-
Notifications
You must be signed in to change notification settings - Fork 3
/
privkit.py
105 lines (79 loc) · 4.12 KB
/
privkit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Made by papi
# Created on: Wed 29 Nov 2023 03:49:53 PM CET
# privkit.py
# Description:
from havoc import Demon, RegisterCommand, RegisterModule
import os
def alwaysinstallelevated( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to check if programs are always installed as elevated" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/alwaysinstallelevated.o", b'', False)
return TaskID
def autologon( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to check for autologon registry keys" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/autologon.o", b'', False)
return TaskID
def credentialmanager( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to enumerate credential manager" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/credentialmanager.o", b'', False)
return TaskID
def hijackablepath( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to find hijackable paths" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/hijackablepath.o", b'', False)
return TaskID
def modifiableautorun( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to find modifiable autoruns" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/modifiableautorun.o", b'', False)
return TaskID
def tokenprivileges( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to check for token privileges" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/tokenprivileges.o", b'', False)
return TaskID
def unquotedsvcpath( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Tasked demon to look for unquoted service paths" )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/unquotedsvcpath.o", b'', False)
return TaskID
def all( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon(demonID)
TaskID = demon.ConsoleWrite(demon.CONSOLE_TASK, "Running all of the privkit checks..." )
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/alwaysinstallelevated.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/autologon.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/credentialmanager.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/hijackablepath.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/modifiableautorun.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/tokenprivileges.o", b'', False)
demon.InlineExecute(TaskID, "go", "PrivKit/PrivKit/unquotedsvcpath.o", b'', False)
return TaskID
RegisterModule( "privkit", "Privilege Escalation Module", "", "", "", "" )
RegisterCommand( all, "privkit", "all", "Run all possible checks.", 0, "", "" )
RegisterCommand( alwaysinstallelevated, "privkit", "elevated", "Check if programs are always installed as elevated.", 0, "", "" )
RegisterCommand( autologon, "privkit", "autologon", "Check for autologon registry keys.", 0, "", "" )
RegisterCommand( credentialmanager, "privkit", "credman", "Enumerate credential manager.", 0, "", "" )
RegisterCommand( hijackablepath, "privkit", "paths", "Enumerate hijackable paths.", 0, "", "" )
RegisterCommand( modifiableautorun, "privkit", "autorun", "Find modifiable autoruns.", 0, "", "" )
RegisterCommand( tokenprivileges, "privkit", "token", "Check for token privileges.", 0, "", "" )
RegisterCommand( unquotedsvcpath, "privkit", "unquoted", "Check unquoted service paths.", 0, "", "" )