{"id":125,"date":"2018-07-10T13:31:26","date_gmt":"2018-07-10T13:31:26","guid":{"rendered":"https:\/\/int64software.com\/blog\/?p=125"},"modified":"2018-07-10T13:31:26","modified_gmt":"2018-07-10T13:31:26","slug":"tutorial-privilege-escalation-vulnerability-scan-tool-and-overcee","status":"publish","type":"post","link":"https:\/\/int64software.com\/blog\/2018\/07\/10\/tutorial-privilege-escalation-vulnerability-scan-tool-and-overcee\/","title":{"rendered":"Tutorial: Privilege Escalation Vulnerability Scan Tool and Overcee"},"content":{"rendered":"<p>We previously mentioned that the free Privilege Escalation Vulnerability Scan (PEVS) Tool released last week could be perfectly combined with our Delegated Device Managements platform, <a href=\"https:\/\/overcee.com\">Overcee<\/a>. So we thought we&#8217;d delve in and show you how this simple task can be setup.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-121 size-full\" title=\"Overcee\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/email-bg-1-crp.png\" alt=\"Overcee\" width=\"900\" height=\"372\" \/><\/p>\n<h2>Sharing Tools for Execution<\/h2>\n<p>In our development environment, we already have a shared folder configured for deploying various tools and installers across the network. Its NTFS permissions are simple as the Remote Execution tool run as Local System on our client devices.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-127 size-full\" title=\"Overcee Shared Folder Permissions\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/01b.deployshare_perms.png\" alt=\"Overcee Shared Folder Permissions\" width=\"367\" height=\"483\" \/><\/p>\n<p>Here we&#8217;ve just added the Domain Computers and granted it Read &amp; execute permissions.<\/p>\n<p>Now we just need to copy the PEVS files into it.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-126 size-full\" title=\"Overcee Share PEVS Files\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/01.deployshare.png\" alt=\"Overcee Share PEVS Files\" width=\"676\" height=\"223\" \/><\/p>\n<h2>Configuring the Overcee Tool<\/h2>\n<p>That done, we can head straight into Overcee and create a new Remote Execution tool to run PEVS.<\/p>\n<p><a href=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/02.new_remote_exec.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-128 size-full\" title=\"Overcee: New Remote Execution Tool\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/02.new_remote_exec.gif\" alt=\"Overcee: New Remote Execution Tool\" width=\"1104\" height=\"642\" \/><\/a><\/p>\n<p>We&#8217;ve been over the creation and configuration of tools in <a href=\"https:\/\/int64software.com\/blog\/2018\/05\/30\/overcee-and-variables\/\">previous blog posts<\/a>, as well as having extensive information in the Overcee documentation, so we won&#8217;t go over the all of the options here.<\/p>\n<p><a href=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/03.tool_config_details.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-129 size-full\" title=\"Overcee: PEVS Tool Definition\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/03.tool_config_details.png\" alt=\"Overcee: PEVS Tool Definition\" width=\"890\" height=\"739\" \/><\/a><\/p>\n<p>Here we&#8217;ve set the new tools name, description and help text to relevant values to help identify the tool and what it does.<\/p>\n<p><a href=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/04.tool_config_cmdline.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-130 size-full\" title=\"Overcee: PEVS Tool Command Line\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/04.tool_config_cmdline.png\" alt=\"Overcee: PEVS Tool Command Line\" width=\"893\" height=\"717\" \/><\/a><\/p>\n<p>The Command Line is the most important section for us here as we point it to our development server&#8217;s &#8220;Deploy&#8221; shared folder and the privesc.exe PEVS executable.<\/p>\n<p>By default, PEVS doesn&#8217;t require any command line options when it&#8217;s running locally on the remote computer (i.e. through the Remote Execution tool).<\/p>\n<p>Note that we lock down the tool completely so that future tools derived from this one, and when this tool itself is run, none of the variables can be modified (unless the user has write access to this tool). For more information on this, see our article on <a href=\"https:\/\/int64software.com\/blog\/2018\/05\/17\/understanding-overcee-permissions\/\">Understanding Overcee Permissions<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-132 size-full\" title=\"Overcee: PEVS Tool Created\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/05.new_tool_created.png\" alt=\"Overcee: PEVS Tool Created\" width=\"949\" height=\"114\" \/><\/p>\n<h2>Conclusion<\/h2>\n<p>That&#8217;s it, with the tool created, we are now free to run it on our client devices.<\/p>\n<p>Here you can see the result of running it on a device which has a couple of (deliberately placed) vulnerabilities.<\/p>\n<p><a href=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/06.scan_result.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-133 size-full\" title=\"Overcee: PEVS Tool Results\" src=\"https:\/\/int64software.com\/blog\/wp-content\/uploads\/2018\/07\/06.scan_result.png\" alt=\"Overcee: PEVS Tool Results\" width=\"1074\" height=\"668\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We previously mentioned that the free Privilege Escalation Vulnerability Scan (PEVS) Tool released last week could be perfectly combined with our Delegated Device Managements platform, Overcee. So we thought we&#8217;d delve in and show you how this simple task can be setup.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[13,4,7],"tags":[5,41,31,39,40,8],"class_list":["post-125","post","type-post","status-publish","format-standard","hentry","category-blog","category-overcee","category-tutorial","tag-overcee","tag-pevs","tag-privilege-escalation","tag-remote-execution","tag-tool","tag-tutorial"],"_links":{"self":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/comments?post=125"}],"version-history":[{"count":3,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/125\/revisions"}],"predecessor-version":[{"id":136,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/125\/revisions\/136"}],"wp:attachment":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/media?parent=125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/categories?post=125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/tags?post=125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}