# Scripts

### Windows:

#### WinPeas

[Link](https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS) It shows every detail to identify vulnerability severeness.

#### PowerUp (Deprecated)

[Link](https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp) A bit old but still an incredibly useful script

**Usage**

1. Load Powershell
2. Type `. .\PowerUp.ps1` to load functions
3. Use any function defined in [documentation](https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/README.md)

**Example (Unquoted Service Path Vulnerability | Weak File Permissions)**

1. Run `INVOKE-ALLCHECKS`
2. It will output any identifiable vulnerabilities along with specifications for any abuse functions.
3. Take close attention to the **CanRestart** option that is set to true under **Unquoted Service Path** vulnerability.
4. Users should have write access in one of the folders where the binary path resides (check `whoami /groups` output to see if your user is included in given permission group.
5. The CanRestart option being true, allows us to restart a service on the system, the directory to the application is also write-able. This means we can **replace the legitimate application** with our malicious one, restart the service, which will run our infected program!
   * To restart the service in windows `sc start <service path name>`

#### Windows-Exploit-Suggester

[Link](https://github.com/AonCyberLabs/Windows-Exploit-Suggester) This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

It requires the '`systeminfo`' command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

#### Others

* <https://www.fuzzysecurity.com/tutorials/16.html> (Dictates some very useful commands and methods to enumerate the host and gain intel)
* <https://github.com/411Hall/JAWS> (A general enumeration script)
* [Living off The Land Binaries](https://lolbas-project.github.io/)

***