AlwaysInstallElevated | Infiltr8: The Red-Book

Last updated 1 year ago

Was this helpful?

Theory

The AlwaysInstallElevated policy feature offers ALL users on a Windows operating systems the ability to install an MSI package file with elevated (system) privileges.

Practice

If it is enabled, it will create the value AlwaysIntstallElevated and set it to 0x1 (enabled) on the following two registry keys. 's reg.py (Python) script can be used to query registry remotely from a UNIX-like machine.

Manual verification of the activation of this parameter is very simple and can be done with two commands. If it is enabled, it will create the value AlwaysIntstallElevated and set it to 0x1 (enabled) on the following two registry keys.

Alternatively, using from Powersploit we can enumerate the AlwaysInstallElevated policy.

Alternatively, using the systeminfo module of

We just have to generate a malicious MSI file and install it with msiexec.exe

Generate a malicious MSI

Then, after downloading it to the target, install the MSI file using msiexec

Resources

Last updated 1 year ago

Was this helpful?