EOP Windows Tools and Resources

Hacktricks Checklist.

Best tool to look for privilege escalation WinPEASS.

PayloadAllTheThings EOP.

Compiled binaries

Useful Tools :

  • Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

  • CME DOC

  • PowerUp PowerShell script Windows privilege escalation vectors that rely on misconfigurations. It can also be used to exploit some of the issues found.

  • SharpUp SharpUp is a C# port of various PowerUp functionality

  • JAWS Just Another Windows (Enum) Script.

  • SessionGopher SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop.

  • Watson Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities.

  • LaZagne Tool used for retrieving passwords stored on a local machine from web browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin tools, wireless network configurations, internal Windows password storage mechanisms, and more.

  • Windows Exploit Suggester - Next Generation : WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.

  • enumeration script like Sherlock to look for missing patches

  • SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

Kernel exploits, end of life systems

  • This site is handy for searching out detailed information about Microsoft security vulnerabilities.

  • For an older OS like Windows Server 2008, we can use an enumeration script like Sherlock to look for missing patches. We can also use something like Windows-Exploit-Suggester.

  • local exploit suggester module which will help us quickly find any potential privilege escalation vectors and run them within Metasploit should any module exist.

Websites :

  • This page has a more detailed listing of the end-of-life dates for Microsoft Windows and other products

PreviousCheatSheetNextUseful commands and Modules

Last updated