Scripts

Windows:

WinPeas

Link It shows every detail to identify vulnerability severeness.

PowerUp (Deprecated)

Link A bit old but still an incredibly useful script

Usage

Load Powershell
Type . .\PowerUp.ps1 to load functions
Use any function defined in documentation

Example (Unquoted Service Path Vulnerability | Weak File Permissions)

Run INVOKE-ALLCHECKS
It will output any identifiable vulnerabilities along with specifications for any abuse functions.
Take close attention to the CanRestart option that is set to true under Unquoted Service Path vulnerability.
Users should have write access in one of the folders where the binary path resides (check whoami /groups output to see if your user is included in given permission group.
The CanRestart option being true, allows us to restart a service on the system, the directory to the application is also write-able. This means we can replace the legitimate application with our malicious one, restart the service, which will run our infected program!
- To restart the service in windows sc start <service path name>

Windows-Exploit-Suggester

Link This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

It requires the 'systeminfo' command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

Others

https://www.fuzzysecurity.com/tutorials/16.html (Dictates some very useful commands and methods to enumerate the host and gain intel)
https://github.com/411Hall/JAWS (A general enumeration script)
Living off The Land Binaries

PreviousPermission NextUnquoted Service Path

Last updated 1 year ago