SharpUp is a C# port of various PowerUp functionality. Currently, only the most common checks have been ported; no weaponization functions have yet been implemented.
@harmj0y is the primary author.
@mikeloss mangled it a bit, and added the check for dropping a .config next to a .net service binary.
He also took a bunch of PRs from the GhostPack/SharpUp repo and merged them in because they looked good. They were by: Raikia, RemiEscourrou, Coder666, e0x70i, cnotin, and vysecurity.
SharpUp is licensed under the BSD 3-Clause license.
C:\Temp>SharpUp.exe
=== SharpUp: Running Privilege Escalation Checks ===
=== Modifiable Services ===
Name : VulnSvc
DisplayName : VulnSvc
Description :
State : Stopped
StartMode : Auto
PathName : C:\Program Files\VulnSvc\VulnSvc.exe
=== Modifiable Service Binaries ===
Name : VulnSvc2
DisplayName : VulnSvc22
Description :
State : Stopped
StartMode : Auto
PathName : C:\VulnSvc2\VulnSvc2.exe
=== AlwaysInstallElevated Registry Keys ===
=== Modifiable Folders in %PATH% ===
Modifable %PATH% Folder : C:\Go\bin
=== Modifiable Registry Autoruns ===
=== *Special* User Privileges ===
=== Unattended Install Files ===
=== McAfee Sitelist.xml Files ===
[*] Completed Privesc Checks in 11 seconds
We are not planning on releasing binaries for SharpUp, so you will have to compile yourself :)
SharpUp has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.
SharpUp incorporates various code C# snippets and bits of PoCs found throughout research for its capabilities. These snippets and authors are highlighted in the appropriate locations in the source code, and include: