Skip to content

Instantly share code, notes, and snippets.

@atao
Last active October 1, 2023 19:34
Show Gist options
  • Save atao/a103e443ffb37d5d0f0e7097e4342a28 to your computer and use it in GitHub Desktop.
Save atao/a103e443ffb37d5d0f0e7097e4342a28 to your computer and use it in GitHub Desktop.
🕵️ Self privileges escalation with PowerShell.
#Requires -RunAsAdministrator
#OneLine
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
#Or
$Loc = Get-Location
"Security.Principal.Windows" | % { IEX "( [ $_`Principal ] [$_`Identity ]::GetCurrent() ).IsInRole( 'Administrator' )" } | ? {
$True | % { $Arguments = @('-NoProfile','-ExecutionPolicy Bypass','-NoExit','-File',"`"$($MyInvocation.MyCommand.Path)`"","\`"$Loc\`"");
Start-Process -FilePath PowerShell.exe -Verb RunAs -ArgumentList $Arguments; } }
# Your script here
@github-account1111
Copy link

Holy mother of incomprehensible spaghetti one-liners

@vivekwebm2020
Copy link

vivekwebm2020 commented Jan 22, 2022

Why not even better, don't forget your current directory:

$Loc = Get-Location
"Security.Principal.Windows" | % { IEX "( [ $_`Principal ] [$_`Identity ]::GetCurrent() ).IsInRole( 'Administrator' )" } | ? {
    $True | % { $Arguments =  @('-NoProfile','-ExecutionPolicy Bypass','-NoExit','-File',"`"$($MyInvocation.MyCommand.Path)`"","\`"$Loc\`"");
    Start-Process -FilePath PowerShell.exe -Verb RunAs -ArgumentList $Arguments; } }

(Get-Location).ToString()
## Any PS code that needs elevation
Read-Host

@atao
Copy link
Author

atao commented Jan 25, 2022

@github-account1111 it's more easy when you add just one line on the top of your script.

@vivekwebm2020 thanks

@github-account1111
Copy link

@atao not sure what you're saying.
It's "more easy" in what regard?
Certainly not readability or maintenance or debugging or literally anything else.
Should be 79 chars wide or less.

@atao
Copy link
Author

atao commented Feb 10, 2022

@vivekwebm2020 I just updated the gist !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment