Staphysec
  • StaphySec
  • Resources
  • Tricks
  • Brute Force - CheatSheet
  • File Transfer
    • Windows File Transfer
    • Linux File Transfer
    • HTTP/SMB/Nginx/Web Servers/Netcat
  • Hashcat
  • Cheatsheet
  • Curl
  • Tools
    • Cracking
    • Information Gathering
    • XSS
    • Obfuscation
    • Credentials Theft/ Win
    • Content Management Systems (CMS)
  • Programming and Scripting
    • Virtualenv & Switching Versions
    • Python
  • SHELLS
    • Shells (Linux, Windows, Msfvenom)
  • Linux
    • CheatSheet
    • EOP Linux Tools and Resources
    • Blogs
  • Windows
    • CheatSheet
    • EOP Windows Tools and Resources
    • Useful commands and Modules
    • Active Directory
      • Tools
  • Blogs
    • Miscellaneous resources
  • PENTESTING
    • 21 - Pentesting FTP
    • 22 - Pentesting SSH
    • 25,465,587 - Pentesting SMTP
    • 53 - Pentesting DNS
    • 110,995 - Pentesting POP
    • 135 - Pentesting WMI
    • 139,445 - SMB Pentesting
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
    • 623/UDP/TCP - IPMI
    • 1433 - Pentesting mssql
    • 2049 - NFS Pentesting
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 5985,5986 - WinRm
  • Pentesting Web
    • SQL Injections
      • MySQL injection
      • SQLmap Cheatsheet
    • Command injections
    • File Uploads
    • Abusing Intermediary Applications
    • HTTP Verb Tampering
    • IDOR
    • File Inclusion / Directory Traversal
    • XXE - XEE - XML External Entity
    • SSRF
    • SSI/ESI
    • SSTI (Server Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
Powered by GitBook
On this page
  • Useful Tools :
  • Kernel exploits, end of life systems
  • Websites :
  1. Windows

EOP Windows Tools and Resources

PreviousCheatSheetNextUseful commands and Modules

Last updated 3 years ago

Hacktricks .

Best tool to look for privilege escalation .

EOP.

Compiled

Useful Tools :

  • is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

  • CME

  • PowerShell script Windows privilege escalation vectors that rely on misconfigurations. It can also be used to exploit some of the issues found.

  • SharpUp is a C# port of various PowerUp functionality

  • Just Another Windows (Enum) Script.

  • SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop.

  • Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities.

  • Tool used for retrieving passwords stored on a local machine from web browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin tools, wireless network configurations, internal Windows password storage mechanisms, and more.

  • Windows Exploit - Next Generation : WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.

  • enumeration script like to look for missing patches

  • is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

Kernel exploits, end of life systems

Websites :

This is handy for searching out detailed information about Microsoft security vulnerabilities.

For an older OS like Windows Server 2008, we can use an enumeration script like to look for missing patches. We can also use something like .

which will help us quickly find any potential privilege escalation vectors and run them within Metasploit should any module exist.

This has a more detailed listing of the end-of-life dates for Microsoft Windows and other products

Checklist
WinPEASS
PayloadAllTheThings
binaries
Seatbelt
DOC
PowerUp
SharpUp
JAWS
SessionGopher
Watson
LaZagne
Suggester
Sherlock
SharpGPOAbuse
site
Sherlock
Windows-Exploit-Suggester
local exploit suggester module
page