Windows Privilege Escalation with WinPeas
Introduction
Welcome to my new article, today i will show you how you can escalate privileges in Windows machines using WinPeas tool, this is amazing tool created by CarlosPolop.
Here you have the Github link of this tool:
And the most important, here you have the exe to execute in victim machine.
https://github.com/carlospolop/PEASS-ng/releases/download/20230101/winPEASx64.exe
Perfect, let’s read the description of the creator from this tool in the Github repository:
“The goal of this project is to search for possible Privilege Escalation Paths in Windows environments. It should take only a few seconds to execute almost all the checks and some seconds/minutes during the lasts checks searching for known filenames that could contain passwords (the time depened on the number of files in your home folder). By default only some filenames that could contain credentials are searched, you can use the searchall parameter to search all the list (this could will add some minutes). The tool is based on SeatBelt.”
Perfect, it’s moment to use it.
POC
First of all you need a victim machine, in my case it’s a 64 bits full patched Windows 10.
In my Linux machine i start HTTP server with Python3 to transfer the executable into Windows 10.
In Windows 10 browser i search for my IP:
And i download the file. When i execute the file i see this screen and the exe it’s executed.
Sections:
- Basic System Information:
- Credentials, system information, Defenses Informations:
- Users information:
- Service Privilege Escalation and DLL Hijacking:
- Network information:
- Passwords founded:
This is ones of the most important things, but Winpeas implant ALL paths of privilege escalation, its amazing and one of the most used tools to escalate privileges in Windows.
Conclusions
This is the final for this article, i hope you like it and try to use in CTF’s or other scenarios.
If you enjoy my content and would like to help me take this project to the next level, you can become a member by donating a monthly subscription. Your support will help me continue to create high-quality content. Thank you for your generosity!
If donating is not possible for you at this time, no problem at all! Your support in sharing my project and spreading the word is greatly appreciated. I will continue to create and share my work regardless, and I am grateful for your encouragement and interest.
If you want to support me you can check my secondary Medium Profile and see all the articles! Follow and support it!. This are the link:
Thanks to read this :)
S12.
