OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Github
  • Updating the database
  • Getting system information
  • Running WES to check for any known vulnerabilities
  • WMI hotfix
  1. windows post exploitation

Windows Exploit Suggester

  • There’s a Windows version of Linux Exploit Suggester called, as you might expect, Windows Exploit Suggester. This is a tool for identifying missing patches on the Windows target which may indicate possible vulnerabilities. The tool takes the output from the ‘systeminfo’ command and compares the target’s patch levels (hotfixes installed) against the latest version of the Microsoft vulnerability database (the vulnerability database is automatically downloaded and stored as an Excel spreadsheet). Based on this comparison the tool suggests possible public exploits (marked with an E) and Metasploit modules (marked with an M) that may work against the unpatched system.

Github

git clone https://github.com/GDSSecurity/Windows-Exploit-Suggester.git

Updating the database

python windows-exploit-suggester.py --update

Getting system information

Run following command in target window and save the output in text file,

CMD> systeminfo

Running WES to check for any known vulnerabilities 

python windows-exploit-suggester.py --database 2018-02-08-mssb.xls --systeminfo sysinfo.txt

WMI hotfix

If you’re unable to read the hotfixes installed from the ‘systeminfo’ command then you can also try using the WMI command-line (WMIC) utility. Run the following command on the target Windows host to retrieve a list of installed hotfixes:

wmic qfe list full

store it as hotfixes.txt and run window exploit suggester 

python windows-exploit-suggester.py --database 2018-02-08-mssb.xls --systeminfo sysinfo.txt -- hotfixes hotfixes.txt

Note: In March 2017 Microsoft stopped maintaining the security bulletin search. This means the Windows Exploit Suggester database will not include any vulnerabilities or exploits found after that date. However, this tool can still be very useful for older systems. It is also possible, with some considerable effort, to create your own spreadsheet reflecting more recent vulnerabilities. These spreadsheets can be exported with Microsoft Security Guidance, including update replacement information from the API, it's still possible to create a recent vulnerability spreadsheet with some efforts.

PreviousAutomated enumeration scriptNextGeneral

Last updated 3 years ago