PoC for CVE-2019-0708 (BlueKeep), which exploits a vulnerability in Remote Desktop Services to crash unpatched Windows systems. It sends specially crafted RDP packets to trigger a denial-of-service condition.
Classification
Working Poc 90%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Unpatched Windows system (pre-May 2019 updates)
nomisec
WORKING POC
by offensity · remote
https://github.com/offensity/CVE-2019-0708
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RDP vulnerability allowing remote code execution via a use-after-free bug in Windows RDP services. The exploit includes shellcode and grooming techniques but is noted as unstable (~75% reliability).
Classification
Working Poc 90%
Target:
Microsoft Windows RDP (pre-patch versions)
No auth needed
Prerequisites:
Network access to RDP port (3389) · Vulnerable Windows system (unpatched for CVE-2019-0708)
nomisec
SCANNER
by davidfortytwo · infoleak
https://github.com/davidfortytwo/bluekeep
This repository contains a Python script that checks for the BlueKeep vulnerability (CVE-2019-0708) by sending a pre-authentication packet to the RDP port (3389) and analyzing the response. It does not exploit the vulnerability but scans for its presence.
Classification
Scanner 95%
Target:
Microsoft Windows RDP (pre-patch versions)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Python 3.x
nomisec
WORKING POC
by pywc · dos
https://github.com/pywc/CVE-2019-0708
This PoC exploits CVE-2019-0708 (BlueKeep) by sending malformed RDP packets to trigger a BSOD on vulnerable Windows systems. It implements the RDP connection sequence and manipulates protocol fields to achieve a denial-of-service condition.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch versions)
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Vulnerable Windows system (unpatched for CVE-2019-0708)
nomisec
WORKING POC
by AaronCaiii · remote-auth
https://github.com/AaronCaiii/CVE-2019-0708-POC
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS). The exploit leverages malformed RDP packets to trigger a memory corruption issue, potentially leading to arbitrary code execution on vulnerable Windows systems.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP
No auth needed
Prerequisites:
Remote Desktop Services (RDS) enabled on target · Port 3389 accessible · Firewall disabled or misconfigured
nomisec
STUB
by SQLDebugger · poc
https://github.com/SQLDebugger/CVE-2019-0708-Tool
This repository is a placeholder for a tool related to CVE-2019-0708 (BlueKeep) but contains no actual exploit code. It only includes a README promising to share the tool after reaching 50 stars.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
None provided
nomisec
STUB
by freeide · poc
https://github.com/freeide/CVE-2019-0708-PoC-Exploit
This repository contains only a README.md file with a reference to CVE-2019-0708 (BlueKeep) and a mention of Kevin Beaumont, but no actual exploit code or technical details. It appears to be a placeholder or joke repository.
Target:
Microsoft Remote Desktop Services (RDS)
No auth needed
Prerequisites:
none
nomisec
WORKING POC
by lisinan988 · dos
https://github.com/lisinan988/CVE-2019-0708-scan
This repository contains a proof-of-concept exploit for CVE-2019-0708, a critical RCE vulnerability in Microsoft Remote Desktop Services. The exploit sends a maliciously crafted RDP packet to trigger the vulnerability on unpatched Windows systems.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 2003, Windows 2008, and other unpatched systems
No auth needed
Prerequisites:
Target system must have RDP (port 3389) exposed and be unpatched for CVE-2019-0708
nomisec
WORKING POC
by ZhaoYukai · poc
https://github.com/ZhaoYukai/CVE-2019-0708
This repository contains a proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS) affecting older Windows systems. The exploit triggers a blue screen (DoS) by sending malformed RDP packets to the target system.
Classification
Working Poc 95%
Target:
Microsoft Windows 7, Windows Server 2008 R2, and earlier versions with RDS enabled
No auth needed
Prerequisites:
Network access to the target's RDP port (3389) · Target system must be vulnerable (unpatched)
nomisec
WORKING POC
by isabelacostaz · poc
https://github.com/isabelacostaz/CVE-2019-0708-POC
This repository contains a Python-based proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Remote Desktop Services (RDS). The exploit is designed to target both Windows and Linux systems, leveraging the vulnerability to achieve arbitrary code execution.
