PrivescCheck: Privilege Escalation Enumeration Script for Windows

PrivescCheck

This script aims to identify Local Privilege Escalation (LPE) vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks.

Check types

All the checks implemented in PrivescCheck have a Type. This value, and the flags specified on the command line, will determine if they are run, or not.

Base

Checks of type Base will always be executed, unless the script is run as an administrator. They are mainly intended for identifying privilege escalation vulnerabilities, or other important issues.

Extended

Checks of type Extended can only be executed if the option -Extended is specified on the command line. They are mainly intended for providing additional information that could be useful for exploit development, or post-exploitation.

Audit

Checks of type Audit can only be executed if the option -Audit is specified on the command line. They are mainly intended for providing information that is relevant in the context of a configuration audit.

Experimental

Checks of type Experimental can only be executed if the option -Experimental is specified on the command line. These are unstable checks that need further work. Use them with caution.

Download & Use

Copyright (c) 2023, Clément LABRO