Windows escalation tools
WinPEAS enumerates a target system to uncover privilege escalation paths. You can also download the precompiled executable or a
.batscript. The output can be lengthy and sometimes difficult to read. It is recommended to always redirect the output to a file.PrivescCheck is a PowerShell script that searches for common privilege escalations on a target system. It is an alternative to WinPEAS without having to execute a binary file. It may be necessary to bypass execution policy restrictions with the
Set-ExecutionPolicycmdlet.Windows Exploit Suggester - Next Generation (WES-NG) will run on the attack machine, making way less noise. You run the
systeminfocommand on the target system, directing the output to a.txtfile that you will need to move to your attacking machine. Before using it, update the database with# python -m wes.py --update, then use it on the downloaded.txtfile:# wes.py systeminfo.txt