CVE_Compare: A Windows Vulnerability Scanning Tool

Due to the lack of Windows vulnerability scanners for penetration testing, I decided to create my own.

CVE_Compare scans software in Windows and compares against the NIST Vulnerability Database (NVD) to identify present vulnerabilities. It also includes an optional scan for missing Microsoft hotfixes and patches.

You can find CVE_Compare here.

The tool works as follows:

• It runs a scan for all installed packages in a Windows device; be it Windows 7, Windows 8 embedded, Windows 10, etc.
• It downloads CVE data from NVD.
• It performs a comparison, matching CVEs to installed software.
• It outputs the result to the console and to a text file.
• It offers the option to run a scan for missing Microsoft hotfixes/patches.

The neat thing about this tool is that it has Python and PowerShell (PS1) components. This means that if you are testing a remote device, you can run the PS1 script in the device, and then perform the analysis in your host.

More functionality and capabilities will be added in the future. Enjoy!

 

 

OSCP: Done with the course, Unto the Labs

Two days ago, I completed the PWK course along with the proper reporting of the challenges. The course was a nice introduction to what it takes to perform a penetration test, and it served as a good base to build on with the experience in the labs.

I started the OSCP labs yesterday. I have put in around four hours so far, and I have been able to root three machines already. I am close to rooting another two, having already compromised them, and I plan on “dealing the killing blow” later today. I actually started off by performing a network-wide intelligence-gathering effort. This expedites my attacks going forward, as I have a good information base with which to proceed.

My plan going into the labs is as follows:

• Write the report as I go along
• Pick the low hanging fruit first
• Take a break whenever I feel a machine is “too hard”
• Avoid using Metasploit
• Build/execute attack tools/exploits that I can reuse
• Identify the attack vectors and determine which is best, before compromising the system; the best being a balance between reliability, speed, and efficiency
• Have fun; take a break when things don’t feel very fun anymore

I will keep you updated on my progress.

OSCP: 80% Done with the PWK Course

I’m currently 80% done with the “Penetration Testing with Kali Linux (PWK)” course that comes as part of the OSCP certification.

Here are my thoughts so far:

• While I already knew everything that I’ve covered so far, the reporting process has made me gain a deeper understanding of the techniques I use – which is a great plus.
• Automation is awesome – I already knew this, but I have written scripts to take care of many enumeration tasks and attacks that are necessary yet repetitive.
• I have become more proficient at file transfers that don’t get tripped by Anti Viruses and firewalls.
• I have become more proficient at web application attack techniques and processes – such as leveraging local file inclusion vulnerabilities, code execution, uploading files and getting a shell.
• I have written some very handy privilege escalation shell-related scripts thanks to being encouraged to look for more ways to exploit the systems.
• I have been able to exercise my Powershell skills in order to compromise systems – which are a set of very handy skills to have.

I will very likely start attacking the lab machines next week, and I’m extremely excited about it.

 

Side-Notes:

• I have uploaded some of my “everyday” Python scripts to my Github account. Check them out. The recent additions include: key loggers, screen grabbers, format conversion scripts, and more.
• I encourage everyone to follow me on Twitter. I constantly post interest research papers and PoCs which you might be interested in.

 

Until next time.

Index

This is a sticky post. Below you can find links to all of my write-ups.

Return Oriented Programming Series

• Introduction
• Setup
• CTF and Wargames
• Real-World Exploits

Web Exploitation

• Google XSS Game
• OWASP WebGoat 1.2
• Realistic – Hack This Site

Binary Exploitation

• Narnia – Over The Wire
• Behemoth – Over the Wire 
• Microcorruption
• Toddler’s Bottle – Pwnable.kr
• Rookiss – Pwnable.kr
• Pwnable.tw

Reverse Engineering

• Reversing.kr
• Reverse Engineering Firmware: Linksys WRT1900AC
• Softbank Pepper: A short robot overview

Capture the Flags

• EkoParty CTF 2016
• PicoCTF 2014
• Game of Thrones CTF 1

General Network Exploitation

• Kioptrix (1-5)
• Tr0ll (1-2)
• SickOS (1.1-1.2)

Offensive Security Certified Professional (OSCP) Journey

• OSCP: Preparation for the OSCP & My Experience So Far
• OSCP: 80% Done with the PWK Course
• OSCP: Done with the course, Unto the Labs
• OSCP: Nine Days In, 21 Machines Rooted
• OSCP: Officially OSCP Certified

Programs:

• Tuoni Web Attacking Program
• Cryptan Cryptography Suite
• PreEx Intelligence Gathering Program
• CVE_Compare Windows Vulnerability Scanning Tool

 

I will keep updating this post, adding more links as I add more write-ups.