Automating local enumeration with JAWS

JAWS is an open-source PowerShell script designed to help penetration testers automate local enumeration and identify privilege escalation vectors on Windows systems.

To use this script, you will need to copy the script into your lab environment. To begin with, you can access the script through the following GitHub repository:

GitHub - 411Hall/JAWS: JAWS - Just Another Windows (Enum) ScriptGitHub

On the GitHub repo, navigate to the jaws-enum.ps1 script as shown in the following screenshot.

You will then need to view the script in raw format, this can be done by clicking the raw button as shown in the following screenshot.

You will now need to copy the content of the script in raw format and paste it into the lab environment clipboard.

Once you have copied the script from the GitHub repo, navigate back to the Kali Linux system in your lab environment and create a new file with a text editor like Mousepad.

Then paste in the script you copied in the file, after which save the file as jaws-enum.ps1 as shown in the following screenshots.

We can now navigate back to our meterpreter session and navigate to the C:\ drive by running the following command:

Command:

cd C:\\

We will then need to create the temp directory by running the following command:

Command:

mkdir temp

Command:

cd temp

We can now upload the jaws-enum.ps1 script we copied from the GitHub repo by running the following command:

Command:

upload /root/Desktop/jaws-enum.ps1

After uploading the script successfully, we will need to spawn a command shell session, this can be done by running the following command:

Command:

shell

We can now execute the jaws-enum.ps1 script by running the following command:

Command:

powershell.exe -ExecutionPolicy Bypass -File .\jaws-enum.ps1 -OutputFilename JAWS-Enum.txt

As shown in the preceding screenshot, the jaws-enum.ps1 script will run and save the results into a file called JAWS-Enum.txt.

Note: JAWS will take a couple of minutes to complete the enumeration process, so do not be alarmed if the script looks like it has paused or stopped running.

Once the jaws-enum.ps1 script is done, we can download the output file for analysis, this can be done by running the following command:

Command:

download JAWS-Enum.txt

Now that we have downloaded the output generated by the jaws-enum.ps1 script, we can open up the output file on our Kali system by navigating to /root/ and opening the JAWS-Enum.txt file with the mousepad as shown in the following screenshot.

As shown in the preceding screenshot, the output file generated by jaws-enum.ps1 contains all relevant information about the target system that we would have otherwise had to have enumerated manually.

Take a few minutes to go through the output file and analyze what information JAWS was able to enumerate in addition to any potentially interesting information that we were unable to enumerate manually or with Metasploit modules.

PreviousWindows Basics NextShells

Last updated 2 hours ago