Merge pull request #363 from camercu/master

fix su brute check.

.github/ISSUE_TEMPLATE.md

@@ -1,4 +1,5 @@
 If you are going to suggest something, please remove the following template. 
+If your issue is related with WinPEAS.ps1 please mention https://github.com/RandolphConley
 
 #### Issue description
 

.github/workflows/CI-master_tests.yml

@@ -137,6 +137,12 @@ jobs:
         with:
           name: winPEAS.bat
           path: winPEAS\winPEASbat\winPEAS.bat
+      
+      - name: Upload winpeas.ps1
+        uses: actions/upload-artifact@v2
+        with:
+          name: winPEAS.ps1
+          path: winPEAS\winPEASps1\winPEAS.ps1
           
       # Git add
       #- name: Create local changes

README.md

@@ -30,7 +30,7 @@ Do you want to have **access the latest version of Hacktricks and PEASS**, obtai
 
 **LinPEAS, WinPEAS and MacPEAS** aren’t enough for you? Welcome [**The PEASS Family**](https://opensea.io/collection/the-peass-family/), a limited collection of [**exclusive NFTs**](https://opensea.io/collection/the-peass-family/) of our favourite PEASS in disguise, designed by my team. Go **get your favourite and make it yours!** And if you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**
 
-You can also, join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) to learn about latest news in cybersecurity and meet other cybersecurity enthusiasts, or follow me on Twitter 🐦 [@carlospolopm](https://twitter.com/carlospolopm).
+You can also, join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) to learn about latest news in cybersecurity and meet other cybersecurity enthusiasts, or follow me on Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).
 
 ## Let's improve PEASS together
 

build_lists/sensitive_files.yaml

@@ -1141,6 +1141,15 @@ search:
           - name: "authorized_keys"
             value: 
                 good_regex: 'from=[\w\._\-]+'
+                bad_regex: "command=.*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "*.pub"
+            value:
+                bad_regex: "command=.*"
+                only_bad_lines: True
                 type: f
                 search_in: 
                   - common

linPEAS/builder/linpeas_base.sh

@@ -246,7 +246,7 @@ print_support () {
     |                             ${BLUE}Do you like PEASS?${GREEN}                                  |
     |---------------------------------------------------------------------------------| 
     |         ${YELLOW}Get the latest version${GREEN}    :     ${RED}https://github.com/sponsors/carlospolop${GREEN} |
-    |         ${YELLOW}Follow on Twitter${GREEN}         :     ${RED}@carlospolopm${GREEN}                           |
+    |         ${YELLOW}Follow on Twitter${GREEN}         :     ${RED}@hacktricks_live${GREEN}                          |
     |         ${YELLOW}Respect on HTB${GREEN}            :     ${RED}SirBroccoli            ${GREEN}                 |
     |---------------------------------------------------------------------------------|
     |                                 ${BLUE}Thank you! ${GREEN}                                     |

linPEAS/builder/linpeas_parts/1_system_information.sh

@@ -128,7 +128,7 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
     print_2title "Executing Linux Exploit Suggester"
     print_info "https://github.com/mzet-/linux-exploit-suggester"
     les_b64="peass{LES}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
     echo ""
 fi
 

linPEAS/builder/linpeas_parts/6_users_information.sh

@@ -25,7 +25,7 @@ if [ "$MACPEAS" ];then
 
   print_2title "SystemKey"
   ls -l /var/db/SystemKey
-  if [ -r "/var/db/SystemKey" ]; then 
+  if [ -r "/var/db/SystemKey" ]; then
     echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},";
     hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},";
   fi
@@ -71,7 +71,7 @@ fi
 for filename in /etc/sudoers.d/*; do
   if [ -r "$filename" ]; then
     echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g"
-    grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" 
+    grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g"
   fi
 done
 echo ""
@@ -80,17 +80,17 @@ echo ""
 print_2title "Checking sudo tokens"
 print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens"
 ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
-if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then 
+if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then
   echo "ptrace protection is disabled (0), so sudo tokens could be abused" | sed "s,is disabled,${SED_RED},g";
-  
-  if [ "$(command -v gdb 2>/dev/null)" ]; then 
+
+  if [ "$(command -v gdb 2>/dev/null)" ]; then
     echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g";
   fi
-  
-  if [ "$CURRENT_USER_PIVOT_PID" ]; then 
+
+  if [ "$CURRENT_USER_PIVOT_PID" ]; then
     echo "The current user proc $CURRENT_USER_PIVOT_PID is the parent of a different user proccess" | sed -${E} "s,.*,${SED_RED},g";
   fi
-  
+
   if [ -f "$HOME/.sudo_as_admin_successful" ]; then
     echo "Current user has .sudo_as_admin_successful file, so he can execute with sudo" | sed -${E} "s,.*,${SED_RED},";
   fi
@@ -100,7 +100,7 @@ if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then
     ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
   fi
 
