nccgroup / bkscan Goto Github PK

BlueKeep scanner supporting NLA

Dockerfile 45.10% Shell 54.90%

bluekeep scanner nla cve-2019-0708

bkscan's Issues

Unable to build BKScan docker on Kali

Hi,
I am unable to build the BKScan docker image in Kali. Here is the command I am running after cloning the repository and the CMake error messages that I get back. I am running the command on Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 GNU/Linux

Any suggestions on how I can remediate these errors? I have tried to research similar errors that others may have faced before, but did not have much luck finding a fix.

root@kali:/opt/BKScan# sudo docker build -t bkscan .
Sending build context to Docker daemon  166.9kB
Step 1/14 : FROM ubuntu:16.04
 ---> 13c9f1285025
Step 2/14 : MAINTAINER Cedric Halbronn <[email protected]>
 ---> Using cache
 ---> bf1362620a53
Step 3/14 : RUN apt-get update &&     apt-get install -y --no-install-recommends         build-essential git-core cmake sudo x11-xserver-utils locales alsa alsa-tools pulseaudio pulseaudio-utils         libssl-dev libx11-dev libxext-dev libxinerama-dev         libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev         libxrandr-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev         libxi-dev libavutil-dev         libavcodec-dev libxtst-dev libgtk-3-dev libgcrypt11-dev libssh-dev libpulse-dev         libvte-2.91-dev libxkbfile-dev libtelepathy-glib-dev libjpeg-dev         libgnutls28-dev libgnome-keyring-dev libavahi-ui-gtk3-dev libvncserver-dev         libappindicator3-dev intltool libsecret-1-dev libwebkit2gtk-4.0-dev libsystemd-dev         libsoup2.4-dev libjson-glib-dev libavresample-dev
 ---> Using cache
 ---> 65b17ae2dcb5
Step 4/14 : ADD FreeRDP_scanner.patch /tmp/FreeRDP_scanner.patch
 ---> Using cache
 ---> a4cbac1a1e92
Step 5/14 : RUN git clone https://github.com/FreeRDP/FreeRDP.git /tmp/FreeRDP
 ---> Using cache
 ---> 75b43663a6b0
Step 6/14 : WORKDIR /tmp/FreeRDP
 ---> Using cache
 ---> 69efcc32977d
Step 7/14 : RUN git checkout b907324009b0af6c9fee449e61e6fbcf5d5d865e
 ---> Using cache
 ---> f0798532d5de
Step 8/14 : RUN patch -p1 < ../FreeRDP_scanner.patch
 ---> Using cache
 ---> 53372f6fb7d6
Step 9/14 : RUN cmake -DWITH_SSE2=off -DWITH_CUPS=off -DWITH_WAYLAND=off -DWITH_PULSE=off -DCMAKE_INSTALL_PREFIX:PATH=/opt/freerdp . &&     make &&     make install &&     echo /opt/freerdp/lib > /etc/ld.so.conf.d/freerdp.conf &&     ldconfig &&     ln -sf /opt/freerdp/bin/xfreerdp /usr/local/bin/
 ---> Running in 33c3cd930b30
-- The C compiler identification is GNU 5.4.0
-- The CXX compiler identification is GNU 5.4.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") 
FREERDP_VERSION=2.0.0-dev5
-- Git Revision b907324
-- Looking for __x86_64__
-- Looking for __x86_64__ - found
-- Performing Test Wno-unused-result
-- Performing Test Wno-unused-result - Success
-- Performing Test Wno-unused-but-set-variable
-- Performing Test Wno-unused-but-set-variable - Success
-- Performing Test Wno-deprecated-declarations
-- Performing Test Wno-deprecated-declarations - Success
-- Performing Test Wno-deprecated-declarationsCXX
-- Performing Test Wno-deprecated-declarationsCXX - Success
-- GCC default symbol visibility: hidden
-- Performing Test Wimplicit-function-declaration
-- Performing Test Wimplicit-function-declaration - Success
-- Performing Test Wredundant-decls
-- Performing Test Wredundant-decls - Success
-- Performing Test Wno-builtin-macro-redefined
-- Performing Test Wno-builtin-macro-redefined - Success
-- Performing Test Wno-builtin-macro-redefinedCXX
-- Performing Test Wno-builtin-macro-redefinedCXX - Success
-- Performing Test fno-omit-frame-pointer
-- Performing Test fno-omit-frame-pointer - Success
-- Looking for include file fcntl.h
-- Looking for include file fcntl.h - found
-- Looking for include file unistd.h
-- Looking for include file unistd.h - found
-- Looking for include file execinfo.h
-- Looking for include file execinfo.h - found
-- Looking for include file inttypes.h
-- Looking for include file inttypes.h - found
-- Looking for include file sys/modem.h
-- Looking for include file sys/modem.h - not found
-- Looking for include file sys/filio.h
-- Looking for include file sys/filio.h - not found
-- Looking for include file sys/sockio.h
-- Looking for include file sys/sockio.h - not found
-- Looking for include file sys/strtio.h
-- Looking for include file sys/strtio.h - not found
-- Looking for include file sys/select.h
-- Looking for include file sys/select.h - found
-- Looking for include file syslog.h
-- Looking for include file syslog.h - found
-- Performing Test HAVE_TM_GMTOFF
-- Performing Test HAVE_TM_GMTOFF - Success
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Looking for pthread_create
-- Looking for pthread_create - not found
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE  
-- Looking for pthread_mutex_timedlock
-- Looking for pthread_mutex_timedlock - not found
-- Looking for pthread_mutex_timedlock in pthread
-- Looking for pthread_mutex_timedlock in pthread - found
-- Looking for include file aio.h
-- Looking for include file aio.h - found
-- Looking for include file sys/eventfd.h
-- Looking for include file sys/eventfd.h - found
-- Looking for eventfd_read
-- Looking for eventfd_read - found
-- Looking for include file sys/timerfd.h
-- Looking for include file sys/timerfd.h - found
-- Looking for include file poll.h
-- Looking for include file poll.h - found
-- Looking for ceill
-- Looking for ceill - found
