WinPEAS(Windows Privilege Escalation Awsome Script)
WinPEAS (Windows Privilege Escalation Awesome Script) is a powerful post-exploitation tool used primarily by penetration testers, ethical hackers, and red teamers to identify privilege escalation opportunities on Windows systems. Here's a detailed breakdown of its purpose, functionality, and usage:
What Is WinPEAS?WinPEAS is part of the PEASS-ng suite developed by Carlos Polop. It automates scanning Windows systems for misconfigurations, vulnerabilities, and security weaknesses that could allow a low-privileged user to escalate their privileges.
Key Features- Automated Enumeration: Scans for privilege escalation vectors across services, registry, file permissions, scheduled tasks, and more.
- Color-Coded Output: Highlights critical findings in red, informative ones in green, and other categories in blue, cyan, and yellow for quick visual analysis. [manageengine.com]
- Lightweight & Versatile: Available in .exe, .ps1, and .bat formats, compatible with both x86 and x64 architectures.
- Offline Analysis: Output can be saved for later review.
- Minimal Privilege Requirement: Can run without admin rights and still gather valuable system data.
Privilege Escalation Vectors DetectedWinPEAS identifies a wide range of potential vulnerabilities, including:- Unquoted Service Paths: Services with paths not enclosed in quotes can be exploited to run malicious executables.
- Weak Service Permissions: Services that can be modified by non-admin users.
- Registry Misconfigurations: Keys like AlwaysInstallElevated that allow MSI files to run with admin privileges.
- Writable Directories & Files: Identifies locations where low-privileged users can write or modify files.
- DLL Hijacking Opportunities: Detects insecure DLL loading paths.
- Scheduled Tasks: Finds misconfigured or vulnerable scheduled tasks.
- Token Privileges: Checks for powerful privileges like SeDebugPrivilege or SeImpersonatePrivilege.
WinPEAS Variants- winPEAS.exe: C# executable, requires .NET ≥ 4.5.2.
- winPEAS.ps1: PowerShell script version.
- winPEAS.bat: Batch script version for basic enumeration.
Each variant is suited for different environments and levels of access. The .exe version is the most feature-rich.
Execution Steps1. Download: Get the latest version from the https://github.com/peass-ng/PEASS-ng/releases/latest.2. Transfer to Target: Use SMB, reverse shell, or HTTP server.3. Run the Tool:
Or redirect output:
4. Analyze Output: Focus on red-highlighted sections for critical escalation paths.
Use Cases- CTFs and Training Labs
- Internal Penetration Tests
- Real-World Breach Simulations
- Security Audits
WinPEAS (Windows Privilege Escalation Awesome Script) is a powerful post-exploitation tool used primarily by penetration testers, ethical hackers, and red teamers to identify privilege escalation opportunities on Windows systems. Here's a detailed breakdown of its purpose, functionality, and usage:
What Is WinPEAS?
WinPEAS is part of the PEASS-ng suite developed by Carlos Polop. It automates scanning Windows systems for misconfigurations, vulnerabilities, and security weaknesses that could allow a low-privileged user to escalate their privileges.
Key Features
- Automated Enumeration: Scans for privilege escalation vectors across services, registry, file permissions, scheduled tasks, and more.
- Color-Coded Output: Highlights critical findings in red, informative ones in green, and other categories in blue, cyan, and yellow for quick visual analysis. [manageengine.com]
- Lightweight & Versatile: Available in .exe, .ps1, and .bat formats, compatible with both x86 and x64 architectures.
- Offline Analysis: Output can be saved for later review.
- Minimal Privilege Requirement: Can run without admin rights and still gather valuable system data.
Privilege Escalation Vectors Detected
WinPEAS identifies a wide range of potential vulnerabilities, including:
- Unquoted Service Paths: Services with paths not enclosed in quotes can be exploited to run malicious executables.
- Weak Service Permissions: Services that can be modified by non-admin users.
- Registry Misconfigurations: Keys like AlwaysInstallElevated that allow MSI files to run with admin privileges.
- Writable Directories & Files: Identifies locations where low-privileged users can write or modify files.
- DLL Hijacking Opportunities: Detects insecure DLL loading paths.
- Scheduled Tasks: Finds misconfigured or vulnerable scheduled tasks.
- Token Privileges: Checks for powerful privileges like SeDebugPrivilege or SeImpersonatePrivilege.
WinPEAS Variants
- winPEAS.exe: C# executable, requires .NET ≥ 4.5.2.
- winPEAS.ps1: PowerShell script version.
- winPEAS.bat: Batch script version for basic enumeration.
Each variant is suited for different environments and levels of access. The .exe version is the most feature-rich.
Execution Steps
1. Download: Get the latest version from the https://github.com/peass-ng/PEASS-ng/releases/latest.
2. Transfer to Target: Use SMB, reverse shell, or HTTP server.
3. Run the Tool:
4. Analyze Output: Focus on red-highlighted sections for critical escalation paths.
Use Cases
- CTFs and Training Labs
- Internal Penetration Tests
- Real-World Breach Simulations
- Security Audits
No comments:
Post a Comment