-else 
+else
   echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";
 
 fi
@@ -110,7 +110,7 @@ echo ""
 if [ -f "/etc/doas.conf" ] || [ "$DEBUG" ]; then
   print_2title "Checking doas.conf"
   doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null)
-  if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then 
+  if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then
     cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW},"
   else echo_not_found "doas.conf"
   fi
@@ -214,8 +214,7 @@ if [ "$EXTRA_CHECKS" ]; then
 fi
 
 #-- UI) Brute su
-EXISTS_SUDO="$(command -v sudo 2>/dev/null)"
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
   print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
   POSSIBE_SU_BRUTE=$(check_if_su_brute);
   if [ "$POSSIBE_SU_BRUTE" ]; then
@@ -228,6 +227,6 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] &&
     printf $GREEN"It's not possible to brute-force su.\n\n"$NC
   fi
 else
-  print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
+  print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)\n"$NC
 fi
 print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC

linPEAS/builder/linpeas_parts/linpeas_base.sh

@@ -74,6 +74,7 @@ THREADS="$( ( (grep -c processor /proc/cpuinfo 2>/dev/null) || ( (command -v lsc
 HELP=$GREEN"Enumerate and search Privilege Escalation vectors.
 ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors.
       ${GREEN}  Checks:
+        ${YELLOW}    -a${BLUE} Perform all checks: 1 min of processes, su brute, and extra checks.
         ${YELLOW}    -o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list.
         ${YELLOW}    -s${BLUE} Stealth & faster (don't check some time consuming checks)
         ${YELLOW}    -e${BLUE} Perform extra enumeration
@@ -81,20 +82,20 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
         ${YELLOW}    -r${BLUE} Enable Regexes (this can take from some mins to hours)
         ${YELLOW}    -P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
 	${YELLOW}    -D${BLUE} Debug mode
-	
+
       ${GREEN}  Network recon:
         ${YELLOW}    -t${BLUE} Automatic network scan & Internet conectivity checks - This option writes to files
 	${YELLOW}    -d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
         ${YELLOW}    -p <PORT(s)> -d <IP/NETMASK>${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
         ${YELLOW}    -i <IP> [-p <PORT(s)>]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
         $GREEN     Notice${BLUE} that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed
-      
+
       ${GREEN}  Port forwarding (reverse connection):
         ${YELLOW}    -F LOCAL_IP:LOCAL_PORT:REMOTE_IP:REMOTE_PORT${BLUE} Execute linpeas to forward a port from a your host (LOCAL_IP:LOCAL_PORT) to a remote IP (REMOTE_IP:REMOTE_PORT)
-      
+
       ${GREEN}  Firmware recon:
         ${YELLOW}    -f </FOLDER/PATH>${BLUE} Execute linpeas to search passwords/file permissions misconfigs inside a folder
-	
+
       ${GREEN}  Misc:
         ${YELLOW}    -h${BLUE} To show this message
 	${YELLOW}    -w${BLUE} Wait execution between big blocks of checks
@@ -124,12 +125,12 @@ while getopts "h?asd:p:i:P:qo:LMwNDterf:F:" opt; do
     r)  REGEXES="1";;
     f)  SEARCH_IN_FOLDER=$OPTARG;
     	if ! [ "$(echo -n $SEARCH_IN_FOLDER | tail -c 1)" = "/" ]; then #Make sure firmware folder ends with "/"
-        SEARCH_IN_FOLDER="${SEARCH_IN_FOLDER}/"; 
+        SEARCH_IN_FOLDER="${SEARCH_IN_FOLDER}/";
       fi;
           ROOT_FOLDER=$SEARCH_IN_FOLDER;
       REGEXES="1";
 	    CHECKS="procs_crons_timers_srvcs_sockets,software_information,interesting_perms_files,interesting_files,api_keys_regex";;
-	
+
     F)  PORT_FORWARD=$OPTARG;;
     esac
 done
@@ -244,9 +245,9 @@ print_support () {
   printf """
     ${GREEN}/---------------------------------------------------------------------------------\\
     |                             ${BLUE}Do you like PEASS?${GREEN}                                  |
-    |---------------------------------------------------------------------------------| 
+    |---------------------------------------------------------------------------------|
     |         ${YELLOW}Get the latest version${GREEN}    :     ${RED}https://github.com/sponsors/carlospolop${GREEN} |
-    |         ${YELLOW}Follow on Twitter${GREEN}         :     ${RED}@carlospolopm${GREEN}                           |
+    |         ${YELLOW}Follow on Twitter${GREEN}         :     ${RED}@hacktricks_live${GREEN}                          |
     |         ${YELLOW}Respect on HTB${GREEN}            :     ${RED}SirBroccoli            ${GREEN}                 |
     |---------------------------------------------------------------------------------|
     |                                 ${BLUE}Thank you! ${GREEN}                                     |
@@ -315,7 +316,7 @@ idB="euid|egid$baduid"
 sudovB="[01].[012345678].[0-9]+|1.9.[01234]|1.9.5p1"
 
