macostag/PowerUp Cheat Sheets.

## PowerUp Cheat Sheets.
######################################
# Enumerating Service Vulnerabilities
######################################
# Returns services with unquoted paths that also have a space in the name.
Get-UnquotedService

# Returns services where the current user can write to the service binary path or its config.
Get-ModifiableServiceFile

# Returns services the current user can modify.
Get-ModifiableService

# Returns detailed information about a specified service.
Get-ServiceDetail

######################################
# DLL Hijacking
######################################
# Finds service %PATH% DLL hijacking opportunities
Find-PathDLLHijack

######################################
# Registry Checks:
######################################
# Checks if the AlwaysInstallElevated registry key is set
Get-RegistryAlwaysInstallElevated

# Checks for Autologon credentials in the registry
Get-RegistryAutoLogon

# Checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns
Get-ModifiableRegistryAutoRun

######################################
# Miscellaneous Checks
######################################
# Find schtasks with modifiable target files.
Get-ModifiableScheduledTaskFile

# Finds remaining unattended installation files.
Get-UnattendedInstallFile

# Checks for any encrypted web.config strings.
Get-Webconfig

# Checks for encrypted application pool and virtual directory passwords.
Get-ApplicationHost

# Retrieves the plaintext passwords for any found McAfee's SiteList.xml files.
Get-SiteListPassword

# Checks for passwords in cached Group Policy Preferences files.
Get-CachedGPPPassword

######################################
# Other Helpers/Meta-Functions
######################################
# Runs all current escalation checks and returns a report (formerly Invoke-AllChecks)
Invoke-PrivescAudit -HTMLReport
	######################################
	# Enumerating Service Vulnerabilities
	######################################
	# Returns services with unquoted paths that also have a space in the name.
	Get-UnquotedService

	# Returns services where the current user can write to the service binary path or its config.
	Get-ModifiableServiceFile

	# Returns services the current user can modify.
	Get-ModifiableService

	# Returns detailed information about a specified service.
	Get-ServiceDetail

	######################################
	# DLL Hijacking
	######################################
	# Finds service %PATH% DLL hijacking opportunities
	Find-PathDLLHijack

	######################################
	# Registry Checks:
	######################################
	# Checks if the AlwaysInstallElevated registry key is set
	Get-RegistryAlwaysInstallElevated

	# Checks for Autologon credentials in the registry
	Get-RegistryAutoLogon

	# Checks for any modifiable binaries/scripts (or their configs) in HKLM autoruns
	Get-ModifiableRegistryAutoRun

	######################################
	# Miscellaneous Checks
	######################################
	# Find schtasks with modifiable target files.
	Get-ModifiableScheduledTaskFile

	# Finds remaining unattended installation files.
	Get-UnattendedInstallFile

	# Checks for any encrypted web.config strings.
	Get-Webconfig

	# Checks for encrypted application pool and virtual directory passwords.
	Get-ApplicationHost

	# Retrieves the plaintext passwords for any found McAfee's SiteList.xml files.
	Get-SiteListPassword

	# Checks for passwords in cached Group Policy Preferences files.
	Get-CachedGPPPassword

	######################################
	# Other Helpers/Meta-Functions
	######################################
	# Runs all current escalation checks and returns a report (formerly Invoke-AllChecks)
	Invoke-PrivescAudit -HTMLReport