Skip to content

Local Windows Enumeration for Privilege Escalation

Notifications You must be signed in to change notification settings

sn0wfa11/win_enum_local

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

win_enum_local

Local Windows Enumeration for Privilege Escalation

This is a python script that enumerates Windows computer for privilege escalation vulnerabilities. It is designed to be quick and robust to accommodate Windows versions from XP to 10. The use of WMIC was avoided for XP compatibility.

accesschk.exe from MS SysInternals is required to be in the same root folder as this script.

You can get accesschk from this link: https://technet.microsoft.com/en-us/sysinternals/accesschk.aspx

This script has come in handy while working through the Offensive Security Penetration Testing with Kali Labs.

You can compile the script to an executable using PyInstaller for easy use on any Windows machine.

Download pyinstaller from here: http://www.pyinstaller.org/

This is an open project and I welcome input and pull requests from anyone who wishes to contribute.

Notes

When the script is running, some of the PE checks may throw errors if the registry keys the script is looking for are not present or if the system does not support the specific check being used.

An example is when the script is looking for the "AlwaysInstallElevated" registry key and it is not present you will see the following error:

ERROR: The system was unable to find the specified registry key or value.

This is nothing wrong with the script, if this error does not show up you may have a quick path to PE...

Based on examples from the following resources:

http://www.fuzzysecurity.com/tutorials/16.html

http://toshellandback.com/2015/11/24/ms-priv-esc/

About

Local Windows Enumeration for Privilege Escalation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages