Winsploit - Windows Exploit Sugester v3.2.

Winsploit – Windows Exploit Sugester v3.2.

Changelog v3.2:
+ adding new bulletin;
— MS16-075 : Windows: Local WebDAV NTLM Reflection Elevation
— MS16-074 : Windows – gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure.
— MS16-063 : Internet Explorer 11 – Garbage Collector Attribute Type Confusion.
— MS16-042 : Microsoft Office Excel Out-of-Bounds Read Remote Code Execution.
— MS16-059 : Microsoft Windows Media Center – .MCL File Processing Remote Code Execution.
— MS16-032 :
–+ Secondary Logon Handle Privilege Escalation, MSF
–+ Microsoft Windows 8.1/10 – Secondary Logon Standard Handles Missing Sanitization Privilege Escalation.
–+ Microsoft Windows 7-10 & Server 2008-2012 (x32/x64) – Local Privilege Escalation.
–+ Microsoft Windows 7-10 & Server 2008-2012 (x32/x64) – Local Privilege Escalation.
— MS16-014 : Windows 7 SP1 x86 – Privilege Escalation.
— MS16-007 : Microsoft Windows devenum.dll!DeviceMoniker::Load() – Heap Corruption Buffer Underflow.

winsploit v3.2

winsploit v3.2

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
It requires the ‘systeminfo’ command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

It has the ability to automatically download the security bulletin database from Microsoft with the –update flag, and saves it as an Excel spreadsheet.helper-windows-exploit-suggester

When looking at the command output, it is important to note that it assumes all vulnerabilities and then selectively removes them based upon the hotfix data. This can result in many false-positives, and it is key to know what software is actually running on the target host. For example, if there are known IIS exploits it will flag them even if IIS is not running on the target host.
The output shows either public exploits (E), or Metasploit modules (M) as indicated by the character value.


Source: | Our Post Before