Windows Local Privilege Escalation Tools

.NET - SharpUp

Outputs to the screen

execute-assembly /pipe/ANY/4.5/SharpUp.exe

PowerShell

NEW Use PrivescCheck instead of PowerUp — https://github.com/itm4n/PrivescCheck

start-transcript log\01-05.privesccheck.script

. .\PrivescCheck.ps1

Invoke-PrivescCheck -Report PrivEscCheck_Report -Format TXT,CSV,HTML

PowerUp (“Obfuscated PowerShell Tool One-Liners 2020-06.txt”)

Invoke-AllChecks | Out-File -Encoding ASCII LocalPrivEscChecks.txt

Other

winPEAS: https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS/

VERY NOISY!! This tool will definitely get you caught.
BAT and EXE versions available
EXE version is in our tools pipeline
EXE can’t be executed via execute-assembly — too big

Windows Exploit Suggester (WES-NG)