SEATBELT
Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. You can download from here: SEATBELT
It needs to be compiled, you can follow this guide to compile a C# project using visual studio: DotNet Project Compilation
Below are some common examples of how to use Seatbelt to enumerate information and discover potential privilege escalation opportunities on a Windows system:
Basic Enumeration:
This command runs Seatbelt with the -all flag, which performs a comprehensive enumeration of the system. It provides a wide range of information, including running processes, services, scheduled tasks, user privileges, installed software, and more.
1
.\Seatbelt.exe -all
User Information:
This command checks the User Account Control (UAC) settings and privileges for the current user. It helps identify potential UAC bypass opportunities.
1
.\Seatbelt.exe -uac
Service Enumeration:
This command enumerates information about running services on the system, including their configuration, permissions, and associated binaries. It can help identify services that might be vulnerable to exploitation.
1
.\Seatbelt.exe -services
Scheduled Tasks:
This command lists the scheduled tasks on the system, including details about their execution and permissions. Scheduled tasks can be used to execute code with elevated privileges.
1
.\Seatbelt.exe -t
Registry Information:
This command provides information about the system’s registry settings and keys. It can help identify registry-based privilege escalation opportunities.
1
.\Seatbelt.exe -registry
DLL Hijacking Opportunities:
This command checks for DLL hijacking opportunities by examining the search order for loading DLLs by various processes. It may reveal potential privilege escalation vectors.
1
.\Seatbelt.exe -dll
Network Enumeration:
This command provides information about the system’s network configuration, firewall settings, and active network connections. It can help identify network-related attack vectors.
1
.\Seatbelt.exe -wan
Application Whitelisting Bypass:
This command checks for application whitelisting bypass opportunities on the system. It identifies executables that may be used to run code with elevated privileges.
1
.\Seatbelt.exe -bypass
PowerShell Profile Enumeration:
This command looks for PowerShell profiles and their associated scripts, which may contain malicious code or configuration changes.
1
.\Seatbelt.exe -powerShell
Recent Files and Folders:
This command lists recently accessed files and folders, which may reveal interesting information about user activity on the system.
1
.\Seatbelt.exe -recent