I just wanted to let everyone know that over the past few days I updated my MS15-034 code to support HTTPS connections. The work involved was much easier than I expected, so I felt that it was worth including.

Working with HTTPS is pretty simple. I have followed the usual convention and defined the –UseSSL parameter, it should be noted you will need to specify a port with the –Port parameter as well. Typically –Port 443 –UseSSL will perform what you need.

Let’s take a look at a few quick examples.

1) Testing a Windows 2012 server with HTTPS and determining if it is vulnerable:

2) Invoking the DOS, this time there is a custom port number in use:

One thing to note, the certificate will be validated, so make sure it is trusted/valid etc.

I am still seeing and hearing of this attack occurring, with a significant number of systems still remaining unpatched. I still haven’t seen any code examples supporting Remote Code Execution (RCE), but I am sure someone has figured that one out and is keeping it very secret.

You can find the updated code at the GitHub repository MS15034, or download the code as a zip file.

Kieran Jacobsen

Kieran Jacobsen

Apr 27 MS15-034 Update

May 19 Why isn't Remoting Disabled by Default on Windows Server?

Apr 21 Exploiting MS15-034 with PowerShell

Related Posts

Jan 30 Jan 30 Mitigating IE Zero-Day (CVE-2020-0674/ADV200001) with PowerShell and Intune

Apr 20 Apr 20 Exploiting MS15-034 with PowerShell

May 19 May 19 Why isn't Remoting Disabled by Default on Windows Server?

Jan 30
Jan 30 Mitigating IE Zero-Day (CVE-2020-0674/ADV200001) with PowerShell and Intune

Apr 20
Apr 20 Exploiting MS15-034 with PowerShell

May 19
May 19 Why isn't Remoting Disabled by Default on Windows Server?