No description, website, or topics provided.
Clone or download
rasta-mouse Merge pull request #4 from mark-s/master
Fixed: Can't Run on System with only .Net 2.0 [Issue 3]
Latest commit 486ff20 Oct 27, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Watson Fixed: Can't Run on System with only .Net 2.0 [Issue 3] Oct 27, 2018
.gitattributes Initial commit Oct 8, 2018
.gitignore Initial commit Oct 8, 2018
LICENSE Initial commit Oct 8, 2018
README.md Initial commit Oct 8, 2018
Watson.sln Initial commit Oct 8, 2018

README.md

Watson

Watson is a (.NET 2.0 compliant) C# implementation of Sherlock.

Basic Usage

Ensure you use the correct .NET Framework version for your target system, as described here.

Run the exe from disk or via the execute-assembly functionality within Cobalt Strike, SILENTTRINITY etc.

beacon> execute-assembly C:\Users\Rasta\source\repos\Watson\Watson\bin\Debug\Watson.exe
[*] Tasked beacon to run .NET program: Watson.exe
[+] host called home, sent: 135211 bytes
[+] received output:
  __    __      _                   
 / / /\ \ \__ _| |_ ___  ___  _ __  
 \ \/  \/ / _` | __/ __|/ _ \| '_ \ 
  \  /\  / (_| | |_\__ \ (_) | | | |
   \/  \/ \__,_|\__|___/\___/|_| |_|
                                   
                           v0.1    
                                   
                  Sherlock sucks...
                   @_RastaMouse

 [*] OS Build number: 14393
 [*] CPU Address Width: 64
 [*] Processs IntPtr Size: 8
 [*] Using Windows path: C:\WINDOWS\System32

  [*] Appears vulnerable to CVE-2018-8897
   [>] Description: An EoP exists when the Windows kernel fails to properly handle objects in memory.
   [>] Exploit: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/mov_ss.rb
   [>] Notes: May not work on all hypervisors.

  [*] Appears vulnerable to CVE-2018-0952
   [>] Description: An EoP exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations. 
   [>] Exploit: https://www.exploit-db.com/exploits/45244/
   [>] Notes: None

  [*] Appears vulnerable to CVE-2018-8440
   [>] Description: An EoP exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
   [>] Exploit: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/alpc_taskscheduler.rb
   [>] Notes: None.

 [*] Finished. Found 3 vulns :)

Contributions

I'm always on the look-out for new priv esc vulnerabilities to include.

If you don't feel comfortable or confident submitting a PR yourself, feel free to drop a GitHub issue and tag it as a vulnerability request.