MalSCCM is a tool used to deploy malicious applications by abusing local or remote SCCM servers.
Attack Sequence:
- Use locate to discover management server while compromising the client
- Use locate to discover the principal server and compromise the management server
3. Create a new device group for the computers you want to laterally shift to in step
- Add your targets to the new group in step
- Use Inspect on the primary server to see who you can target.
- Make an application that points to a malicious EXE on a share that is accessible to everyone.
- Release the application to the intended audience.
- Make the target audience check in regularly for updates
- Gain…
- Application and deployment cleanup
- Remove the group
Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.