-- Finding recommended feature libsystemd for systemd journal appender (allows to export wLog to systemd journal)
--     Disable feature libsystemd using "-DWITH_LIBSYSTEMD=OFF"
-- Found libsystemd: /usr/lib/x86_64-linux-gnu/libsystemd.so  
-- Finding recommended feature X11 for X11 (X11 client and server)
--     Disable feature X11 using "-DWITH_X11=OFF"
-- Found X11: /usr/lib/x86_64-linux-gnu/libX11.so  
-- Skipping recommended feature Wayland for Wayland (Wayland client)
-- Finding required feature ZLIB for compression (data compression)
-- Found ZLIB: /usr/lib/x86_64-linux-gnu/libz.so (found version "1.2.8") 
-- Finding required feature OpenSSL for cryptography (encryption, certificate validation, hashing functions)
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so (found version "1.0.2g") 
-- Skipping optional feature MbedTLS for cryptography (encryption, certificate validation, hashing functions)
--     Enable feature MbedTLS using "-DWITH_MBEDTLS=ON"
-- Skipping optional feature OpenSLES for multimedia (OpenSLES audio / video)
--     Enable feature OpenSLES using "-DWITH_OPENSLES=ON"
-- Finding recommended feature OSS for sound (audio input, audio output and multimedia redirection)
--     Disable feature OSS using "-DWITH_OSS=OFF"
-- Found OSS Audio
-- Finding recommended feature ALSA for sound (audio input, audio output and multimedia redirection)
--     Disable feature ALSA using "-DWITH_ALSA=OFF"
-- Found ALSA: /usr/lib/x86_64-linux-gnu/libasound.so (found version "1.1.0") 
-- Skipping optional feature Pulse for sound (audio input, audio output and multimedia redirection)
--     Enable feature Pulse using "-DWITH_PULSE=ON"
-- Skipping optional feature Cups for printing (printer device redirection)
--     Enable feature Cups using "-DWITH_CUPS=ON"
-- Skipping optional feature PCSC for smart card (smart card device redirection)
--     Enable feature PCSC using "-DWITH_PCSC=ON"
-- Finding recommended feature FFmpeg for multimedia (multimedia redirection, audio and video playback)
--     Disable feature FFmpeg using "-DWITH_FFMPEG=OFF"
-- Checking for module 'libavcodec'
--   Found libavcodec, version 56.60.100
-- Checking for module 'libavutil'
--   Found libavutil, version 54.31.100
-- Checking for module 'libavresample'
--   Found libavresample, version 2.1.0
-- Checking for module 'libswresample'
--   Found libswresample, version 1.2.101
-- Found FFmpeg: TRUE  
-- Skipping optional feature GStreamer_0_10 for multimedia (multimedia redirection, audio and video playback, gstreamer 0.10 version)
--     Enable feature GStreamer_0_10 using "-DWITH_GSTREAMER_0_10=ON"
-- Finding recommended feature GStreamer_1_0 for multimedia (multimedia redirection, audio and video playback)
--     Disable feature GStreamer_1_0 using "-DWITH_GSTREAMER_1_0=OFF"
-- Checking for module 'glib-2.0'
--   Found glib-2.0, version 2.48.2
-- Found Glib 
-- Checking for module 'gstreamer-1.0 >= 1.0.5'
--   Found gstreamer-1.0 , version 1.8.3
-- Checking for module 'gstreamer-base-1.0 >= 1.0.5'
--   Found gstreamer-base-1.0 , version 1.8.3
-- Checking for module 'gstreamer-app-1.0 >= 1.0.5'
--   Found gstreamer-app-1.0 , version 1.8.3
-- Checking for module 'gstreamer-audio-1.0 >= 1.0.5'
--   Found gstreamer-audio-1.0 , version 1.8.3
-- Checking for module 'gstreamer-fft-1.0 >= 1.0.5'
--   Found gstreamer-fft-1.0 , version 1.8.3
-- Checking for module 'gstreamer-pbutils-1.0 >= 1.0.5'
--   Found gstreamer-pbutils-1.0 , version 1.8.3
-- Checking for module 'gstreamer-video-1.0 >= 1.0.5'
--   Found gstreamer-video-1.0 , version 1.8.3
-- Found GSTREAMER_1_0: /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so  
-- Skipping optional feature JPEG for codec (use JPEG library)
--     Enable feature JPEG using "-DWITH_JPEG=ON"
-- Skipping optional feature x264 for codec (use x264 library)
--     Enable feature x264 using "-DWITH_X264=ON"
-- Skipping optional feature OpenH264 for codec (use OpenH264 library)
--     Enable feature OpenH264 using "-DWITH_OPENH264=ON"
-- Skipping optional feature GSM for codec (GSM audio codec library)
--     Enable feature GSM using "-DWITH_GSM=ON"
-- Skipping optional feature LAME for codec (lame MP3 audio codec library)
--     Enable feature LAME using "-DWITH_LAME=ON"
-- Skipping optional feature FAAD2 for codec (FAAD2 AAC audio codec library)
--     Enable feature FAAD2 using "-DWITH_FAAD2=ON"
-- Skipping optional feature FAAC for codec (FAAC AAC audio codec library)
--     Enable feature FAAC using "-DWITH_FAAC=ON"
-- Skipping optional feature soxr for codec (SOX audio resample library)
--     Enable feature soxr using "-DWITH_SOXR=ON"
-- Skipping optional feature GSSAPI for auth (add kerberos support)
--     Enable feature GSSAPI using "-DWITH_GSSAPI=ON"
-- Skipping optional feature IPP for performance (Intel Integrated Performance Primitives library)
--     Enable feature IPP using "-DWITH_IPP=ON"
-- Using OpenSSL Version: 1.0.2g
-- Looking for include file stdbool.h
-- Looking for include file stdbool.h - found
-- Looking for include file stdint.h
-- Looking for include file stdint.h - found
-- Looking for include file inttypes.h
-- Looking for include file inttypes.h - found
-- Looking for timer_create
-- Looking for timer_create - found
-- Looking for timer_delete
-- Looking for timer_delete - found
-- Looking for timer_settime
-- Looking for timer_settime - found
-- Looking for timer_gettime
-- Looking for timer_gettime - found
CMake Warning at libfreerdp/CMakeLists.txt:100 (message):
  neigter swscale nor libcairo detected, compiling without image scaling
  support!


