Aggressor scripts for Cobalt Strike
This is a cna for the silentcleanup UAC bypass that bypasses "always notify" aka the highest UAC setting, even on Windows 10 (1909) as per March 2020. You can find details here.
This code uses plaintext's C# port of the bypass, which can be found here.
I modified the code a bit (line 45 or line 46, depending on whether a command is passed or an exe is passed as an arg).
With the exe method (uac-silentcleanup-exe), powershell.exe is called along with Start-Process -NoNewWindow to attempt to hide any indication that a new program was launched.
With the command method (uac-silentcleanup-command), cmd.exe /c is used to pass a command string provided by the user.
Run it from CS with
beacon > runasadmin uac-silentcleanup-exe c:\windows\temp\beacon.exe
beacon > runasadmin uac-silentcleanup-command net user Jim.Lahey Liquor1 /add