用来在Windows系统中进行提权。包含几个模块来识别/利用含有漏洞的服务,例如dll劫持,脆弱的注册表设置,和发现提权可能。
Service Enumeration:
引用
Get-ServiceUnquoted - returns services with unquoted paths that also have a space in the name
Get-ServiceEXEPerms - returns services where the current user can write to the service binary path
Get-ServicePerms - returns services the current user can modify
Service Abuse:
引用
Invoke-ServiceUserAdd - modifies a modifiable service to create a user and add it to the local administrators
Write-UserAddServiceBinary - writes out a patched C# service binary that adds a local administrative user
Write-ServiceEXE - replaces a service binary with one that adds a local administrator user
Restore-ServiceEXE - restores a replaced service binary with the original executable
Write-UserAddServiceBinary - writes out a patched C# service binary that adds a local administrative user
Write-ServiceEXE - replaces a service binary with one that adds a local administrator user
Restore-ServiceEXE - restores a replaced service binary with the original executable
DLL Hijacking:
引用
Invoke-FindDLLHijack - finds DLL hijacking opportunities for currently running processes
Invoke-FindPathDLLHijack - finds service %PATH% .DLL hijacking opportunities
Invoke-FindPathDLLHijack - finds service %PATH% .DLL hijacking opportunities
Registry Checks:
引用
Get-RegAlwaysInstallElevated - checks if the AlwaysInstallElevated registry key is set
Get-RegAutoLogon - checks for Autologon credentials in the registry
Get-RegAutoLogon - checks for Autologon credentials in the registry
Misc. Checks:
引用
Get-UnattendedInstallFiles - finds remaining unattended installation files
Helpers:
引用
Invoke-AllChecks - runs all current escalation checks and returns a report
Write-UserAddMSI - write out a MSI installer that prompts for a user to be added
Invoke-ServiceStart - starts a given service
Invoke-ServiceStop - stops a given service
Invoke-ServiceEnable - enables a given service
Invoke-ServiceDisable - disables a given service
Get-ServiceDetails - returns detailed information about a service
Write-UserAddMSI - write out a MSI installer that prompts for a user to be added
Invoke-ServiceStart - starts a given service
Invoke-ServiceStop - stops a given service
Invoke-ServiceEnable - enables a given service
Invoke-ServiceDisable - disables a given service
Get-ServiceDetails - returns detailed information about a service