Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt

Use this file to discover all available pages before exploring further.

invoke-checklocaladminaccess checks whether the provided account has local administrator access on a specific Windows host by attempting to open a connection to the ADMIN$ administrative share via SMB. If the connection succeeds, the account has local admin rights on that host; if it is denied, it does not. This is the same primitive used internally by invoke-userhunter --check-access to validate admin access during user hunting, but here it is exposed as a standalone command for quick spot-checks against a single target. Both domain and local credentials are accepted.
For bulk checks across many hosts at once, use invoke-userhunter with the --check-access flag, which runs this check in parallel across all discovered computers. Use invoke-checklocaladminaccess for targeted, single-host validation.

Flags

--computername
string
required
IP address or hostname of the target Windows host to check local admin access on.
-w, --workgroup
string
Name of the domain to authenticate with. Can be omitted when using local credentials.
-u, --user
string
Username for authentication. Accepts both domain accounts (DOMAIN\user) and local accounts.
-p, --password
string
Password associated with the specified username.
--hashes
string
NTLM hashes for pass-the-hash authentication. Format: [LMHASH:]NTHASH. The LM portion can be omitted or replaced with the empty LM hash.
-k
boolean
Use Kerberos authentication. Reads credentials from the ccache file pointed to by KRB5CCNAME. Falls back to the provided username and password if no valid ticket is found.
-l, --logging-level
string
Logging verbosity sent to stderr. Choices: CRITICAL (default), WARNING, DEBUG, ULTRA.
--json
boolean
Print results as JSON instead of the default human-readable format.

Examples

# Check if 'alice' has local admin access on a host
pywerview invoke-checklocaladminaccess --computername 192.168.1.10 -u alice -p 'P@ssw0rd' -w contoso.com

# Check using local credentials
pywerview invoke-checklocaladminaccess --computername 192.168.1.10 -u Administrator -p 'LocalP@ss'

# Pass-the-hash check
pywerview invoke-checklocaladminaccess --computername 192.168.1.10 \
  -u alice --hashes :a87f3a337d73085c45f9416be5787d86 -w contoso.com

# JSON output
pywerview invoke-checklocaladminaccess --computername 192.168.1.10 \
  -u alice -p 'P@ssw0rd' -w contoso.com --json
Repeated failed access attempts against ADMIN$ may trigger account lockout policies or alert on endpoint detection systems. Use this command judiciously during an engagement and prefer a single targeted check over iterating rapidly across many hosts.

Build docs developers (and LLMs) love

Get started for freeTalk to us