adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
metasploit-gs/documentation/modules/post/windows/gather/enum_patches.md
T
h00die 9e1bc8afae doc updates
2020-01-16 08:48:31 -05:00

65 lines
2.2 KiB
Markdown
Raw Blame History

## Vulnerable Application
This module will attempt to enumerate which patches are applied to a
windows system based on the result of the WMI query: `SELECT HotFixID FROM Win32_QuickFixEngineering`.
## Verification Steps
1. Start msfconsole
2. Get meterpreter session
3. Do: ```use post/windows/gather/enum_patches```
4. Do: ```set SESSION <session id>```
5. Do: ```run```
## Options
**KB**
A comma separated list of KB patches to search for. Default is: `KB2871997, KB2928120`
**MSFLOCALS**
Search for missing patches for which there is a MSF local module. Default is `true`.
**SESSION**
The session to run this module on.
## Scenarios
### Windows 7 (6.1 Build 7601, Service Pack 1).
```
[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.10:49223) at 2019-12-14 08:37:46 -0700
msf > use post/windows/gather/enum_patches
msf post(windows/gather/enum_patches) > set SESSION 1
SESSION => 1
msf post(windows/gather/enum_patches) > run
[-] Known bug in WMI query, try migrating to another process
[*] Post module execution completed
msf post(windows/gather/enum_patches) > sessions 1
[*] Starting interaction with 1...
meterpreter > run post/windows/manage/migrate
[*] Running module against TEST-PC
[*] Current server process: Explorer.EXE (1908)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3992
[+] Successfully migrated to process 3992
meterpreter > background
[*] Backgrounding session 1...
msf post(windows/gather/enum_patches) > run
[+] KB2871997 is missing
[+] KB2928120 is missing
[+] KB977165 - Possibly vulnerable to MS10-015 kitrap0d if Windows 2K SP4 - Windows 7 (x86)
[+] KB2305420 - Possibly vulnerable to MS10-092 schelevator if Vista, 7, and 2008
[+] KB2592799 - Possibly vulnerable to MS11-080 afdjoinleaf if XP SP2/SP3 Win 2k3 SP2
[+] KB2778930 - Possibly vulnerable to MS13-005 hwnd_broadcast, elevates from Low to Medium integrity
[+] KB2850851 - Possibly vulnerable to MS13-053 schlamperei if x86 Win7 SP0/SP1
[+] KB2870008 - Possibly vulnerable to MS13-081 track_popup_menu if x86 Windows 7 SP0/SP1
[*] Post module execution completed
```
Reference in New Issue View Git Blame Copy Permalink