Windows-Exploit-Suggester
https://github.com/GDSSecurity/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
SessionGopher
https://github.com/fireeye/SessionGopher/blob/master/SessionGopher.ps1
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
windows-privesc-check
https://github.com/pentestmonkey/windows-privesc-check
Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
Sherlock
https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1
PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
Windows Privesc Check - Powershell
https://github.com/silentsignal/wpc-ps
After trying to fix the code of the original Windows Privesc Check tool and crying rivers of blood I decided to look for a more appropriate tool for the task. This is an experiment to implement similar functionality in Powershell, that is available by default in every Windows installation since Windows 7/Server 2008 R2.
PowerUp
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
Metasploit Windows Gather Applied Patches
post/windows/gather/enum_patches
This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering
Metasploit Local Exploit Suggester
post/multi/recon/local_exploit_suggester
This module suggests local meterpreter exploits that can be used. The exploits are suggested based on the architecture and platform that the user has a shell opened as well as the available exploits in meterpreter. It's important to note that not all local exploits will be fired. Exploits are chosen based on these conditions: session type, platform, architecture, and required default options.
BeRoot
https://github.com/AlessandroZ/BeRoot
BeRoot(s) is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege.
Tutorials
https://www.insomniasec.com/downloads/publications/WindowsPrivEsc.ppt
http://toshellandback.com/2015/11/24/ms-priv-esc/
http://www.toshellandback.com/2015/08/30/gpp/
http://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679
http://pwnwiki.io/#!privesc/windows/index.md
https://sec.mn/Archive/2016/April-Windows_Priv_Esc.pdf
http://www.fuzzysecurity.com/tutorials/16.html
https://github.com/GDSSecurity/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
SessionGopher
https://github.com/fireeye/SessionGopher/blob/master/SessionGopher.ps1
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
windows-privesc-check
https://github.com/pentestmonkey/windows-privesc-check
Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
Sherlock
https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1
PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
Windows Privesc Check - Powershell
https://github.com/silentsignal/wpc-ps
After trying to fix the code of the original Windows Privesc Check tool and crying rivers of blood I decided to look for a more appropriate tool for the task. This is an experiment to implement similar functionality in Powershell, that is available by default in every Windows installation since Windows 7/Server 2008 R2.
PowerUp
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
Metasploit Windows Gather Applied Patches
post/windows/gather/enum_patches
This module will attempt to enumerate which patches are applied to a windows system based on the result of the WMI query: SELECT HotFixID FROM Win32_QuickFixEngineering
Metasploit Local Exploit Suggester
post/multi/recon/local_exploit_suggester
This module suggests local meterpreter exploits that can be used. The exploits are suggested based on the architecture and platform that the user has a shell opened as well as the available exploits in meterpreter. It's important to note that not all local exploits will be fired. Exploits are chosen based on these conditions: session type, platform, architecture, and required default options.
BeRoot
https://github.com/AlessandroZ/BeRoot
BeRoot(s) is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege.
Tutorials
https://www.insomniasec.com/downloads/publications/WindowsPrivEsc.ppt
http://toshellandback.com/2015/11/24/ms-priv-esc/
http://www.toshellandback.com/2015/08/30/gpp/
http://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679
http://pwnwiki.io/#!privesc/windows/index.md
https://sec.mn/Archive/2016/April-Windows_Priv_Esc.pdf
http://www.fuzzysecurity.com/tutorials/16.html
Tidak ada komentar:
Posting Komentar