EOP Windows Tools and Resources
Hacktricks Checklist.
Best tool to look for privilege escalation WinPEASS.
PayloadAllTheThings EOP.
Compiled binaries
Useful Tools :
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
CME DOC
PowerUp PowerShell script Windows privilege escalation vectors that rely on misconfigurations. It can also be used to exploit some of the issues found.
SharpUp SharpUp is a C# port of various PowerUp functionality
JAWS Just Another Windows (Enum) Script.
SessionGopher SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop.
Watson Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities.
LaZagne Tool used for retrieving passwords stored on a local machine from web browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin tools, wireless network configurations, internal Windows password storage mechanisms, and more.
Windows Exploit Suggester - Next Generation : WES-NG is a tool based on the output of Windows'
systeminfoutility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.enumeration script like Sherlock to look for missing patches
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
Kernel exploits, end of life systems
This site is handy for searching out detailed information about Microsoft security vulnerabilities.
For an older OS like Windows Server 2008, we can use an enumeration script like Sherlock to look for missing patches. We can also use something like Windows-Exploit-Suggester.
local exploit suggester module which will help us quickly find any potential privilege escalation vectors and run them within Metasploit should any module exist.
Websites :
This page has a more detailed listing of the end-of-life dates for Microsoft Windows and other products
Last updated