Land #11884, Fix rdp_scanner and update CVE-2019-0708 docs

rapid7 · May 24, 2019 · 4122c77 · 4122c77
2 parents 0701ee1 + 68a55cd
commit 4122c77
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/documentation/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.md b/documentation/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.md
@@ -65,7 +65,7 @@ Workstation versions:
  - Windows XP SP2 (x86), SP3 (x86), Version 2003 (x64)
  - Windows Vista SP0 (x86), SP0 (x64), SP2 (x64)
  - Windows 7 SP1 (x86), SP1 (x64)
- - Windows 10 1709, ()x64)
+ - Windows 10 1709, 1809 (x64)
 
 Server versions:
  - Windows 2000 SP4 (x86)

diff --git a/modules/auxiliary/scanner/rdp/rdp_scanner.rb b/modules/auxiliary/scanner/rdp/rdp_scanner.rb
@@ -16,6 +16,8 @@ def initialize(info = {})
         'Description'    => %q(
           This module attempts to connect to the specified Remote Desktop Protocol port
           and determines if it speaks RDP.
+
+          The CredSSP and EarlyUser options are related to Network Level Authentication.
         ),
         'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
         'References'     =>
@@ -29,9 +31,9 @@ def initialize(info = {})
     register_options(
       [
         Opt::RPORT(3389),
-        OptBool.new('TLS', [true, 'Wheter or not request TLS security', true]),
+        OptBool.new('TLS', [true, 'Whether or not request TLS security', true]),
         OptBool.new('CredSSP', [true, 'Whether or not to request CredSSP', true]),
-        OptBool.new('EarlyUser', [true, 'Whether to support Earlier User Authorization Result PDU', false])
+        OptBool.new('EarlyUser', [true, 'Whether to support Early User Authorization Result PDU', false])
       ]
     )
   end
@@ -52,11 +54,13 @@ def rdp?
     else
       vprint_status("No response")
     end
+
+    false
   end
 
   def setup
     # build a simple TPKT v3 + x.224 COTP Connect Request.  optionally append
-    # RDP negotiation request with TLS, CredSSP and Early User as requesteste
+    # RDP negotiation request with TLS, CredSSP and Early User as requested
     requested_protocols = 0
     if datastore['TLS']
       requested_protocols = requested_protocols ^ 0b1
@@ -86,8 +90,7 @@ def run_host(_ip)
     begin
       connect
       return unless rdp?
-    rescue Rex::AddressInUse, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, \
-           ::Errno::ETIMEDOUT, ::Timeout::Error, ::EOFError => e
+    rescue Rex::ConnectionError => e
       vprint_error("error while connecting and negotiating RDP: #{e}")
       return
     ensure