diff --git a/README.md b/README.md index 43a5b3e..3cc9416 100644 --- a/README.md +++ b/README.md @@ -7,29 +7,55 @@ This script aims to identify __Local Privilege Escalation__ (LPE) vulnerabilitie After downloading the [script](https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1) and copying it onto the target Windows machine, run it using one of the commands below. > [!NOTE] -> You __don't__ need to clone the entire repository. The file `PrivescCheck.ps1` is a standalone PowerShell script that contains all the code required by `PrivescCheck` to run on a target host. +> You __don't__ need to clone the entire repository. The file `PrivescCheck.ps1` is a standalone PowerShell script that contains all the code required by `PrivescCheck` to run. > [!IMPORTANT] > In the commands below, the first `.` (dot) is used for "dot sourcing" the script, so that the functions and cmdlets can be used in the __current scope__ (see PowerShell [dot sourcing feature](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_scripts#script-scope-and-dot-sourcing)). ### Basic checks only -```powershell -. .\PrivescCheck.ps1; Invoke-PrivescCheck +Quickly identify important issues, such as local privilege escalation vulnerabilities. + +```bat +powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck" ``` -### Extended checks + All reports +### Extended checks + human-readable reports -```powershell -. .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_$($env:COMPUTERNAME) -Format TXT,CSV,HTML,XML +Identify important issues, but also gather additional information, and save the results to report files that are easy to read. + +```bat +powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_$($env:COMPUTERNAME) -Format TXT,HTML" ``` -### All-in-one command +### All checks + all reports + +Perform extended and audit checks, and save the results to human-readable reports, but also machine-readable files, which can later be parsed for automated report generation. ```bat -powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_$($env:COMPUTERNAME) -Format TXT,CSV,HTML,XML" +powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Audit -Report PrivescCheck_$($env:COMPUTERNAME) -Format TXT,HTML,CSV,XML" ``` +## Check types + +All the checks implemented in PrivescCheck have a __Type__. This value, and the flags specified on the command line, will determine if they are run, or not. + +### Base + +Checks of type `Base` will always be executed, unless the script is run as an administrator. They are mainly intended for identifying privilege escalation vulnerabilities, or other important issues. + +### Extended + +Checks of type `Extended` can only be executed if the option `-Extended` is specified on the command line. They are mainly intended for providing additional information that could be useful for exploit development, or post-exploitation. + +### Audit + +Checks of type `Audit` can only be executed if the option `-Audit` is specified on the command line. They are mainly intended for providing information that is relevant in the context of a configuration audit. + +### Experimental + +Checks of type `Experimental` can only be executed if the option `-Experimental` is specified on the command line. These are unstable checks that need further work. Use them with caution. + ## Tips and tricks ### PowerShell execution policy diff --git a/info/CHANGELOG.md b/info/CHANGELOG.md index 182de2e..033aee9 100644 --- a/info/CHANGELOG.md +++ b/info/CHANGELOG.md @@ -9,6 +9,7 @@ ### Changed - Checks now have a "Type" (Base, Extended, Audit, Experimental), rather than multiple boolean flags. +- Rework the README, and provide additional information regarding check types. ## 2024-05-28