 mounted=$( (cat /proc/self/mountinfo || cat /proc/1/mountinfo) 2>/dev/null | cut -d " " -f5 | grep "^/" | tr '\n' '|')$(cat /etc/fstab 2>/dev/null | grep -v "#" | grep -E '\W/\W' | awk '{print $1}')
-if ! [ "$mounted" ]; then 
+if ! [ "$mounted" ]; then
   mounted=$( (mount -l || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts) 2>/dev/null | grep "^/" | cut -d " " -f1 | tr '\n' '|')$(cat /etc/fstab 2>/dev/null | grep -v "#" | grep -E '\W/\W' | awk '{print $1}')
 fi
 if ! [ "$mounted" ]; then mounted="ImPoSSssSiBlEee"; fi #Don't let any blacklist to be empty
@@ -672,7 +673,7 @@ print_title(){
   printf "╚"
   for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
   printf "╝"
-  
+
   printf $NC
   echo ""
 }
@@ -745,8 +746,9 @@ su_brute_user_num (){
 }
 
 check_if_su_brute(){
+  EXISTS_SU="$(command -v su 2>/dev/null)"
   error=$(echo "" | timeout 1 su $(whoami) -c whoami 2>&1);
-  if ! echo $error | grep -q "must be run from a terminal"; then
+  if [ "$EXISTS_SU" ] && ! echo $error | grep -q "must be run from a terminal"; then
     echo "1"
   fi
 }
@@ -1133,7 +1135,7 @@ elif echo $CHECKS | grep -q procs_crons_timers_srvcs_sockets || echo $CHECKS | g
 
   wait # Always wait at the end
   CONT_THREADS=0 #Reset the threads counter
-fi 
+fi
 
 if [ "$SEARCH_IN_FOLDER" ] || echo $CHECKS | grep -q procs_crons_timers_srvcs_sockets || echo $CHECKS | grep -q software_information || echo $CHECKS | grep -q interesting_files; then
   #GENERATE THE STORAGES OF THE FOUND FILES

metasploit/README.md

@@ -26,7 +26,7 @@ msf6 post(multi/gather/peass) > show info
        Rank: Normal
 
 Provided by:
-  Carlos Polop <@carlospolopm>
+  Carlos Polop <@hacktricks_live>
 
 Compatible session types:
   Meterpreter

metasploit/peass.rb

@@ -25,7 +25,7 @@ class MetasploitModule < Msf::Post
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'Carlos Polop <@carlospolopm>'
+          'Carlos Polop <@hacktricks_live>'
         ],
       'Platform'       => %w{ bsd linux osx unix win },
       'SessionTypes'   => ['shell', 'meterpreter'],

winPEAS/README.md

@@ -9,10 +9,12 @@ Check more **information about how to exploit** found misconfigurations in **[bo
 ## Quick Start
 Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
 
-## WinPEAS .exe and .bat
-- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) 
-- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
+## WinPEAS Flavours
+- [Link to WinPEAS C# .exe project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) (.Net >= 4.5.2 required)
     - **Please, read the Readme of that folder to learn how to execute winpeas from memory or how make colors work among other tricks**
+- [Link to WinPEAS .ps1 project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASps1)
+- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) 
+
 
 ## PEASS Style
 

winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs

@@ -82,7 +82,7 @@ namespace winPEAS.Helpers
        |                             {1}Do you like PEASS?{0}                                  |
        |---------------------------------------------------------------------------------| 
        |         {3}Get the latest version{0}    :     {2}https://github.com/sponsors/carlospolop{0} |
-       |         {3}Follow on Twitter{0}         :     {2}@carlospolopm{0}                           |
+       |         {3}Follow on Twitter{0}         :     {2}@hacktricks_live{0}                           |
        |         {3}Respect on HTB{0}            :     {2}SirBroccoli            {0}                 |
        |---------------------------------------------------------------------------------|
        |                                 {1}Thank you!{0}                                      |
@@ -98,7 +98,7 @@ namespace winPEAS.Helpers
                 PrintBanner();
             }
 
-            Console.WriteLine(YELLOW + "  WinPEAS-ng" + NOCOLOR + YELLOW + " by @carlospolopm" + NOCOLOR);
+            Console.WriteLine(YELLOW + "  WinPEAS-ng" + NOCOLOR + YELLOW + " by @hacktricks_live" + NOCOLOR);
 
             PrintMarketingBanner();
 

winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
@@ -7,9 +8,11 @@ using System.Management;
 using System.Net;
 using System.Net.NetworkInformation;
 using System.Windows.Forms;
+using System.Text.RegularExpressions;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
 
+
 namespace winPEAS.Info.SystemInfo
 {
     class SystemInfo
@@ -44,11 +47,65 @@ namespace winPEAS.Info.SystemInfo
             }
             return false;
         }
-
+        
         //From Seatbelt
         public static Dictionary<string, string> GetBasicOSInfo()
         {
             Dictionary<string, string> results = new Dictionary<string, string>();
+
+            // Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
+            
+            Process process = new Process();
+
+            // Configure the process to run the systeminfo command
+            process.StartInfo.FileName = "systeminfo.exe";
+            process.StartInfo.UseShellExecute = false;
+            process.StartInfo.RedirectStandardOutput = true;
+
+            // Start the process
+            process.Start();
+
+            // Read the output of the command
+            string output = process.StandardOutput.ReadToEnd();
+
+            // Wait for the command to finish
+            process.WaitForExit();
+
+
+            // Split the output by newline characters
+            string[] lines = output.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries);
+            
+            string osname = @".*?Microsoft[\(R\)]{0,3} Windows[\(R\)?]{0,3} ?(Serverr? )?(\d+\.?\d?( R2)?|XP|VistaT).*";
+            string osversion = @".*?((\d+\.?){3}) ((Service Pack (\d)|N\/\w|.+) )?[ -\xa5]+ (\d+).*";
+            // Iterate over each line and add key-value pairs to the dictionary
+            foreach (string line in lines)
+            {
+                int index = line.IndexOf(':');
+                if (index != -1)
+                {
+                    string key = line.Substring(0, index).Trim();
+                    string value = line.Substring(index + 1).Trim();
+                    if (Regex.IsMatch(value, osname, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Name"] = value;
+                    }
+                    //I have to find a better way. Maybe use regex from wes-ng
+                    if (Regex.IsMatch(value, osversion, RegexOptions.IgnoreCase))
+                    {
+                        results["OS Version"] = value;
+                    }
+
+                    if (value.Contains("based PC")) 
+                    {
+                        results["System Type"] = value;
+                    }
+                    
+                }
+            }
+
+            // ENDING Systeminfo from cmd to be able to use wes-ng
+            ///////////////////////////////////////////////
             try
             {
                 string ProductName = RegistryHelper.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "ProductName");

winPEAS/winPEASps1/README.md

@@ -0,0 +1,26 @@
+# Windows Privilege Escalation Awesome Script (.ps1)
+
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png)
+
+**WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation)**
+
+Check also the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation)**
+
+## Mantainer
+
+The official **maintainer of this script is [RandolphConley](https://github.com/RandolphConley)**.
+
+## Quick Start
+
+Download the **[latest releas from here](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
+
+```bash
+powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/WinPeas.ps1')"
+```
+
+## Advisory
+
+All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+
+
+By Polop