Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated Privesc README.md and .psd1 to reflect the new PowerUp function names.

This commit is contained in:
Harmj0y 2016-06-02 02:14:38 -04:00
parent 3c209ee6b3
commit 8083c1e1bb
2 changed files with 42 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Privesc/Privesc.psd1
View File

@ -10,7 +10,7 @@ ModuleVersion = '3.0.0.0'
GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56' GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'
# Author of this module # Author of this module
Author = 'Will Schroder' Author = 'Will Schroeder'
# Copyright statement for this module # Copyright statement for this module
Copyright = 'BSD 3-Clause' Copyright = 'BSD 3-Clause'
@ -23,28 +23,32 @@ PowerShellVersion = '2.0'
# Functions to export from this module # Functions to export from this module
FunctionsToExport = @( FunctionsToExport = @(
'Find-DLLHijack', 'Add-ServiceDacl',
'Find-PathHijack', 'Find-PathHijack',
'Find-ProcessDLLHijack',
'Get-ApplicationHost', 'Get-ApplicationHost',
'Get-RegAlwaysInstallElevated', 'Get-ModifiablePath',
'Get-RegAutoLogon', 'Get-ModifiableScheduledTaskFile',
'Get-ModifiableService',
'Get-ModifiableServiceFile',
'Get-RegistryAlwaysInstallElevated',
'Get-RegistryAutoLogon',
'Get-RegistryAutoRun',
'Get-ServiceDetail', 'Get-ServiceDetail',
'Get-ServiceFilePermission',
'Get-ServicePermission',
'Get-ServiceUnquoted', 'Get-ServiceUnquoted',
'Get-SiteListPassword',
'Get-System',
'Get-UnattendedInstallFile', 'Get-UnattendedInstallFile',
'Get-VulnAutoRun',
'Get-VulnSchTask',
'Get-Webconfig', 'Get-Webconfig',
'Install-ServiceBinary', 'Install-ServiceBinary',
'Invoke-AllChecks', 'Invoke-AllChecks',
'Invoke-ServiceAbuse', 'Invoke-ServiceAbuse',
'Restore-ServiceBinary', 'Restore-ServiceBinary',
'Set-ServiceBinPath',
'Test-ServiceDaclPermission',
'Write-HijackDll', 'Write-HijackDll',
'Write-ServiceBinary', 'Write-ServiceBinary',
'Write-UserAddMSI', 'Write-UserAddMSI'
'Get-SiteListPassword',
'Get-System'
) )
# List of all files packaged with this module # List of all files packaged with this module

24
Privesc/README.md
View File

@ -29,8 +29,8 @@ Optional Dependencies: None
### Service Enumeration: ### Service Enumeration:
Get-ServiceUnquoted - returns services with unquoted paths that also have a space in the name Get-ServiceUnquoted - returns services with unquoted paths that also have a space in the name
Get-ServiceFilePermission - returns services where the current user can write to the service binary path or its config Get-ModifiableServiceFile - returns services where the current user can write to the service binary path or its config
Get-ServicePermission - returns services the current user can modify Get-ModifiableService - returns services the current user can modify
Get-ServiceDetail - returns detailed information about a specified service Get-ServiceDetail - returns detailed information about a specified service
### Service Abuse: ### Service Abuse:
@ -40,20 +40,26 @@ Optional Dependencies: None
Restore-ServiceBinary - restores a replaced service binary with the original executable Restore-ServiceBinary - restores a replaced service binary with the original executable
### DLL Hijacking: ### DLL Hijacking:
Find-DLLHijack - finds .dll hijacking opportunities for currently running processes Find-ProcessDLLHijack - finds potential DLL hijacking opportunities for currently running processes
Find-PathHijack - finds service %PATH% .dll hijacking opportunities Find-PathHijack - finds service %PATH% .dll hijacking opportunities
Write-HijackDll - writes out a hijackable .dll Write-HijackDll - writes out a hijackable .dll
### Registry Checks: ### Registry Checks:
Get-RegAlwaysInstallElevated - checks if the AlwaysInstallElevated registry key is set Get-RegistryAlwaysInstallElevated - checks if the AlwaysInstallElevated registry key is set
Get-RegAutoLogon - checks for Autologon credentials in the registry Get-RegistryAutoLogon - checks for Autologon credentials in the registry
Get-VulnAutoRun - checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns Get-RegistryAutoRun - checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns
### Misc.: ### Miscellaneous Checks:
Get-VulnSchTask - find schtasks with modifiable target files Get-ModifiableScheduledTaskFile - find schtasks with modifiable target files
Get-UnattendedInstallFile - finds remaining unattended installation files Get-UnattendedInstallFile - finds remaining unattended installation files
Get-Webconfig - checks for any encrypted web.config strings Get-Webconfig - checks for any encrypted web.config strings
Get-ApplicationHost - checks for encrypted application pool and virtual directory passwords Get-ApplicationHost - checks for encrypted application pool and virtual directory passwords
Get-SiteListPassword - retrieves the plaintext passwords for any found McAfee's SiteList.xml files
### Other Helpers/Meta-Functions:
Get-ModifiablePath - tokenizes an input string and returns the files in it the current user can modify
Add-ServiceDacl - adds a Dacl field to a service object returned by Get-Service
Set-ServiceBinPath - sets the binary path for a service to a specified value through Win32 API methods
Test-ServiceDaclPermission - tests one or more passed services or service names against a given permission set
Write-UserAddMSI - write out a MSI installer that prompts for a user to be added Write-UserAddMSI - write out a MSI installer that prompts for a user to be added
Invoke-AllChecks - runs all current escalation checks and returns a report Invoke-AllChecks - runs all current escalation checks and returns a report