├── .gitignore
├── README.md
└── winprivesc.bat


/.gitignore:
--------------------------------------------------------------------------------
1 | systeminfo.txt
2 | hotfix.txt
3 | report.txt
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # winprivesc
2 | 
3 | A very simple batch script for Windows enumeration and potential privilege escalation routes.
4 | 


--------------------------------------------------------------------------------
/winprivesc.bat:
--------------------------------------------------------------------------------
  1 | @echo off
  2 | title Windows Enumeration and Privilege Escalation Script
  3 | echo.
  4 | echo Loading System Information, wait a few seconds...
  5 | systeminfo > systeminfo.txt 2> nul
  6 | find "KB" systeminfo.txt > hotfix.txt 2> nul
  7 | cls
  8 | :MENU
  9 | echo " _       ___       ____       _       ______
 10 | echo "| |     / (_)___  / __ \_____(_)   __/ ____/_________
 11 | echo "| | /| / / / __ \/ /_/ / ___/ / | / / __/ / ___/ ___/
 12 | echo "| |/ |/ / / / / / ____/ /  / /| |/ / /___(__  ) /__
 13 | echo "|__/|__/_/_/ /_/_/   /_/  /_/ |___/_____/____/\___/
 14 | echo.
 15 | echo Windows Enumeration and Privilege Escalation Script
 16 | echo www.joshruppe.com ^| Twitter: @josh_ruppe
 17 | echo.
 18 | 
 19 | echo 1 - All to Report
 20 | echo 2 - Operating System
 21 | echo 3 - Storage
 22 | echo 4 - Networking
 23 | echo 5 - Processes
 24 | echo 6 - User Info
 25 | echo 7 - Exit
 26 | echo.
 27 | SET /P C=Select^>
 28 | echo.
 29 | IF %C%==1 GOTO ALL
 30 | IF %C%==2 GOTO OS
 31 | IF %C%==3 GOTO STORAGE
 32 | IF %C%==4 GOTO NETWORK
 33 | IF %C%==5 GOTO PROCESSES
 34 | IF %C%==6 GOTO USERS
 35 | IF %C%==7 GOTO EXIT
 36 | 
 37 | :ALL
 38 | echo WinPrivEsc >> report.txt
 39 | echo Windows Enumeration and Privilege Escalation Script>> report.txt
 40 | echo www.joshruppe.com ^| Twitter: @josh_ruppe>> report.txt
 41 | echo.>> report.txt
 42 | echo Report generated: >> report.txt
 43 | echo. >> report.txt
 44 | for /F "tokens=* USEBACKQ" %%F IN ('Date') do (
 45 | set Date=%%F
 46 | echo %Date% >> report.txt
 47 | )
 48 | echo __________________________ >> report.txt
 49 | echo. >> report.txt
 50 | echo      OPERATING SYSTEM >> report.txt
 51 | echo __________________________>> report.txt
 52 | echo.>> report.txt
 53 | echo [++OS Name]>> report.txt
 54 | echo.>> report.txt
 55 | for /F "tokens=3-7" %%a IN ('find /i "OS Name:" systeminfo.txt') do set Name=%%a %%b %%c %%d %%e>> report.txt
 56 | echo %Name%>> report.txt
 57 | echo.>> report.txt
 58 | echo [++OS Version]>> report.txt
 59 | echo.>> report.txt
 60 | for /F "tokens=3-6" %%a IN ('findstr /B /C:"OS Version:" systeminfo.txt') do set Version=%%a %%b %%c %%d>> report.txt
 61 | echo %Version%>> report.txt
 62 | echo.>> report.txt
 63 | echo.>> report.txt
 64 | echo [++System Architecture]>> report.txt
 65 | echo.>> report.txt
 66 | for /F "tokens=3-4"  %%a IN ('findstr /B /C:"System Type:" systeminfo.txt') do set Type=%%a %%b>> report.txt
 67 | echo %Type%>> report.txt
 68 | echo.>> report.txt
 69 | echo [++System Boot Time]>> report.txt
 70 | echo.>> report.txt
 71 | for /F "tokens=4-6" %%a IN ('findstr /B /C:"System Boot Time:" systeminfo.txt') do set UpTime=%%a %%b %%c>> report.txt
 72 | echo %UpTime%>> report.txt
 73 | echo.>> report.txt
 74 | echo [++Page File Location(s)]>> report.txt
