Windows Privilege Escalation - AlwaysInstallElevated
There are many different ways that local privilege escalation can be done on a Windows system. This video goes over priv esc in the case where the AlwaysInstallElevated setting is enabled for the current user. This setting allows a user to run any .msi file and NT AUTHORITY\SYSTEM. An attacker can exploit this by crafting a malicious .msi installer file and running it with system level privileges. This technique can be very helpful to those studying for the OSCP exam.
Join my Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter: / 0xconda
If you found this video helpful and would like to support future creations, please considering visiting the following links:
Patreon: / conda
Buy Me a Coffee: https://www.buymeacoffee.com/conda
Amazon affiliate link (anything purchased through this link will provide me with a small commission): https://amzn.to/3hsHzD2
Commands to Setup Lab:
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated /t REG_DWORD /d 1
reg add HKEY_USERS\(USER_SID)\Software\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated /t REG_DWORD /d 1
Query Commands:
reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
00:00 Misconfiguration Explanation
01:36 Lab Setup
04:08 Exploiting the Misconfiguration
Watch video Windows Privilege Escalation - AlwaysInstallElevated online without registration, duration hours minute second in high quality. This video was added by user Conda 02 May 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 7,668 once and liked it 207 people.