PrivescCheck script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information that might be useful for exploitation and/or post-exploitation. I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I added more checks and also tried to reduce the number of false positives. It's still a Work-in-Progress because there are a few more checks I want to implement but it's already quite complete. If you have any suggestions for PrivescCheck (improvements, features), feel free to contact me on Twitter @itm4n. Usage Use the script from a PowerShell prompt. PS C:\Temp\> Set-ExecutionPolicy Bypass -Scope Process -Force PS C:\Temp\> . .\Invoke-PrivescCheck.ps1; Invoke-PrivescCheck Display output and write to a log file at the same time. PS C:\Temp\> . .\Invoke-PrivescCheck.ps1; Invoke-PrivescCheck | Tee-Object "C:\Temp\result.txt" Use the script from a CMD prompt. C:\Temp\>powershell -ep bypass -c ". .\Invoke-PrivescCheck.ps1; Invoke-PrivescCheck" Import the script from....
this is just what i needed. other scripts used wmic, SC.exe and so on. on a hardened system these are not available