mirror of
https://github.com/calebstewart/pwncat.git
synced 2024-11-28 03:14:14 +01:00
Added Windows Update Server enumeration (WSUS)
This commit is contained in:
parent
c6012903d8
commit
360c143004
43
pwncat/modules/windows/enumerate/system/wsus.py
Normal file
43
pwncat/modules/windows/enumerate/system/wsus.py
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
import rich.markup
|
||||||
|
|
||||||
|
from pwncat.db import Fact
|
||||||
|
from pwncat.modules import ModuleFailed
|
||||||
|
from pwncat.modules.windows import Windows, PowershellError
|
||||||
|
from pwncat.modules.enumerate import Schedule, EnumerateModule
|
||||||
|
|
||||||
|
|
||||||
|
class WindowsUpdateServer(Fact):
|
||||||
|
def __init__(self, source: str, server: str):
|
||||||
|
super().__init__(source=source, types=["system.wsus.server"])
|
||||||
|
|
||||||
|
self.server = server
|
||||||
|
|
||||||
|
def is_secure(self) -> bool:
|
||||||
|
"""Check if the given server is secure"""
|
||||||
|
return self.server.startswith("https://")
|
||||||
|
|
||||||
|
def title(self, session):
|
||||||
|
return rich.markup.escape(self.server)
|
||||||
|
|
||||||
|
|
||||||
|
class Module(EnumerateModule):
|
||||||
|
"""Locate all WSUS update servers"""
|
||||||
|
|
||||||
|
PROVIDES = ["system.wsus.server"]
|
||||||
|
PLATFORM = [Windows]
|
||||||
|
SCHEDULE = Schedule.ONCE
|
||||||
|
|
||||||
|
def enumerate(self, session: "pwncat.manager.Session"):
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = session.platform.powershell(
|
||||||
|
"Get-ItemPropertyValue -Path 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate' -Name WUServer"
|
||||||
|
)
|
||||||
|
if not result:
|
||||||
|
return
|
||||||
|
|
||||||
|
yield WindowsUpdateServer(source=self.name, server=result[0])
|
||||||
|
except PowershellError as exc:
|
||||||
|
pass
|
Loading…
Reference in New Issue
Block a user