Classification
Working Poc 90%
Target:
Microsoft Windows Remote Desktop Services (RDS), versions prior to the patch for CVE-2019-0708
No auth needed
Prerequisites:
Network access to the target system's RDS port (typically 3389) · Target system must be unpatched for CVE-2019-0708
github
WRITEUP
by OscarYR · poc
https://github.com/OscarYR/CVE_Reproduction/tree/main/BlueKeep/CVE-2019-0708.md
This repository provides a detailed technical analysis of CVE-2019-0708 (BlueKeep), including root cause analysis, exploit flow, and mitigation steps. It includes screenshots of a Metasploit-based exploitation but does not contain functional exploit code.
Classification
Writeup 100%
Target:
Microsoft Remote Desktop Services (RDS) on Windows 2000 through Windows Server 2008 R2 and Windows 7
No auth needed
Prerequisites:
Vulnerable Windows system with RDP exposed · Metasploit framework for exploitation
nomisec
SCANNER
by ryan-ally · poc
https://github.com/ryan-ally/rdp0708scanner
This repository contains a Python-based scanner for CVE-2019-0708 (BlueKeep) that uses an external executable (0708Detector_v2.exe) to check for vulnerability in RDP services. It supports multi-threading and batch scanning of IP addresses.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
External executable '0708Detector_v2.exe' must be present · Network access to target RDP services
nomisec
SCANNER
by oneoy · poc
https://github.com/oneoy/BlueKeep
This repository contains a scanner for CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Remote Desktop. It checks for vulnerable systems by sending crafted RDP packets and analyzing responses.
Classification
Scanner 95%
Target:
Microsoft Remote Desktop (RDP) on Windows 7, Windows Server 2008 R2, and earlier versions
No auth needed
Prerequisites:
Network access to target systems on port 3389
nomisec
WORKING POC
by ZhaoYukai · poc
https://github.com/ZhaoYukai/CVE-2019-0708-Batch-Blue-Screen
This PoC exploits CVE-2019-0708 (BlueKeep) to trigger a blue screen (DoS) on vulnerable RDP-enabled Windows systems. It sends malformed RDP packets to crash the target system.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to RDP port (3389) · Vulnerable Windows system
nomisec
SCANNER
by hualy13 · poc
https://github.com/hualy13/CVE-2019-0708-Check
This repository contains a Python script that acts as a scanner for CVE-2019-0708 (BlueKeep), utilizing an external executable (0708Detector_v2_x64.exe) to check for vulnerability in RDP services. It supports batch scanning of IP addresses with multithreading.
Classification
Scanner 90%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
External executable (0708Detector_v2_x64.exe) must be present · List of target IP addresses in a text file
patchapalooza
WORKING POC
by mirrors_k8gege · poc
https://gitee.com/mirrors_k8gege/CVE-2019-0708
The repository contains functional exploit code for CVE-2019-0708, a critical RCE vulnerability in Microsoft Remote Desktop Services. The provided Python scripts demonstrate the vulnerability by sending crafted RDP packets to trigger the exploit.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Target system with RDP exposed on port 3389 · Vulnerable version of Microsoft Remote Desktop Services
patchapalooza
WORKING POC
by bxqtee · poc
https://gitee.com/bxqtee/CVE-2019-0708
This repository contains a functional exploit for CVE-2019-0708 (BlueKeep), which targets a remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP). The exploit sends crafted packets to trigger a memory corruption in the RDP service, leading to a denial-of-service (blue screen) or potential remote code execution on vulnerable systems.
Classification
Working Poc 95%
Target:
Microsoft Windows (RDP service on Windows 7, Windows Server 2008, Windows Server 2008 R2)
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Vulnerable RDP service (unpatched Windows 7/2008/2008 R2)
patchapalooza
WORKING POC
by cysec · poc
https://gitee.com/cysec/CVE-2019-0708
This repository contains a functional proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The Python script crafts a malicious RDP packet to trigger the vulnerability on unpatched Windows 2003 and Windows 2008 systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (Windows 2003, Windows 2008)
No auth needed
Prerequisites:
Target system with RDP (port 3389) exposed · Unpatched Windows 2003 or Windows 2008
patchapalooza
WORKING POC
by mirrors_n1xbyte · poc
https://gitee.com/mirrors_n1xbyte/CVE-2019-0708
This repository contains a functional proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The PoC includes Python code to trigger the vulnerability via crafted RDP packets, targeting Windows 7 systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and other unpatched systems
No auth needed
Prerequisites:
Network access to target RDP port (3389) · Unpatched Windows system vulnerable to CVE-2019-0708
patchapalooza
WORKING POC
by isdc_admin · poc
https://gitee.com/isdc_admin/CVE-2019-0708
This repository contains a functional proof-of-concept exploit for CVE-2019-0708, a critical remote code execution vulnerability in Microsoft Remote Desktop Services (RDS). The exploit leverages crafted RDP packets to trigger a memory corruption flaw in the RDP protocol handling, specifically targeting the 'IcaBindVirtualChannels' code path.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDS) on Windows 7, Windows Server 2008 R2, and earlier versions
No auth needed
Prerequisites:
Network access to the target's RDP port (3389) · Vulnerable version of RDS without patches
patchapalooza
SCANNER
by hazy_little_sky · poc
https://gitee.com/hazy_little_sky/CVE-2019-0708-1
This repository contains a scanner for CVE-2019-0708 (BlueKeep), a vulnerability in Microsoft Windows Remote Desktop Services. It includes a forked version of rdesktop to detect vulnerable hosts without causing a denial-of-service, along with Docker and Python scripts for automated scanning.
Classification
Scanner 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Docker for containerized scanning
patchapalooza
WORKING POC
by Cross6 · poc
https://gitee.com/Cross6/CVE-2019-0708
The repository contains functional exploit code for CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services. The provided Python scripts demonstrate the vulnerability by sending crafted RDP packets to trigger the exploit.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Target system with RDP exposed · Vulnerable version of Microsoft Remote Desktop Services
patchapalooza
WORKING POC
by noofisec · poc
https://gitee.com/noofisec/CVE-2019-0708
The repository contains functional exploit code for CVE-2019-0708, a critical RCE vulnerability in Microsoft Remote Desktop Services. The provided Python scripts demonstrate the vulnerability by sending crafted RDP packets to trigger the flaw.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Target system with RDP exposed · Network access to port 3389
patchapalooza
SCANNER
by tancehello · poc
https://gitee.com/tancehello/Check-vuln-CVE-2019-0708
This repository contains a scanner for CVE-2019-0708 (BlueKeep), which detects vulnerable RDP services by binding the MS_T120 channel outside its normal slot and sending non-DoS packets. It includes a forked rdesktop binary and a Metasploit module for scanning.
Classification
Scanner 95%
Target:
Microsoft Windows Remote Desktop Services
No auth needed
Prerequisites:
Network access to target RDP service (port 3389)
metasploit
WORKING POC
by National Cyber Security Centre, JaGoTu, zerosum0x0, Tom Sellers · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
This Metasploit module checks for the CVE-2019-0708 (BlueKeep) vulnerability in Microsoft Remote Desktop by binding the MS_T120 channel outside its normal slot and sending non-DoS packets to detect vulnerable hosts. It can also trigger a denial of service (DoS) condition.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to target RDP service · RDP service running on target
patchapalooza
WORKING POC
by nmaps · poc
https://gitee.com/nmaps/cve-2019-0708-exp-msf
This repository contains functional Metasploit modules for exploiting CVE-2019-0708 (BlueKeep), including a scanner to detect vulnerable RDP endpoints and an exploit module for remote code execution. The modules are designed to integrate with Metasploit Framework 5.0.4+.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Metasploit Framework 5.0.4+ · Network access to target RDP port (3389)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/47416
This Metasploit module exploits CVE-2019-0708 (BlueKeep), a use-after-free vulnerability in the RDP termdd.sys driver, to achieve remote code execution via malformed Disconnect Provider Indication messages and nonpaged pool spraying.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (7 SP1 / 2008 R2)
No auth needed
Prerequisites:
Target must be vulnerable to CVE-2019-0708 · RDP service accessible · Specific registry key configuration for some targets
exploitdb
WORKING POC
by RAMELLA Sebastien · rubydoswindows
https://www.exploit-db.com/exploits/47120
This is a Metasploit module for CVE-2019-0708 (BlueKeep), modified to perform a Denial of Service (DoS) attack against vulnerable RDP services. It exploits the vulnerability by binding the MS_T120 channel outside its normal slot and sending malformed packets.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows XP, Windows 7, and other affected versions
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Vulnerable RDP service (unpatched CVE-2019-0708)
exploitdb
WORKING POC
by n1xbyte · pythondoswindows
https://www.exploit-db.com/exploits/46946
This exploit targets CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. It sends maliciously crafted RDP packets to trigger a memory corruption flaw, potentially allowing arbitrary code execution on unpatched systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and earlier versions
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Unpatched or vulnerable Windows system
metasploit
WORKING POC
MANUAL
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
This Metasploit module exploits CVE-2019-0708 (BlueKeep), a use-after-free vulnerability in the RDP termdd.sys driver, to achieve remote code execution on Windows 7 SP1 and Windows Server 2008 R2. It uses channel grooming and a controllable nonpaged pool spray to trigger arbitrary code execution via an indirect call gadget.
Classification
Working Poc 100%
Target:
Microsoft Windows 7 SP1 / Windows Server 2008 R2 (RDP termdd.sys driver)
No auth needed
Prerequisites:
Target must be running Windows 7 SP1 or Windows Server 2008 R2 · RDP service must be accessible · For Windows Server 2008 R2, the registry key 'fDisableCam' must be set to 0 · Accurate non-paged pool base address for reliable exploitation
exploitdb
WORKING POC
by 0xeb-bp · pythonremotewindows_x86
https://www.exploit-db.com/exploits/47683
This exploit targets CVE-2019-0708 (BlueKeep) in Remote Desktop Services (RDS) via a memory corruption vulnerability. It uses a pool spray technique to achieve remote code execution (RCE) on vulnerable Windows systems.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDS) (pre-patch for CVE-2019-0708)
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Vulnerable Windows system (e.g., Windows 7, Windows Server 2008 R2)
patchapalooza
SCANNER
by jinshengsoul · dos
https://github.com/jinshengsoul/Exploit-factory
This repository contains a Go-based tool for detecting the Heartbleed vulnerability (CVE-2014-0160) in TLS/SSL services. It includes a checker that sends crafted heartbeat requests to determine if a target is vulnerable, along with deployment scripts for infrastructure management.
Classification
Scanner 95%
Target:
OpenSSL 1.0.1 through 1.0.1f
No auth needed
Prerequisites:
Network access to the target service · TLS/SSL service running on the target
patchapalooza
WORKING POC
by ntkernel · remote
https://gitlab.com/ntkernel/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-
This repository contains a functional exploit for CVE-2019-0708, a pre-authentication RCE vulnerability in Remote Desktop Services (RDP). The PoC is implemented in Python and leverages the pocsuite3 framework to send crafted RDP packets to trigger the vulnerability.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (win7, win2k8, win2k8 r2, win2k3, winxp)
No auth needed
Prerequisites:
Network access to target RDP service · Python environment with pocsuite3
patchapalooza
WORKING POC
by NAXG · remote
https://github.com/NAXG/cve_2019_0708_bluekeep_rce
This repository contains a functional Metasploit module for CVE-2019-0708 (BlueKeep), which exploits a vulnerability in Microsoft Remote Desktop Services. The code includes both a scanner to detect vulnerable hosts and a DoS trigger, leveraging RDP protocol manipulation to exploit the flaw.
Classification
Working Poc 95%
Target:
Microsoft Windows Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Network access to target RDP service · Metasploit Framework
patchapalooza
WORKING POC
by hazy_little_sky · poc
https://gitee.com/hazy_little_sky/CVE-2019-0708
The repository contains functional exploit code for CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services. The provided Python scripts demonstrate the vulnerability by sending crafted RDP packets to trigger the exploit.
Classification
Working Poc 90%
Target:
Microsoft Remote Desktop Services (RDP)
No auth needed
Prerequisites:
Target system with RDP exposed · Network access to the target
patchapalooza
WORKING POC
by tancehello · poc
https://gitee.com/tancehello/CVE-2019-0708
The repository contains functional exploit code for CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services (RDP). The provided Python scripts demonstrate the vulnerability by sending crafted RDP packets to trigger the flaw.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites:
Network access to the target's RDP port (3389) · Target system must be vulnerable (unpatched)
patchapalooza
WORKING POC
by noofisec · poc
https://gitee.com/noofisec/CVE-2019-0708-1
This repository contains a functional exploit PoC for CVE-2019-0708 (BlueKeep), targeting RDP services on Windows systems. The code includes network packet crafting to trigger a remote code execution vulnerability via malformed RDP requests.
Classification
Working Poc 95%
Target:
Microsoft Windows RDP (Remote Desktop Protocol)
No auth needed
Prerequisites:
Network access to target RDP service (port 3389) · Vulnerable Windows system (e.g., Windows 7, Windows Server 2008)
patchapalooza
WORKING POC
by e4ting · poc
https://gitee.com/e4ting/CVE-2019-0708
This repository contains a functional proof-of-concept exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft Remote Desktop Services. The PoC includes Python code to trigger the vulnerability via crafted RDP packets, leading to a denial-of-service (crash) or potential remote code execution on unpatched systems.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and earlier versions
No auth needed
Prerequisites:
Network access to target's RDP port (3389) · Unpatched or vulnerable Windows system