DZONERZY

Windows privilege escalation made easy

September 26, 2016 Daniele

Privileges

User's privileges are a daily challange in today's hack, sometime when a malicious user break into your system he tries also to escalate their permission till Administrator account. There are many ways to do it, some are really hard to perform such as 0day, others are pretty trivial such as misconfigurations, weak permissions, elevated process, pipelines and more. Perform all those task on a system with many packeges installed would be a really pain in the ass, here's where my script come in help!.

Winescalation

Winescalation is a single module python based script, which will help you to perform all those kinds of security check automatically, below a screenshot of what you should expect running winescalate.py

Image description

Some of these vulnerability are real-world ones, such as WVSScheduler.exe (WVSS1 and WVSS2) Like any other automatic scanner tool, even this one will require manual checking but at least will show where to focus.

Try it now

You can clone my repository on github at the following address https://github.com/dzonerzy/winescalation

The end

Please comment with your impression i will try to improve it with new techniques!

#dzonerzy