https://z3r0s6.github.io/tags/wsus/Recent content in WSUS on z3r0sHugoenSun, 12 Apr 2026 00:00:00 +0000https://z3r0s6.github.io/machines/logging/Sun, 12 Apr 2026 00:00:00 +0000https://z3r0s6.github.io/machines/logging/<h2 id="overview"> Overview <a class="heading-link" href="#overview"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <table> <thead> <tr> <th>Field</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>OS</td> <td>Windows Server 2019</td> </tr> <tr> <td>Difficulty</td> <td>Hard</td> </tr> <tr> <td>IP</td> <td>10.129.X.X</td> </tr> <tr> <td>Domain</td> <td>logging.htb</td> </tr> <tr> <td>DC</td> <td>dc01.logging.htb</td> </tr> </tbody> </table> <p><strong>Attack Chain:</strong> <code>Anonymous SMB → Credentials in Logs → Shadow Credentials (gMSA) → WinRM → DLL Hijack → Domain User Shell → ESC17 (ADCS + WSUS MitM) → SYSTEM</code></p> <hr> <h2 id="1-reconnaissance"> 1. Reconnaissance <a class="heading-link" href="#1-reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="port-scan"> Port Scan <a class="heading-link" href="#port-scan"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <div class="highlight"><pre tabindex="0" style="color:#e6edf3;background-color:#0d1117;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>rustscan -a 10.129.X.X --ulimit <span style="color:#a5d6ff">5000</span> -- -sV </span></span></code></pre></div><p><strong>Key open ports:</strong></p>