 75 | echo.>> report.txt
 76 | for /F "tokens=4" %%a IN ('findstr /B /C:"Page File Location(s):" systeminfo.txt') do set Page=%%a>> report.txt
 77 | echo %Page%>> report.txt
 78 | echo.>> report.txt
 79 | echo [++Hotfix(s) Installed]>> report.txt
 80 | echo.>> report.txt
 81 | setlocal enabledelayedexpansion
 82 | for /F "tokens=2" %%a IN ('findstr /v ".TXT" hotfix.txt') do (
 83 |   set Hot=%%~a
 84 |   echo !Hot!>> report.txt
 85 | )
 86 | echo.>> report.txt
 87 | echo [++Hosts File]>> report.txt
 88 | echo.>> report.txt
 89 | more c:\WINDOWS\System32\drivers\etc\hosts>> report.txt
 90 | echo.>> report.txt
 91 | echo [++Networks File]>> report.txt
 92 | echo.>> report.txt
 93 | more c:\WINDOWS\System32\drivers\etc\networks>> report.txt
 94 | echo.>> report.txt
 95 | echo [++Running Services]>> report.txt
 96 | echo.>> report.txt
 97 | net start>> report.txt
 98 | echo.>> report.txt
 99 | echo.>> report.txt
100 | echo _________________>> report.txt
101 | echo.>> report.txt
102 | echo      STORAGE >> report.txt
103 | echo _________________>> report.txt
104 | echo.>> report.txt
105 | echo [++Physical Drives]>> report.txt
106 | net share>> report.txt
107 | echo.>> report.txt
108 | echo [++Network Drives]>> report.txt
109 | echo.>> report.txt
110 | net use>> report.txt
111 | echo.>> report.txt
112 | echo.>> report.txt
113 | echo ____________________>> report.txt
114 | echo.>> report.txt
115 | echo      NETWORKING >> report.txt
116 | echo ____________________>> report.txt
117 | echo.>> report.txt
118 | echo [++ICONFIG]>> report.txt
119 | ipconfig /allcompartments /all>> report.txt
120 | echo.>> report.txt
121 | echo [++MAC Addresses]>> report.txt
122 | getmac>> report.txt
123 | echo.>> report.txt
124 | echo [++Route]>> report.txt
125 | echo.>> report.txt
126 | route PRINT>> report.txt
127 | echo.>> report.txt
128 | echo [++Netstat]>> report.txt
129 | netstat -ano>> report.txt
130 | echo.>> report.txt
131 | echo [++ARP]>> report.txt
132 | arp -a>> report.txt
133 | echo.>> report.txt
134 | echo [++Firewall Configuration]>> report.txt
135 | netsh firewall show config>> report.txt
136 | echo [++Domain]>> report.txt
137 | echo.>> report.txt
138 | set userdomain>> report.txt
139 | echo.>> report.txt
140 | echo.>> report.txt
141 | echo ___________________>> report.txt
142 | echo.>> report.txt
143 | echo      PROCESSES >> report.txt
144 | echo ___________________>> report.txt
145 | echo.>> report.txt
146 | echo [++Tasklist]>> report.txt
147 | tasklist /v>> report.txt
148 | echo.>> report.txt
149 | echo [++Drivers Installed]>> report.txt
150 | driverquery /v>> report.txt
151 | echo.>> report.txt
152 | echo.>> report.txt
153 | echo ___________________>> report.txt
154 | echo.>> report.txt
155 | echo      USER INFO >> report.txt
156 | echo ___________________>> report.txt
157 | echo.>> report.txt
158 | echo [++Current User]>> report.txt
159 | echo.>> report.txt
160 | whoami>> report.txt
161 | echo.>> report.txt
162 | echo [++All Users]>> report.txt
163 | net users>> report.txt
164 | echo.>> report.txt
165 | echo [++User Groups]>> report.txt
166 | net localgroup>> report.txt
167 | echo.>> report.txt
168 | echo Done, check report.txt
169 | echo.
170 | del systeminfo.txt
171 | del hotfix.txt
172 | EXIT /B
173 | 
174 | :OS
175 | echo __________________________
176 | echo.
