peass - privilege escalation awesome scripts suite #
very easy to use on linux
./linpeas.sh
windows has multiple versions
winpeasx64.exewinpeasx86.exewinpeas.bat
registry entry for winpeas colors
REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
enum4linux #
scan target-ip
enum4linux target-ip
rpcdump.py #
dump rpc endpoints
/opt/impacket/examples/rpcdump.py username:password@target-ip
lookupsid.py #
get sid via rpc
/opt/impacket/examples/lookupsid.py username:password@target-ip
rpcclient #
get information via rpc with username
rpcclient -U username target-ip
get information via rpc without username
rpcclient -U "" target-ip
sub-commands once connected
srvinfo
lookupnames username