privesc / win

Mitre Att&ck Entreprise: TA0002 - Execution

Menu

add-account
privescCheck.ps1
xsploit

Tools

_repo	_last_push	_stars	_watch	_language

add-account

# create a local user account and prompt for the pwd, add the new user to administrators
net user /ADD test *
net localgroup Administrators test /ADD

# create a domain user account prompt for the pwd, add the new user to administrators
net user /ADD test * /DOMAIN
net localgroup Administrators corp\test /ADD

# delete the user
net localgroup Administrators test /ADD
net user /DEL test

sigma rule

privescCheck.ps1

# download privescCheck.ps1
wget https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1

# extended execution + txt report
powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_%COMPUTERNAME%"

# unquoted service path
accesschk /accepteula -uwdq "C:\Program Files\Unquoted Service Path"
accesschk /accepteula -uwdq "C:\Program Files (x86)\Windows Identity Foundation\v3.5\"

xsploit

Reference	OS	Service	PoC
CVE-2023-21768	Windows	11 22H2	CODENAME: LPE_AFD POC: TEST:
CVE-2022-21882	Windows	10 21H2 19044.1415	CODENAME: win32k.sys POC: TEST:
CVE-2021-1675	Windows	PrintSpooler	CODENAME: PrintNightMare POC: TEST:
CVE-2021-22204	LPE	Linux	Exiftool
CVE-2021-3560	Linux	polkit
CVE-2021-3156	Linux	sudo	CODENAME: Baron Samedit
CVE-2020-0601	Windows	CryptoAPI	CODENAME: CurveBall
CVE-2020-16898		Windows	cODENAME: Bad Neighor
CVE-2020-11651	SaltStack
CVE-2020-1350	Windows	DNS	CODENAME: SIGRed