Seatbelt for PrivEsc
Post

Seatbelt for PrivEsc

SEATBELT

Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. You can download from here: SEATBELT

It needs to be compiled, you can follow this guide to compile a C# project using visual studio: DotNet Project Compilation

Below are some common examples of how to use Seatbelt to enumerate information and discover potential privilege escalation opportunities on a Windows system:

Basic Enumeration:

This command runs Seatbelt with the -all flag, which performs a comprehensive enumeration of the system. It provides a wide range of information, including running processes, services, scheduled tasks, user privileges, installed software, and more.

1
.\Seatbelt.exe -all

User Information:

This command checks the User Account Control (UAC) settings and privileges for the current user. It helps identify potential UAC bypass opportunities.

1
.\Seatbelt.exe -uac

Service Enumeration:

This command enumerates information about running services on the system, including their configuration, permissions, and associated binaries. It can help identify services that might be vulnerable to exploitation.

1
.\Seatbelt.exe -services

Scheduled Tasks:

This command lists the scheduled tasks on the system, including details about their execution and permissions. Scheduled tasks can be used to execute code with elevated privileges.

1
.\Seatbelt.exe -t

Registry Information:

This command provides information about the system’s registry settings and keys. It can help identify registry-based privilege escalation opportunities.

1
.\Seatbelt.exe -registry

DLL Hijacking Opportunities:

This command checks for DLL hijacking opportunities by examining the search order for loading DLLs by various processes. It may reveal potential privilege escalation vectors.

1
.\Seatbelt.exe -dll

Network Enumeration:

This command provides information about the system’s network configuration, firewall settings, and active network connections. It can help identify network-related attack vectors.

1
.\Seatbelt.exe -wan

Application Whitelisting Bypass:

This command checks for application whitelisting bypass opportunities on the system. It identifies executables that may be used to run code with elevated privileges.

1
.\Seatbelt.exe -bypass

PowerShell Profile Enumeration:

This command looks for PowerShell profiles and their associated scripts, which may contain malicious code or configuration changes.

1
.\Seatbelt.exe -powerShell

Recent Files and Folders:

This command lists recently accessed files and folders, which may reveal interesting information about user activity on the system.

1
.\Seatbelt.exe -recent