enumeration auto

Path fix

set PATH=C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;%PATH%

Get-ExecutionPolicy -List
Set-ExecutionPolicy Unrestricted

Check Arch, Process, Release ID

get OS info from version

PS> [system.environment]::Is64BitOperatingSystem
PS> [system.environment]::Is64BitProcess
> echo %PROCESSOR_ARCHITECTURE%

PS > Get-ComputerInfo | select WindowsProductName, WindowsVersion, OsHardwareAbstractionLayer
PS> (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
PS> (Get-WmiObject -class Win32_OperatingSystem).Caption
PS> [System.Environment]::OSVersion.Version

PowerUp.ps1 | Sherlock.ps1 | JAWS.ps1 | enjoiz-privesc.ps1

# located at /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1

> powershell.exe -exec bypass -Command "& {Import-Module .\PowerUp.ps1; Invoke-AllChecks -Format List}"
[OR]
PS> . .\PowerUp.ps1
PS> Invoke-AllChecks -Format List

winPEAS | Seatbelt | SharpUp

# need .NET 4.0
# cmd check
> dir /b %windir%\Microsoft.NET\Framework\v*
> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
> reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s

# check for .NET using PS
PS> cmd.exe /c dir /b %windir%\Microsoft.NET\Framework\v*
PS> Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version

winPEASany.exe quiet [cmd fast] [flag]
# systeminfo; userinfo; processinfo;
# servicesinfo; applicationsinfo; networkinfo;
# windowscreds; browserinfo; filesinfo; eventsinfo

windows-exploit-suggester | wes-ng

# needs python2
# copy .
# FIX: python2 -m pip install 'xlrd==1.2.0'

./windows-exploit-s.py --update
./windows-exploit-s.py -d <DB-FILE> -i <SYSTEMINFO.txt> [--hotfixes <>]

# if cannot get hotfixes using systeminfo
wmic qfe list full

python3 /opt/wesng/wes.py sys.txt --update
python3 /opt/wesng/wes.py systeminfo.txt [--exploits-only] -o wes.csv
# --impact | -i "Remote Code Execution" | "Elevation of Privilege"
# --severity critical

GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合GitHub

Previouswindows-enumeration Nextenumeration manual

Last updated 4 years ago

Was this helpful?