PrivescCheck: Privilege Escalation Enumeration Script for Windows
PrivescCheck
This script aims to identify Local Privilege Escalation (LPE) vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks.
Check types
All the checks implemented in PrivescCheck have a Type. This value, and the flags specified on the command line, will determine if they are run, or not.
Base
Checks of type Base
will always be executed, unless the script is run as an administrator. They are mainly intended for identifying privilege escalation vulnerabilities, or other important issues.
Extended
Checks of type Extended
can only be executed if the option -Extended
is specified on the command line. They are mainly intended for providing additional information that could be useful for exploit development, or post-exploitation.
Audit
Checks of type Audit
can only be executed if the option -Audit
is specified on the command line. They are mainly intended for providing information that is relevant in the context of a configuration audit.
Experimental
Checks of type Experimental
can only be executed if the option -Experimental
is specified on the command line. These are unstable checks that need further work. Use them with caution.
Download & Use
Copyright (c) 2023, Clément LABRO