Tools ⚙️
Theory
On this page, we'll look at some automated tools we can use to enumerate privilege escalation vectors. These tools can be very useful because of their efficiency, speed and complete coverage. However, using such tools can significantly reduce our OpSec as it can be a very noisy process.
Practice
winPEAS (Windows Privilege Escalation Awesome Scripts) is a powerful and widely used privilege escalation tool to identify security weaknesses and privilege escalation vectors within Windows environments.
# Executables
.\winPEASx64.exe
.\winPEASx86.exe
# Powershell
Import-Module .\winPEAS.ps1
Start-ACLCheckPowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
Import-Module .\PowerUp.ps1
Invoke-AllChecksJAWS is a PowerShell script designed to quickly identify potential privilege escalation vectors on Windows systems.
.\jaws-enum.ps1 -OutputFileName Jaws-Enum.txtSeatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
.\Seatbelt.exe -group=allWatson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
.\WatsonNet3.5AnyCPU.exeSherlock is a PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
Import-Module .\Sherlock.ps1
Find-AllVulnsLast updated
Was this helpful?