Kieran Jacobsen

Kieran Jacobsen

He/Him. Microsoft MVP and GitKraken Ambassador. šŸŒ Poshsecurity.com. šŸ³ā€šŸŒˆ Gay. šŸ± Cat owner.

MS15-034 Update

I just wanted to let everyone know that over the past few days I updated my MS15-034 code to support HTTPS connections. The work involved was much easier than I expected, so I felt that it was worth including.

Working with HTTPS is pretty simple. I have followed the usual convention and defined the ā€“UseSSL parameter, it should be noted you will need to specify a port with the ā€“Port parameter as well. Typically ā€“Port 443 ā€“UseSSL will perform what you need.

Letā€™s take a look at a few quick examples.

1)    Testing a Windows 2012 server with HTTPS and determining if it is vulnerable:

2)    Invoking the DOS, this time there is a custom port number in use:

One thing to note, the certificate will be validated, so make sure it is trusted/valid etc.

I am still seeing and hearing of this attack occurring, with a significant number of systems still remaining unpatched. I still havenā€™t seen any code examples supporting Remote Code Execution (RCE), but I am sure someone has figured that one out and is keeping it very secret.

You can find the updated code at the GitHub repository MS15034, or download the code as a zip file.

Kieran Jacobsen

Why isn't Remoting Disabled by Default on Windows Server?

Exploiting MS15-034 with PowerShell