MalSCCM

You are currently viewing MalSCCM

MalSCCM is a tool used to deploy malicious applications by abusing local or remote SCCM servers.

Attack Sequence:

  1. Use locate to discover management server while compromising the client
  2. Use locate to discover the principal server and compromise the management server

3. Create a new device group for the computers you want to laterally shift to in step

  1. Add your targets to the new group in step
  2. Use Inspect on the primary server to see who you can target.
  3. Make an application that points to a malicious EXE on a share that is accessible to everyone.
  4. Release the application to the intended audience.
  5. Make the target audience check in regularly for updates
  6. Gain…
  7. Application and deployment cleanup
  8. Remove the group

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.

Leave a Reply