Releases: S3cur3Th1sSh1t/WinPwn
Version 1.6
This release contains the following changes:
- Updates for several C# binaries for example Seatbelt, Watson and winPEAS
- New C# binary - Snaffler
- CVE-2020-0787 exploit
- Adidns node menu instead of wildcard only
- .NET binary search for installed local software
- -noninteractive and -consoleoutput parameters for asynchronous C2 support
- Offline version size reduction due to gzip compression
- Bug fixes
Version 1.5
Add Many Scripts and C# Projects for further checks, for example:
- New local Privilege escalation check menu, integration of itm4ns PrivescCheck Script & CarlosPolops winPEAS + other new checks
- Add CVE-2020-0796 LPE exploit
- Add ETW Hook for all loaded .NET binaries / scripts
- New obfuscated Safetykatz & Reflective loading of obfuscated Mimikatz
- Teamviewer 7/8 password decryption script
- Add itm4ns PrintSpoofer for privilege escalation from SeImpersonate to SYSTEM
- Automatically exploit all vulnerable MS-RPRN RPC Service servers for Hash-Relay
- Parameters for noninteractive modul execution which are now asynchronous C2-ready
- From Administrator to SYSTEM - various Get-SYSTEM techniques implemented
- Many bug fixes
Version 1.4 - Integrated Privesc-Exploits & UAC Bypass
Privesc Exploits integrated:
MS15-077 - (XP/Vista/Win7/Win8/2000/2003/2008/2012) x86 only!
MS16-032 - (2008/7/8/10/2012)!
MS16-135 - (WS2k16 only)!
CVE-2018-8120 - May 2018, Windows 7 SP1/2008 SP2,2008 R2 SP1!
CVE-2019-0841 - April 2019!
CVE-2019-1069 - Polarbear Hardlink, Credentials needed - June 2019!
CVE-2019-1129/1130 - Race Condition, multiples cores needed - July 2019!
CVE-2019-1215 - September 2019 - x64 only!
CVE-2020-0638 - February 2020 - x64 only!
UAC Bypasses:
UAC Magic, Based on James Forshaw's three part post on UAC
UAC Bypass cmstp technique, by Oddvar Moe
DiskCleanup UAC Bypass, by James Forshaw
DccwBypassUAC technique, by Ernesto Fernandez and Thomas Vanhoutte
Less detection & more stable
1.3 Delete WinPwn.jpg
Version 1.2 - Offline Version and Menus
There is an Offline version now for winpwning systems with no internet access. I also added menus for localrecon, domainrecon, sharpcradle and credential exfiltration so its easier to handle. No more questions and wait time.
Version 1.1
This version contains mainly new features. The execution of various C# binaries in memory, GPO audit functions, various new local recon checks and domain checks.
Version 1.0 Release
I have added many features in the last months. The version runs stable - as long as i can say.
1.0 Release - Check.