[suggestion] Enumerate valid CLSID's about peass-ng HOT 3 CLOSED

Hi @websecnl,

Thanks for the suggestion.
A list like all the CLSID's in the machine could be very annoying if it's not useful.
Could let me know where is it useful so we can think when is interesting to list the CLSIDs? Maybe for exploiting Juicy Potato?

from peass-ng.

@carlospolop

It is useful for privileges escalation using the Juicy Potato exploit.
this requires enumeration of service CLSID's.

For more information regarding this see: https://github.com/TsukiCTF/Lovely-Potato

I Believe it would be great for the winPEASany as this might be one of the tasks during the OSCP Exam / Labs.

So far i can only find powershell scripts that do this, however it would be great if someone was willing to add this into a binary without the requirement of having powershell enabled.

from peass-ng.

Hi again @websecnl,

The problem in this case is that there are so many CLSIDs that listing them will make very ugly the output of the tool (making it useless in my perspective).
Also, even if Winpeas just list CLSIDs when SeImpersonatePrivilege is discovered, the user probably won't be able to look formore privilege escalation vectors due to the amount od CLSIDs listed.
Moreover, notice that (I think) JuicyPotato is not working in the latest versions of Windows, at least I read something about it some weeks ago.

Thank you for the suggestion but I'm not going to add this feature due to the problems mentioned before.
Please, feel free to make other suggestions in the future.

from peass-ng.