WinPwn Versions Save

Automation for internal Windows Penetrationtest / AD-Security

1.6

3 years ago

This release contains the following changes:

  • Updates for several C# binaries for example Seatbelt, Watson and winPEAS
  • New C# binary - Snaffler
  • CVE-2020-0787 exploit
  • Adidns node menu instead of wildcard only
  • .NET binary search for installed local software
  • -noninteractive and -consoleoutput parameters for asynchronous C2 support
  • Offline version size reduction due to gzip compression
  • Bug fixes

1.5

3 years ago

Add Many Scripts and C# Projects for further checks, for example:

  • New local Privilege escalation check menu, integration of itm4ns PrivescCheck Script & CarlosPolops winPEAS + other new checks
  • Add CVE-2020-0796 LPE exploit
  • Add ETW Hook for all loaded .NET binaries / scripts
  • New obfuscated Safetykatz & Reflective loading of obfuscated Mimikatz
  • Teamviewer 7/8 password decryption script
  • Add itm4ns PrintSpoofer for privilege escalation from SeImpersonate to SYSTEM
  • Automatically exploit all vulnerable MS-RPRN RPC Service servers for Hash-Relay
  • Parameters for noninteractive modul execution which are now asynchronous C2-ready
  • From Administrator to SYSTEM - various Get-SYSTEM techniques implemented
  • Many bug fixes

1.4

4 years ago

Privesc Exploits integrated:

MS15-077 - (XP/Vista/Win7/Win8/2000/2003/2008/2012) x86 only! MS16-032 - (2008/7/8/10/2012)! MS16-135 - (WS2k16 only)! CVE-2018-8120 - May 2018, Windows 7 SP1/2008 SP2,2008 R2 SP1! CVE-2019-0841 - April 2019! CVE-2019-1069 - Polarbear Hardlink, Credentials needed - June 2019! CVE-2019-1129/1130 - Race Condition, multiples cores needed - July 2019! CVE-2019-1215 - September 2019 - x64 only! CVE-2020-0638 - February 2020 - x64 only!

UAC Bypasses:

UAC Magic, Based on James Forshaw's three part post on UAC UAC Bypass cmstp technique, by Oddvar Moe DiskCleanup UAC Bypass, by James Forshaw DccwBypassUAC technique, by Ernesto Fernandez and Thomas Vanhoutte

1.3

4 years ago

1.2

4 years ago

There is an Offline version now for winpwning systems with no internet access. I also added menus for localrecon, domainrecon, sharpcradle and credential exfiltration so its easier to handle. No more questions and wait time.

1.1

4 years ago

This version contains mainly new features. The execution of various C# binaries in memory, GPO audit functions, various new local recon checks and domain checks.

1.0

4 years ago

I have added many features in the last months. The version runs stable - as long as i can say. 1.0 Release - Check.