-- Finding recommended feature XKBFile for X11 keyboard (X11 keyboard file extension)
--     Disable feature XKBFile using "-DWITH_XKBFILE=OFF"
-- Found XKBFile: /usr/lib/x86_64-linux-gnu/libxkbfile.so  
CMake Error at channels/CMakeLists.txt:48 (if):
  if given arguments:

    "OFF" "OR"

  Unknown arguments specified
Call Stack (most recent call first):
  channels/sshagent/ChannelOptions.cmake:5 (define_channel_options)
  channels/CMakeLists.txt:273 (include)


-- Configuring incomplete, errors occurred!
See also "/tmp/FreeRDP/CMakeFiles/CMakeOutput.log".
See also "/tmp/FreeRDP/CMakeFiles/CMakeError.log".
The command '/bin/sh -c cmake -DWITH_SSE2=off -DWITH_CUPS=off -DWITH_WAYLAND=off -DWITH_PULSE=off -DCMAKE_INSTALL_PREFIX:PATH=/opt/freerdp . &&     make &&     make install &&     echo /opt/freerdp/lib > /etc/ld.so.conf.d/freerdp.conf &&     ldconfig &&     ln -sf /opt/freerdp/bin/xfreerdp /usr/local/bin/' returned a non-zero code: 1

False positives checking the system with valid credentials if user is not in RDP Users list.

Steps to reproduce:

Create user test with password 123.
Add user test to Remote Desktop User list:
Run BKscan ./bkscan.sh -t 10.0.2.15 -u test -p 123 --debug. Bunch of MST120 was sended and we get true positive:
Remove user test from Remote Desktop User list:
Run BKscan ./bkscan.sh -t 10.0.2.15 -u test -p 123 --debug. NLA passes but we get false positive because RDP is restricted for this user and MST120 packets are not sended:

Notice: Server said: ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES (0x00000009):The user cannot connect to the server due to insufficient access privileges. but BKscan wrote: [!] Target is VULNERABLE!!!

failed to open display

Hey, just re-installed the docker image and am still getting this error when I try to use bkscan.

./bkscan.sh -t █.█.█.█ -u █████ -p █████ --debug
[+] Targeting █.█.█.█:3389...
[+] Using provided credentials, will support NLA
No protocol specified
[22:47:17:428] [1:1] [ERROR][com.freerdp.client.x11] - failed to open display: :1
[22:47:17:428] [1:1] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set.

Failed to open display

I've had this issue on two completely separate kali instances. I install the tool following the installation instructions. The docker installation completes successfully and sudo ./bkscan.sh -h gives me the expected output. However when I try to scan a target machine with sudo ./bkscan.sh -t <IP Address> I get the following error.

[+] No credential provided, won't support NLA
No protocol specified
[22:41:07:683] [1:1] [ERROR][com.freerdp.client.x11] - failed to open display: :0.0
[22:41:07:683] [1:1] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.