177 | echo      OPERATING SYSTEM
178 | echo __________________________
179 | echo.
180 | echo [++OS Name]
181 | echo.
182 | for /F "tokens=3-7" %%a IN ('find /i "OS Name:" systeminfo.txt') do set Name=%%a %%b %%c %%d %%e
183 | echo %Name%
184 | echo.
185 | echo [++OS Version]
186 | echo.
187 | for /F "tokens=3-6" %%a IN ('findstr /B /C:"OS Version:" systeminfo.txt') do set Version=%%a %%b %%c %%d
188 | echo %Version%
189 | echo.
190 | echo [++System Architecture]
191 | echo.
192 | for /F "tokens=3-4"  %%a IN ('findstr /B /C:"System Type:" systeminfo.txt') do set Type=%%a %%b
193 | echo %Type%
194 | echo.
195 | echo [++System Boot Time]
196 | echo.
197 | for /F "tokens=4-6" %%a IN ('findstr /B /C:"System Boot Time:" systeminfo.txt') do set UpTime=%%a %%b %%c
198 | echo %UpTime%
199 | echo.
200 | echo [++Page File Location(s)]
201 | echo.
202 | for /F "tokens=4" %%a IN ('findstr /B /C:"Page File Location(s):" systeminfo.txt') do set Page=%%a
203 | echo %Page%
204 | echo.
205 | echo [++Hotfix(s) Installed]
206 | echo.
207 | setlocal enabledelayedexpansion
208 | for /F "tokens=2" %%a IN ('findstr /v ".TXT" hotfix.txt') do (
209 |   set Hot=%%~a
210 |   echo !Hot!
211 | )
212 | echo.
213 | echo [++Hosts File]
214 | echo.
215 | more c:\WINDOWS\System32\drivers\etc\hosts
216 | echo.
217 | echo [++Networks File]
218 | echo.
219 | more c:\WINDOWS\System32\drivers\etc\networks
220 | echo.
221 | echo [++Running Services]
222 | echo.
223 | net start
224 | echo.
225 | del systeminfo.txt
226 | del hotfix.txt
227 | EXIT /B
228 | 
229 | :STORAGE
230 | echo _________________
231 | echo.
232 | echo      STORAGE
233 | echo _________________
234 | echo.
235 | echo [++Physical Drives]
236 | net share
237 | echo.
238 | echo [++Network Drives]
239 | echo.
240 | net use
241 | del systeminfo.txt
242 | del hotfix.txt
243 | EXIT /B
244 | 
245 | :NETWORK
246 | echo ____________________
247 | echo.
248 | echo      NETWORKING
249 | echo ____________________
250 | echo.
251 | echo [++ICONFIG]
252 | ipconfig /allcompartments /all
253 | echo.
254 | echo [++MAC Addresses]
255 | getmac
256 | echo.
257 | echo [++Route]
258 | echo.
259 | route PRINT
260 | echo.
261 | echo [++Netstat]
262 | netstat -ano
263 | echo.
264 | echo [++ARP]
265 | arp -a
266 | echo.
267 | echo [++Firewall Configuration]
268 | netsh firewall show config
269 | echo [++Domain]
270 | echo.
271 | set userdomain
272 | echo.
273 | del systeminfo.txt
274 | del hotfix.txt
275 | EXIT /B
276 | 
277 | :PROCESSES
278 | echo ___________________
279 | echo.
280 | echo      PROCESSES
281 | echo ___________________
282 | echo.
283 | echo [++Tasklist]
284 | tasklist /v
285 | echo.
286 | echo [++Drivers Installed]
287 | driverquery /vw
288 | del systeminfo.txt
289 | del hotfix.txt
290 | EXIT /B
291 | 
292 | :USERS
293 | echo ___________________
294 | echo.
295 | echo      USER INFO
296 | echo ___________________
297 | echo.
298 | echo [++Current User]
299 | echo.
300 | whoami
301 | echo.
302 | echo [++All Users]
303 | net users
304 | echo.
305 | echo [++User Groups]
306 | net localgroup
307 | echo.
308 | del systeminfo.txt
309 | del hotfix.txt
310 | EXIT /B
311 | 
312 | :EXIT
313 | del systeminfo.txt
314 | del hotfix.txt
315 | EXIT /B
316 | 


--------------------------------------------------------------------------------