AS2Go

2026.5.5.532

Public/Invoke-Phase07PrivilegeEscalation.ps1

                                function Invoke-Phase07PrivilegeEscalation {

    ################################################################################

    ######                                                                     #####

    ######                Attack Phase - Privilege Escalation                  #####

    ######                                                                     #####

    ################################################################################

    #https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained

    #https://www.microsoft.com/en-us/security/blog/2019/05/09/detecting-credential-theft-through-memory-access-modelling-with-microsoft-defender-atp/

    Param (  

        [switch]$UnAttended,

        [switch]$Continue,

        [Switch]$EnableLogging,

        [switch]$SkipImages,

        [switch]$SkipClearHost,

        [switch]$AS2GoDemo

    )

    $CurrentFunction = Get-FunctionName

    Write-Log -Message "### Start Function $CurrentFunction ###"

    $StartRunTime = (Get-Date).ToString($Script:DateFormatLog)

    #################### main code | out- host #####################

    If (-not $AS2GoDemo) { 

        Set-NewColorSchema -NewStage $Script:InitialStart

        Get-AS2GoSettings 

    }

    If (-not $SkipClearHost) { Clear-Host }

    Update-WindowTitle -NewTitle $Script:Phase07

    Set-KeyValue -key "LastStage" -NewValue $Script:Phase07

    If (-not $SkipImages) { Show-Phases -Phase "phase_007.html" }

    Do {

        # If ($skipstep) { break }     

        If (-not $SkipClearHost) { Clear-Host }

        Set-NewColorSchema -NewStage $Script:InitialStart

        $PrivilegeEscalation = New-PrivilegeEscalationRecommendation -computer $env:COMPUTERNAME

        Write-Host "____________________________________________________________________`n" 

        Write-Host "       Privilege Escalation - Choose your Attack                             "

        Write-Host "____________________________________________________________________`n" 

        Write-Host "     - for a Pass-the-Hash Attack enter:                                 " -NoNewline; Write-Host "H"-ForegroundColor Yellow

        Write-Host "     - for a Pass-the-Ticket Attack enter:                               " -NoNewline; Write-Host "T"-ForegroundColor Yellow

        Write-Host "     - for a Kerberoasting Attack enter:                                 " -NoNewline; Write-Host "K"-ForegroundColor Yellow

        Write-Host "     - for a for Misconfigured Certificate Template Attack (ESC1) enter: " -NoNewline; Write-Host "C"-ForegroundColor Yellow

        Write-Host "     - for a PsExec Attack, eg. to System account enter  :               " -NoNewline; Write-Host "X"-ForegroundColor Yellow

        Write-Host "     - for a Credential Theft through Memory Access enter:               " -NoNewline; Write-Host "M"-ForegroundColor Yellow

        Write-Host "     - to enable the Memory Access enter:                                " -NoNewline; Write-Host "E"-ForegroundColor Yellow

        If ($UnAttended) {

            $answer = $PrivilegeEscalation

        }

        else {

            $question = "Enter your choice or enter [S] to skip this step! Default "

            $answer = Get-Answer -question $question -defaultValue $PrivilegeEscalation

        }

        If ($answer -eq $PtH) {

            #Starting Pass-the-Hash (PtH) Attack on VictimPC

            If (-not $SkipImages) { Show-Phases -Phase "phase_007_PtH.html" }  

            Start-PtHAttack

        }

        elseif ($answer -eq $PtT) {

            If (-not $SkipImages) { Show-Phases -Phase "phase_007_PtT.html" } 

            Start-PtTAttack

        }

        elseif ($answer -eq $PtC ) {

            # If (-not $SkipImages) { Show-Phases -Phase phase_007_PtT.html } 

            New-AuthenticationCertificatesAttack

        }

        elseif ($answer -eq $KrA) {

            #If (-not $SkipImages) { Show-Phases -Phase phase_007_PtT.html } 

            New-KerberoastingAttack

        }

        elseif ($answer -eq $CfM) {

            #If (-not $SkipImages) { Show-Phases -Phase phase_007_PtT.html } 

            New-CredentialTheftThroughMemoryAccess

        }

        elseif ($answer -eq "E") {

            #If (-not $SkipImages) { Show-Phases -Phase phase_007_PtT.html } 

            Set-UseLogonCredential

        }

        elseif ($answer -eq "X") {

            #   If (-not $SkipImages) { Show-Phases -Phase phase_007_PtT.html } 

            New-PrivilegesEscalationtoSystem

        }

        else {

            Write-Host "`n`n    [x] Privilege Escalation was skipped" -ForegroundColor red

        }

        If (-not $SkipClearHost) { Clear-Host }

        Write-Host "____________________________________________________________________`n" 

        Write-Host "        ??? REPEAT | Privilege Escalation  ???           "

        Write-Host "____________________________________________________________________`n" 

        # End "Do ... Until" Loop?

        If ($UnAttended) {

            $repeat = $no

        }

        else {

            $question = "Would you like to repeat this attack phase? Please enter Y or N. Default "

            $repeat = Get-Answer -question $question -defaultValue $no 

        }

    } Until ($repeat -eq $no)

    ######################## main code ############################

    $runtime = Get-RunTime -StartRunTime $StartRunTime

    Write-Log -Message "    Run Time: $runtime [h] ###"

    Write-Log -Message "### End Function $CurrentFunction ###"

}