项目地址:[url]https://github.com/HarmJ0y/PowerUp/blob/master/README.md[/url]
用来在Windows系统中进行提权。包含几个模块来识别/利用含有漏洞的服务,例如dll劫持,脆弱的注册表设置,和发现提权可能。
Service Enumeration:[quote]
Get-ServiceUnquoted - returns services with unquoted paths that also have a space in the name
Get-ServiceEXEPerms - returns services where the current user can write to the service binary path
Get-ServicePerms - returns services the current user can modify
[/quote]
Service Abuse:[quote]Invoke-ServiceUserAdd - modifies a modifiable service to create a user and add it to the local administrators
Write-UserAddServiceBinary - writes out a patched C# service binary that adds a local administrative user
Write-ServiceEXE - replaces a service binary with one that adds a local administrator user
Restore-ServiceEXE - restores a replaced service binary with the original executable[/quote]
DLL Hijacking:[quote]Invoke-FindDLLHijack - finds DLL hijacking opportunities for currently running processes
Invoke-FindPathDLLHijack - finds service %PATH% .DLL hijacking opportunities[/quote]
Registry Checks:[quote]Get-RegAlwaysInstallElevated - checks if the AlwaysInstallElevated registry key is set
Get-RegAutoLogon - checks for Autologon credentials in the registry[/quote]
Misc. Checks:[quote]Get-UnattendedInstallFiles - finds remaining unattended installation files[/quote]
Helpers:[quote]Invoke-AllChecks - runs all current escalation checks and returns a report
Write-UserAddMSI - write out a MSI installer that prompts for a user to be added
Invoke-ServiceStart - starts a given service
Invoke-ServiceStop - stops a given service
Invoke-ServiceEnable - enables a given service
Invoke-ServiceDisable - disables a given service
Get-ServiceDetails - returns detailed information about a service[/quote]
用来在Windows系统中进行提权。包含几个模块来识别/利用含有漏洞的服务,例如dll劫持,脆弱的注册表设置,和发现提权可能。
Service Enumeration:[quote]
Get-ServiceUnquoted - returns services with unquoted paths that also have a space in the name
Get-ServiceEXEPerms - returns services where the current user can write to the service binary path
Get-ServicePerms - returns services the current user can modify
[/quote]
Service Abuse:[quote]Invoke-ServiceUserAdd - modifies a modifiable service to create a user and add it to the local administrators
Write-UserAddServiceBinary - writes out a patched C# service binary that adds a local administrative user
Write-ServiceEXE - replaces a service binary with one that adds a local administrator user
Restore-ServiceEXE - restores a replaced service binary with the original executable[/quote]
DLL Hijacking:[quote]Invoke-FindDLLHijack - finds DLL hijacking opportunities for currently running processes
Invoke-FindPathDLLHijack - finds service %PATH% .DLL hijacking opportunities[/quote]
Registry Checks:[quote]Get-RegAlwaysInstallElevated - checks if the AlwaysInstallElevated registry key is set
Get-RegAutoLogon - checks for Autologon credentials in the registry[/quote]
Misc. Checks:[quote]Get-UnattendedInstallFiles - finds remaining unattended installation files[/quote]
Helpers:[quote]Invoke-AllChecks - runs all current escalation checks and returns a report
Write-UserAddMSI - write out a MSI installer that prompts for a user to be added
Invoke-ServiceStart - starts a given service
Invoke-ServiceStop - stops a given service
Invoke-ServiceEnable - enables a given service
Invoke-ServiceDisable - disables a given service
Get-ServiceDetails - returns detailed information about a service[/quote]
扫一扫
759
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
