In the post, I would like to share some tricks that I learned such as using the WSUS Trick while playing with the Outdated Machine which the walkthrough over here
I’m not really good with Windows Operating System and this technique is a new thing for me
What is WSUS?
After looking deep into the WSUS, I managed to find out that WSUS is a Solution from Microsoft for administrators to ensure all Microsoft-related products is been updated and apply patches with the environment. The method is been used so that any servers that have been installed internally will not able to reach out to the internet directly.
The Explanation of the SharpWSUS tool
For those who are not familiar with SharpWSUS, it’s a continuation of the tools that bring the complete functionality between WSUSPendu and Thunder_Woosus to a .NET language where it can be reliably used throughout the C2 Channels and the offering flexibility to the operator.
Those are the step for using the SharpWSUS for attack stages such as lateral movement
- Locate the WSUS server and compromise it.
- Enumerate the contents of the WSUS server to determine which machines to target.
- Create a WSUS group.
- Add the target machine to the WSUS group.
- Create a malicious patch.
- Approve the malicious patch for deployment.
- Wait for the client to download the patch.
- Clean up after the patch is downloaded.
Lateral Movement
Lateral Movement is an important phase of the APT life cycle. The Red Teaming Operation will be used in their activity. Red Teamer will use this Lateral Movement for moving some compromised hosts into another compromised host.
The Main Purpose of the Lateral Movement is to ensure that the Bad Guys cannot obtain access to the server.
We managed to notice that We are not even configured under the Administrator group.
Let’s create the payload on the machine
Therefore, we also need to approve the payload
As a result, we can verify the payload where we can see that it’s “Update Info cannot be found”
At last, we can see the “sflowers” user has been added to the Administrators Group
No responses yet