Best Tools for Windows Privilege Escalation

Table of contents

No heading

No headings in the article.

There are many tools available to help enumerate Windows systems for common and obscure privilege escalation vectors.

Below is a list of useful binaries and scripts, many of which we will cover in the upcoming module sections.

ToolDescription
SeatbeltC# project for performing a wide variety of local privilege escalation checks
winPEASWinPEAS is a script that searches for possible paths to escalate privileges on Windows hosts. All of the checks are explained here
PowerUpPowerShell script for finding common Windows privilege escalation vectors that rely on misconfigurations. It can also be used to exploit some of the issues found
SharpUpC# version of PowerUp
JAWSPowerShell script for enumerating privilege escalation vectors written in PowerShell 2.0
SessionGopherSessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It extracts PuTTY, WinSCP, SuperPuTTY, FileZilla, and RDP saved session information
WatsonWatson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
LaZagneTool used for retrieving passwords stored on a local machine from web browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin tools, wireless network configurations, internal Windows password storage mechanisms, and more
Windows Exploit Suggester - Next GenerationWES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported