Added ./Privesc/ folder that integrates PowerUp.ps1

Updated README.md's

Privesc/Privesc.psd1

@@ -0,0 +1,112 @@
+@{
+
+# Script module or binary module file associated with this manifest.
+ModuleToProcess = 'Privesc.psm1'
+
+# Version number of this module.
+ModuleVersion = '1.0.0.0'
+
+# ID used to uniquely identify this module
+GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'
+
+# Author of this module
+Author = 'Will Schroder'
+
+# Company or vendor of this module
+CompanyName = ''
+
+# Copyright statement for this module
+Copyright = 'BSD 3-Clause'
+
+# Description of the functionality provided by this module
+Description = 'PowerSploit Privesc Module'
+
+# Minimum version of the Windows PowerShell engine required by this module
+PowerShellVersion = '2.0'
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module
+FunctionsToExport = @(  
+    'Get-ServiceUnquoted',
+    'Get-ServiceFilePermission',
+    'Get-ServicePermission',
+    'Get-ServiceDetail',
+    'Invoke-ServiceAbuse',
+    'Write-ServiceBinary',
+    'Install-ServiceBinary',
+    'Restore-ServiceBinary',
+    'Find-DLLHijack',
+    'Find-PathHijack',
+    'Write-HijackDll',
+    'Get-RegAlwaysInstallElevated',
+    'Get-RegAutoLogon',
+    'Get-VulnAutoRun',
+    'Get-VulnSchTask',
+    'Get-UnattendedInstallFile',
+    'Get-Webconfig',
+    'Get-ApplicationHost',
+    'Write-UserAddMSI',
+    'Invoke-AllChecks'
+)
+
+# Cmdlets to export from this module
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+ModuleList = @(@{ModuleName = 'Privesc'; ModuleVersion = '1.0.0.0'; GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'})
+
+# List of all files packaged with this module
+FileList = 'Privesc.psm1', 'PowerUp.ps1', 'README.md'
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess
+# PrivateData = ''
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+

Privesc/Privesc.psm1

@@ -0,0 +1 @@
+Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}

Privesc/README.md

@@ -0,0 +1,59 @@
+To install this module, drop the entire Privesc folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
+
+The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
+The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
+
+To use the module, type `Import-Module Privesc`
+
+To see the commands imported, type `Get-Command -Module Privesc`
+
+For help on each individual command, Get-Help is your friend.
+
+Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
+
+
+## PowerUp
+
+PowerUp aims to be a clearinghouse of common Windows privilege escalation
+vectors that rely on misconfigurations.
+
+Running Invoke-AllChecks will output any identifiable vulnerabilities along
+with specifications for any abuse functions. The -HTMLReport flag will also
+generate a COMPUTER.username.html version of the report.
+
+Author: @harmj0y
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+
+### Service Enumeration:
+    Get-ServiceUnquoted             -   returns services with unquoted paths that also have a space in the name
+    Get-ServiceFilePermission       -   returns services where the current user can write to the service binary path or its config
+    Get-ServicePermission           -   returns services the current user can modify
+    Get-ServiceDetail               -   returns detailed information about a specified service
+
+### Service Abuse:
+    Invoke-ServiceAbuse             -   modifies a vulnerable service to create a local admin or execute a custom command
+    Write-ServiceBinary             -   writes out a patched C# service binary that adds a local admin or executes a custom command
+    Install-ServiceBinary           -   replaces a service binary with one that adds a local admin or executes a custom command
+    Restore-ServiceBinary           -   restores a replaced service binary with the original executable
+
+### DLL Hijacking:
+    Find-DLLHijack                  -   finds .dll hijacking opportunities for currently running processes
+    Find-PathHijack                 -   finds service %PATH% .dll hijacking opportunities
+    Write-HijackDll                 -   writes out a hijackable .dll
+    
+### Registry Checks:
+    Get-RegAlwaysInstallElevated    -   checks if the AlwaysInstallElevated registry key is set
+    Get-RegAutoLogon                -   checks for Autologon credentials in the registry
+    Get-VulnAutoRun                 -   checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns
+
+### Misc.:
+    Get-VulnSchTask                 -   find schtasks with modifiable target files
+    Get-UnattendedInstallFile       -   finds remaining unattended installation files
+    Get-Webconfig                   -   checks for any encrypted web.config strings
+    Get-ApplicationHost             -   checks for encrypted application pool and virtual directory passwords
+    Write-UserAddMSI                -   write out a MSI installer that prompts for a user to be added
+    Invoke-AllChecks                -   runs all current escalation checks and returns a report
+

README.md

@@ -135,6 +135,14 @@ Proof of concept code that overwrites the master boot record with the
 
 Causes your machine to blue screen upon exiting PowerShell.
 
+## Privesc
+
+**Tools to help with escalating privileges on a target.**
+
+#### `PowerUp`
+
+Clearing house of common privilege escalation checks, along with some weaponization vectors.
+
 ## Recon
 
 **Tools to aid in the reconnaissance phase of a penetration test.**
@@ -151,6 +159,10 @@ Returns the HTTP Status Codes and full URL for specified paths when provided wit
 
 Scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test.
 
+#### `PowerView`
+
+PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
+
 ## Recon\Dictionaries
 
 **A collection of dictionaries used to aid in the reconnaissance phase of a penetration test. Dictionaries were taken from the following sources.**