Last active
October 1, 2023 19:34
-
-
Save atao/a103e443ffb37d5d0f0e7097e4342a28 to your computer and use it in GitHub Desktop.
🕵️ Self privileges escalation with PowerShell.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -RunAsAdministrator | |
#OneLine | |
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } | |
#Or | |
$Loc = Get-Location | |
"Security.Principal.Windows" | % { IEX "( [ $_`Principal ] [$_`Identity ]::GetCurrent() ).IsInRole( 'Administrator' )" } | ? { | |
$True | % { $Arguments = @('-NoProfile','-ExecutionPolicy Bypass','-NoExit','-File',"`"$($MyInvocation.MyCommand.Path)`"","\`"$Loc\`""); | |
Start-Process -FilePath PowerShell.exe -Verb RunAs -ArgumentList $Arguments; } } | |
# Your script here |
mcc85s
commented
Sep 22, 2019
•
Holy mother of incomprehensible spaghetti one-liners
Why not even better, don't forget your current directory:
$Loc = Get-Location
"Security.Principal.Windows" | % { IEX "( [ $_`Principal ] [$_`Identity ]::GetCurrent() ).IsInRole( 'Administrator' )" } | ? {
$True | % { $Arguments = @('-NoProfile','-ExecutionPolicy Bypass','-NoExit','-File',"`"$($MyInvocation.MyCommand.Path)`"","\`"$Loc\`"");
Start-Process -FilePath PowerShell.exe -Verb RunAs -ArgumentList $Arguments; } }
(Get-Location).ToString()
## Any PS code that needs elevation
Read-Host
@github-account1111 it's more easy when you add just one line on the top of your script.
@vivekwebm2020 thanks
@atao not sure what you're saying.
It's "more easy" in what regard?
Certainly not readability or maintenance or debugging or literally anything else.
Should be 79 chars wide or less.
@vivekwebm2020 I just updated the gist !
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment