-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathbkscan.sh
executable file
·96 lines (89 loc) · 2.36 KB
/
bkscan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
#
# BlueKeep scanner
#
# Copyright 2019 NCC Group
usage()
{
echo "Usage:"
echo "./bkscan.sh -t <target_ip> [-P <target_port>] [-u <user>] [-p <password>] [--debug]"
exit
}
if [ "$(whoami)" != "root" ]; then
echo "[!] You need to be root to use the 'docker' command"
exit 1
fi
RDP_USER=
RDP_PASSWORD=
TARGET_IP=
TARGET_PORT=3389
DEBUG=/log-level:OFF
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-u|--user)
RDP_USER="$2"
shift # past argument
;;
-p|--password)
RDP_PASSWORD="$2"
shift # past argument
;;
-t|--target-ip)
TARGET_IP="$2"
shift # past argument
;;
-P|--target-port)
TARGET_PORT="$2"
shift # past argument
;;
-d|--debug)
DEBUG=/log-level:TRACE
;;
*)
# unknown option
usage
;;
esac
shift # past argument or value
done
if [[ -z $TARGET_IP ]]
then
echo [!] Need a target IP
usage
exit 1
fi
echo [+] Targeting ${TARGET_IP}:${TARGET_PORT}...
if [[ ! -z $RDP_USER && ! -z $RDP_PASSWORD ]]
then
echo [+] Using provided credentials, will support NLA
docker run -it --rm --privileged \
--user=$USER \
--env="DISPLAY" \
--workdir="/home/$USER" \
--volume="/home/$USER:/home/$USER" \
--volume="/etc/group:/etc/group:ro" \
--volume="/etc/passwd:/etc/passwd:ro" \
--volume="/etc/shadow:/etc/shadow:ro" \
--volume="/etc/sudoers.d:/etc/sudoers.d:ro" \
--volume="/tmp/.X11-unix:/tmp/.X11-unix:rw" \
--volume="$HOME/.Xauthority:$HOME/.Xauthority" \
bkscan \
xfreerdp /cve-2019-0708 /cert-ignore /v:${TARGET_IP}:${TARGET_PORT} /u:${RDP_USER} /p:${RDP_PASSWORD} ${DEBUG}
else
echo [+] No credential provided, won\'t support NLA
docker run -it --rm --privileged \
--user=$USER \
--env="DISPLAY" \
--workdir="/home/$USER" \
--volume="/home/$USER:/home/$USER" \
--volume="/etc/group:/etc/group:ro" \
--volume="/etc/passwd:/etc/passwd:ro" \
--volume="/etc/shadow:/etc/shadow:ro" \
--volume="/etc/sudoers.d:/etc/sudoers.d:ro" \
--volume="/tmp/.X11-unix:/tmp/.X11-unix:rw" \
--volume="$HOME/.Xauthority:$HOME/.Xauthority" \
bkscan \
xfreerdp /cve-2019-0708 /cert-ignore /v:${TARGET_IP}:${TARGET_PORT} ${DEBUG} -sec-nla
fi