Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

SharpWSUS - CSharp tool for lateral movement through WSUS

published on 2022-06-30 12:30:00 UTC by Unknown
Content:


SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog (https://labs.nettitude.com/blog/introducing-sharpwsus/) which has more detailed information about the tooling, use case and detection.

Credits

Massive credit to the below resources that really did 90% of this for me. This tool is just an enhancement of the below for C2 reliability and flexibility.


Help Menu

 ____  _                   __        ______  _   _ ____
/ ___|| |__ __ _ _ __ _ _\ \ / / ___|| | | / ___|
\___ \| '_ \ / _` | '__| '_ \ \ /\ / /\___ \| | | \___ \
___) | | | | (_| | | | |_) \ V V / ___) | |_| |___) |
|____/|_| |_|\__,_|_| | .__/ \_/\_/ |____/ \___/|____/
|_|
Phil Keeble @ Nettitude Red Team


Commands listed below have optional parameters in <>.

Locate the WSUS server:
SharpWSUS.exe locate

Inspect the WSUS server, enumerating clients, servers and existing groups:
SharpWSUS.exe inspect

Create an update (NOTE: The payload has to be a windows signed binary):
SharpWSUS.exe create /payload:[File location] /args:[Args for payload] </title:[Update title] /date:[YYYY-MM-DD] /kb:[KB on update] /rating:[Rating of update] /msrc:[MS RC] /description:[description] /url:[url]>

Approve an update:
SharpWSUS.exe approve /updateid:[UpdateGUID] /computername:[Computer to target] </groupname:[Group for computer to be added too] /approver:[Name of approver]>

Check status of an update:
SharpWSUS.exe check /updateid:[UpdateGUID] /computername:[Target FQDN]

Delete update and clean up groups added:
SharpWSUS.exe delete /updateid:[UpdateGUID] /computername:[Target FQDN] </groupname:[GroupName] /keepgroup>

Example Usage

Notes
  • Binary has to be windows signed, so psexec, msiexec, msbuild etc could be useful for lateral movement.
  • The metadata on the create command is not needed, but is useful for blending in to the environment.
  • If testing in a lab the first is usually quick, then each subsequent update will take a couple hours (this is due to how windows evaluates whether an update is installed already or not)


Article: SharpWSUS - CSharp tool for lateral movement through WSUS - published over 2 years ago.

http://www.kitploit.com/2022/06/sharpwsus-csharp-tool-for-lateral.html   
Published: 2022 06 30 12:30:00
Received: 2022 08 08 21:50:41
Feed: PenTest and Hacking Tools - powered by FeedBurner
Source: PenTest and Hacking Tools - powered by FeedBurner
Category: News
Topic: Security Tooling
Views: 0

Custom HTML Block

Click to Open Code Editor