`

PowerUp

 
阅读更多
项目地址:https://github.com/HarmJ0y/PowerUp/blob/master/README.md
用来在Windows系统中进行提权。包含几个模块来识别/利用含有漏洞的服务,例如dll劫持,脆弱的注册表设置,和发现提权可能。

Service Enumeration:
引用

Get-ServiceUnquoted             -   returns services with unquoted paths that also have a space in the name
Get-ServiceEXEPerms             -   returns services where the current user can write to the service binary path
Get-ServicePerms                -   returns services the current user can modify


Service Abuse:
引用
Invoke-ServiceUserAdd           -   modifies a modifiable service to create a user and add it to the local administrators
Write-UserAddServiceBinary      -   writes out a patched C# service binary that adds a local administrative user
Write-ServiceEXE                -   replaces a service binary with one that adds a local administrator user
Restore-ServiceEXE              -   restores a replaced service binary with the original executable


DLL Hijacking:
引用
Invoke-FindDLLHijack            -   finds DLL hijacking opportunities for currently running processes
Invoke-FindPathDLLHijack        -   finds service %PATH% .DLL hijacking opportunities


Registry Checks:
引用
Get-RegAlwaysInstallElevated    -   checks if the AlwaysInstallElevated registry key is set
Get-RegAutoLogon                -   checks for Autologon credentials in the registry


Misc. Checks:
引用
Get-UnattendedInstallFiles      -   finds remaining unattended installation files


Helpers:
引用
Invoke-AllChecks                -   runs all current escalation checks and returns a report
Write-UserAddMSI                -   write out a MSI installer that prompts for a user to be added
Invoke-ServiceStart             -   starts a given service
Invoke-ServiceStop              -   stops a given service
Invoke-ServiceEnable            -   enables a given service
Invoke-ServiceDisable           -   disables a given service
Get-ServiceDetails              -   returns detailed information about a service
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics