# Tools

It is always a <mark style="color:orange;">**safe bet to upload tools**</mark> to <mark style="color:green;">`C:\Windows\Temp`</mark> because the <mark style="color:green;">`BUILTIN\Users`</mark> group has <mark style="color:orange;">**write access**</mark>.

## <mark style="color:green;">`LOLBAS`</mark>

The goal of the <mark style="color:red;">**LOLBAS**</mark> project is to document every binary, script, and library that <mark style="color:purple;">**can be used for Living Off The Land**</mark> techniques.

[**\[LINK\]**](https://lolbas-project.github.io/)

## <mark style="color:green;">`Snaffler`</mark>

<mark style="color:red;">**Snaffler**</mark> is a tool for **pentesters** and **red teamers** to <mark style="color:purple;">**help find delicious candy needles**</mark> (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).

[**\[LINK\]**](https://github.com/SnaffCon/Snaffler)

## <mark style="color:green;">`Seatbelt`</mark>

<mark style="color:red;">**C# project**</mark> for performing a <mark style="color:purple;">**wide variety of local privilege escalation checks**</mark>

[**\[LINK\]**](https://github.com/GhostPack/Seatbelt)

## <mark style="color:green;">`WinPEAS`</mark>

<mark style="color:red;">**WinPEAS**</mark> is a script that <mark style="color:purple;">**searches for possible paths to escalate privileges**</mark> on Windows hosts.

[**\[LINK\]**](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS)

## <mark style="color:green;">`PowerUP`</mark>

<mark style="color:red;">**PowerShell script**</mark> for <mark style="color:purple;">**finding common Windows privilege escalation vectors**</mark> that rely on misconfigurations. It can also be used to exploit some of the issues found.&#x20;

[**\[LINK\]**](https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)

## <mark style="color:green;">`SharpUp`</mark>

<mark style="color:red;">**C# version of PowerUp**</mark>. Very useful tool to check for service binaries suffering from weak ACLs.

```powershell
PS C:\> .\SharpUp.exe audit
```

[**\[LINK\]**](https://github.com/GhostPack/SharpUp)

## <mark style="color:green;">`JAWS`</mark>

<mark style="color:red;">**PowerShell script**</mark> for <mark style="color:purple;">**enumerating privilege escalation vectors**</mark> written in PowerShell 2.0

[**\[LINK\]**](https://github.com/411Hall/JAWS)

## <mark style="color:green;">`SessionGopher`</mark>

<mark style="color:red;">**PowerShell tool**</mark> to <mark style="color:purple;">**find and decrypt saved session info**</mark> for remote access tools like PuTTY, WinSCP, FileZilla, and RDP.

[**\[LINK\]**](https://github.com/Arvanaghi/SessionGopher)

## <mark style="color:green;">`Watson`</mark>

<mark style="color:red;">**.NET tool**</mark> to <mark style="color:purple;">**identify missing patches**</mark> and suggest privilege escalation exploits.

[**\[LINK\]**](https://github.com/rasta-mouse/Watson)

## <mark style="color:green;">`LaZagne`</mark>

<mark style="color:red;">**Python tool**</mark> which <mark style="color:purple;">**extracts locally stored passwords**</mark> from browsers, chat tools, databases, Wi-Fi configs, and more.

[**\[LINK\]**](https://app.gitbook.com/u/lNiHnyIvhvhH2E3Ea5z6riO6pry2)

## <mark style="color:green;">`Windows Exploit Suggester - NG`</mark>

<mark style="color:red;">**Python / Powershell tool**</mark> that analyzes the output of Windows' <mark style="color:green;">`systeminfo`</mark> to <mark style="color:purple;">**identify OS vulnerabilities, including associated exploits**</mark>. It supports all Windows versions from XP to Windows 10, including server editions, making it useful for pinpointing specific security weaknesses.

[**\[LINK\]**](https://github.com/bitsadmin/wesng)

## <mark style="color:green;">`Sysinternals Suite`</mark>

Includes tools like <mark style="color:green;">**AccessChk**</mark>, <mark style="color:green;">**PipeList**</mark>, and <mark style="color:green;">**PsService**</mark> for <mark style="color:purple;">**system enumeration**</mark>**.**

[**\[LINK\]**](https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)