PowerShell script to aid in the automation of local privilege escalation path with the SpokesUpdateService
Based on the original exploit found here: https://www.exploit-db.com/exploits/47845
Windows Server 2019
- Download the script to the target
- If using a custom payload file, place that in a writable directory on the target
- Run the script
- If using the script as-is, will spawn cmd.exe as SYSTEM
.\Get-Spokes3GSystem.ps1
.\Get-Spokes3GSystem.ps1 -Payload "$($env:USERNAME)|advertise|C:\Windows\Temp\shell.exe"