Jump to content

Recommended Posts

Posted

I wonder if there is someone who has a fake windows updater ...

I wonder what does it take? ports, url?

I'm sorry that I write in English, hehe, it's not so good:)

Posted

It doesn't take much to know how a windows machine receives updates. What you need to have is wireshark running between the computer receiving the updates and the gateway.

I am pretty certain, when a machine connects to a Microsoft server to check for updates, it uses a URL and a port. With wireshark you can find out that answer and the fake your own update server.

Posted

The hard part would be Microsoft signs the updates, can't really fake that without the private key.

Unless there is a way to bypass it, and make it look like its legit.

Posted (edited)

The hard part would be Microsoft signs the updates, can't really fake that without the private key.

I beleive Didier Stevens has made something that makes any program look legit, by cloning the Certificate of a known windows update from the existing system. If I recall, Dave Kennedy has imported this tool into SET, so when using a meterpreter shell, he can send over an executable that looks like its been signed by Microsoft by stealing its credentials from one of the existing windows update on the victims system. If I can find the video, I'll link it here.

NOTE: I don't know that he has released the code publicly though, and for demo purposes is only in his personal version of SET when he gives talks.

Found it:

Edited by digip

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...