1/4/2023 0 Comments Windows exploit suggester![]() ![]() MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) - Critical MS13-071: Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063) - Important #Windows exploit suggester update#MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) - Critical MS13-097: Cumulative Security Update for Internet Explorer (2898785) - Critical MS14-002: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368) - Important MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) - Important NET Framework Could Allow Elevation of Privilege (2916607) - Important MS14-012: Cumulative Security Update for Internet Explorer (2925418) - Critical windows version identified as 'Windows XP SP3 32-bit' exploitdb PoC, Metasploit module, missing bulletin comparing the 41 hotfix(es) against the 308 potential bulletins(s) with a database of 137 known exploits querying database file for potential vulnerabilities systeminfo input file read successfully (ascii) attempting to read from the systeminfo input file database file detected as xls or xlsx based on extension windows-exploit-suggester.py -database -mssb.xls -systeminfo /root/sandbox/sys_info_xp.txt Ok now, now transfer the output of systeminfo to your Kali machine and run the exploit suggester with it. ![]() Git clone it to your Kali machine, then update the XLS database of patches. In this post we’ll make use of the GDSSecurity tool, though WES-NG works as well. Thanks for this great tool which has served many of us for so many years! ![]() The Microsoft Security Bulletin Data Excel file has not been updated since Q1 2017, so later operating systems and vulnerabilities cannot be detected. Fortunately, there’s an alternative but unlike this tool it does not differentiate between those in Metasploit and those publicly available with the key distinction of prepping for OSCP :p Unfortunately for us, this tool has not been updated since Q1 2017 since it relies on the Microsoft Security Bulletin Data Excel file which was also last updated then. Which spits out all the patches applied then it searches output.txt and compares with its database to find those not applied but applicable to the OS installed. The script which automates this simply requires us to run systeminfo > output.txt I learned much from this nifty guide written by Srinivas but near the part on publicly available exploits I was curious if this process could be automated with tools instead of having to search for exploits with Google and cross-checking with wmic qfe get | findstr "KB*" to see if these are exploitable. How do we search for them, run them if they are written in Python if Python is not available on our target? And how do we do all these outside Metasploit? But like Linux, which has Linux Privilege Checker to suggest kernel exploits, there’s also one for Windows. Typically after gaining an admin (but not SYSTEM) shell on Windows boxes, we would elevate privileges with Meterpreter’s getsystem. I came across a semi-automated Windows Exploit Suggester. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |