rasta-mouse / watson Goto Github PK

View Code? Open in Web Editor NEW

1.5K 55.0 259.0 221 KB

Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities

License: GNU General Public License v3.0

C# 100.00%

watson's Introduction

Watson

Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.

Supported Versions

Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004
Server 2016 & 2019

Usage

C:\> Watson.exe
  __    __      _
 / / /\ \ \__ _| |_ ___  ___  _ __
 \ \/  \/ / _` | __/ __|/ _ \| '_ \
  \  /\  / (_| | |_\__ \ (_) | | | |
   \/  \/ \__,_|\__|___/\___/|_| |_|

                           v2.0

                   @_RastaMouse

 [*] OS Build Number: 14393
 [*] Enumerating installed KBs...

 [!] CVE-2019-0836 : VULNERABLE
  [>] https://exploit-db.com/exploits/46718
  [>] https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/

 [!] CVE-2019-0841 : VULNERABLE
  [>] https://github.com/rogue-kdc/CVE-2019-0841
  [>] https://rastamouse.me/tags/cve-2019-0841/

 [!] CVE-2019-1064 : VULNERABLE
  [>] https://www.rythmstick.net/posts/cve-2019-1064/

 [!] CVE-2019-1130 : VULNERABLE
  [>] https://github.com/S3cur3Th1sSh1t/SharpByeBear

 [!] CVE-2019-1253 : VULNERABLE
  [>] https://github.com/padovah4ck/CVE-2019-1253

 [!] CVE-2019-1315 : VULNERABLE
  [>] https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html

 [*] Finished. Found 6 potential vulnerabilities.

Issues

I try to update Watson after every Patch Tuesday, but for potential false positives check the latest supersedence information in the Windows Update Catalog. If you still think there's an error, raise an Issue with the Bug label.
If there's a particular vulnerability that you want to see in Watson that's not already included, raise an Issue with the Vulnerability Request label and include the CVE number.
If you know of a good exploit for any of the vulnerabilities in Watson, raise an Issue with the Exploit Suggestion label and provide a URL to the exploit.

watson's People

Contributors

Stargazers

Watchers

Forkers

gavz kartikeyap orf53975 w00t3k mark-s m00zh33 iaji modulexcite topotam theotherside ohio813 raystyle jamesshew shadowliangliang jsmit260 slooppe dannymas thered dipsec attackgithub sasqwatch mthq a-min3 zweed4u aarandomhacker bajaguy hookeyao thewover kabugijohn vincentdthe i0ner0us ketlerd a1kaid kurtace72 shantanu561993 2xyo beerandgin hubrisnxs jack51706 malyshusness i-liberty rvrsh3ll rcoil purpleatm rv0p111 websitemobil slattanzi farmert3d jeffrandell c0010 davidducan9900 mmg1 bk1337 yuhisern7 updates2023 imulmul dawnadvent atropineal an4kein youda313 mrr3boot argal42 stormfleet mlynchcogent avi8892 toa7r souhaiboudiouf angelgzs sts0mrg0 killvxk arryboom michaelmancuso 4869aptx eln1x sp00ks-git t0mcat3r itfenom nvijatov lager1 darck0de securux bcp-infosec-repo nasa03 quinn-yan 5l1v3r1 timmytr1ll lethanhtung01011980 testmail123456 rajivraj v-leonidovich 5xshanks cyrilmia digitalarche jakuta-tech rahulshah9713 abuba42 v4nyl ikszero invokethreatguy d3thman

watson's Issues

Vulnerability Request / Exploit Suggestion

CVE-2020-0683 is a pretty reliable EOP vulnerability which should be mentioned.

The original POC Code is here https://github.com/padovah4ck/CVE-2020-0683, i weaponized this one as powershell script:
https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/PowershellScripts/cve-2020-0683.ps1

CVE-2020-0668 could also be added, there are POC Exploits as well.
https://github.com/itm4n/SysTracingPoc

Greetings

Missing DLL on win <= 6.3.9600

The execution of Watson.exe without any argument shows an error suggesting missing files:

PS C:\> .\Watson.Exe
  __    __      _
 / / /\ \ \__ _| |_ ___  ___  _ __
 \ \/  \/ / _` | __/ __|/ _ \| '_ \
  \  /\  / (_| | |_\__ \ (_) | | | |
   \/  \/ \__,_|\__|___/\___/|_| |_|

                           v0.1

                  Sherlock sucks...
                   @_RastaMouse

 [*] OS Build number: 7601
 [*] CPU Address Width: 64
 [*] Process IntPtr Size: 8
 [*] Using Windows path: C:\WINDOWS\System32

 [*] Finished. Sorry, found 0 vulns :(
ERROR> C:\WINDOWS\System32\win32kfull.sys
ERROR> C:\WINDOWS\System32\gdiplus.dll
ERROR> C:\WINDOWS\System32\coremessaging.dll

Actually, this files are missing on this system.

Tested on Windows 7 SP1 64 bits (6.1.7601):

ERROR> C:\WINDOWS\System32\win32kfull.sys
ERROR> C:\WINDOWS\System32\gdiplus.dll
ERROR> C:\WINDOWS\System32\coremessaging.dll

Tested on Windows Server 2012 R2 Standard 64 bits (6.3.9600):

ERROR> C:\WINDOWS\System32\win32kfull.sys
ERROR> C:\WINDOWS\System32\pcadm.dll
ERROR> C:\WINDOWS\System32\coremessaging.dll

(Note: the second lines are different.)

Work great on Windows 10 64 bits up-to-date.

Do you confirm that Watson only work on Win10+ and Win2016+?

Where can I download older version of Watson?

Hi,
Where can I download older version of Watson? I would like to use Watson v0.1

keyNotFoundException issue

C:\Users\dadp0\Desktop\AV Evasion projects\Watson-master\Watson\bin\Debug>Watson.exe
  __    __      _
 / / /\ \ \__ _| |_ ___  ___  _ __
 \ \/  \/ / _` | __/ __|/ _ \| '_ \
  \  /\  / (_| | |_\__ \ (_) | | | |
   \/  \/ \__,_|\__|___/\___/|_| |_|

                           v2.0

                   @_RastaMouse


Unhandled Exception: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
   at System.ThrowHelper.ThrowKeyNotFoundException()
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Watson.Program.Main(String[] args) in C:\Users\dadp0\Desktop\AV Evasion projects\Watson-master\Watson\Program.cs:line 25

Add another exploit for CVE-2019-1253

I have an alternative and simpler exploit for CVE-2019-1253 available here which gives Full Control over the target file.

Incorrect logic check for vulnerable OS

Hi, the following code marks a patched OS as vulnerable and a vulnerable one as patched.

... 
if (supersedence.Intersect(installedKBs).Any())
{
     vulnerabilities.SetAsVulnerable(name);
}
...

The supersedence stores a list of known KBs for a particular CVE. The installedKBs stores a list of KBs extracted from the target machine. Since we are enumerating for missing KBs, if none of installedKBs is presented in supersedence, the OS is considered as vulnerable. I think the correct one is:

...
if (!supersedence.Intersect(installedKBs).Any())
...

Bests.

Can't Run on System with only .Net 2.0

I've been unable to build this to run on a system with .net 2.0. Is it possible to build to run on older .NET frameworks?

Exception Unhandled

I'm running into the below error and I'm not sure why. This is freshly downloaded. Watson worked for me before, I reinstalled/reformatted Windows, and now it will not run.

System.Collections.Generic.KeyNotFoundException
HResult=0x80131577
Message=The given key was not present in the dictionary.
Source=mscorlib
StackTrace:
at System.ThrowHelper.ThrowKeyNotFoundException()
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Watson.Program.Main(String[] args) in C:\Users\****\Source\Repos\Watson\Watson\Program.cs:line 25

Thanks

Unable to Build Solution (.NET Framework 2.0)

I was following 0xdf's guide on HackTheBox Bounty machine, found here.

According to him, Watson wouldn’t compile for .NET Framework 2.0, until it got updated and it worked for him.

However, based on his screenshot (of 1 error code), I am facing the same issue (except that I have 10 errors + 23 warnings):

I am getting the same number of errors + 18 warnings when compiling for .NET Framework 3.0:

It compiles perfectly fine for .NET Framework 3.5:

I have not tried compiling for higher versions of .NET Framework after 3.5.

I am using a Windows 7 Enterprise machine on VirtualBox, with Microsoft Visual Studio Community 2015 installed.

Sorry if this is the wrong place to ask but I have no idea where else to enquire.

Thank you so much for your time!