支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: b06765beb3be3a8374a1c5bba6b70b65ac71316b

来源
https://github.com/QurtiDev/WSUS-CVE-2025-59287-RCE
关联漏洞
标题:Microsoft Windows Server 代码问题漏洞 (CVE-2025-59287)
描述:Microsoft Windows Server是美国微软(Microsoft)公司的一套服务器操作系统。 Microsoft Windows Server存在代码问题漏洞,该漏洞源于攻击者利用该漏洞可以远程执行代码。
描述
This is an exploit script written in C# to aid gaining a reverse shell on targets with Windows Server Update Service(WSUS) CVE-2025-59287. We will deliver a reverse shell payload through encrypted SOAP req.
介绍
# WSUS-CVE-2025-59287-RCE

CVE-2025-59287 is a **critical (CVSS 9.8)** remote code execution vulnerability affecting ALL Microsoft Windows Server Update Services aka (WSUS), and has been exploited in the wild. The vulnerability exploits insecure deserialization in the GetCookie() endpoint, allowing unauthenticated attackers to execute arbitrary code with FULL SYSTEM privileges.

## Usage
This rev shell poc is pretty easy to use! It accepts target URL, attacker IP, and port parameters, then constructs, encrypts, and sends a malicious payload. To intercept the reverse shell, use a listener like netcat, as an example `nc -lvnp 4444`.

1. Compile, you can use https://github.com/mono/mono
2. Start listener; example via netcat: `nc -lvnp 4444`
3. Run executable
4. Follow prompts to input: Target, LIP, LPORT
5. Profit.


## Exploitation workflow
1. **Payload Gen.**: A PowerShell rev shell cmd is generated.
2. **Serialization**: The payload is serialized via [ysoserial.net](https://github.com/pwntester/ysoserial.net) using the `TypeConfuseDelegate` gadget.
3. **Encryption**: The serialized payload is encrypted using AES-128-CBC with a fixed key and randomly gen salt.
4. **Encoding**: The encrypted bytes are base64-encoded.
5. **SOAP Request Construction**: The encoded payload is embedded in a SOAP envelope within the `AuthorizationCookie` field..
6. **Transmission**: The SOAP request is sent to the target's WSUS GetCookie endpoint.
7. **Outcome(Hopefully)**: If everything went well, the server decrypts and deserializes the payload, resulting in remote code execution thus providing a SYSTEM rev shell to us!

# Disclaimer 
Always MAKE SURE YOU HAVE **WRITTEN** authorization before testing exploits like this. Use responsibly and legally!
文件快照

 [4.0K]  /data/pocs/b06765beb3be3a8374a1c5bba6b70b65ac71316b
├── [8.1K]  exploit.cs
├── [1.0K]  LICENSE
└── [1.7K]  README.md

1 directory, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。