Command argument won't execute with powershell full path
juan-pablito opened this issue · comments
Invoke-EventVwrBypass.ps1
UAC bypass works only when the command argument doesn't specify the powershell executable full path :
Invoke-EventVwrBypass -Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ..." => NOK
Invoke-EventVwrBypass -Command "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe ..." => NOK
Invoke-EventVwrBypass -Command "powershell.exe ..." => OK
Error message : "Cannot start Event Viewer. Application not found"
Tested on :
OS Name: Microsoft Windows 8.1 Enterprise
OS Version: 6.3.9600 N/A Build 9600
System Model: VMware Virtual Platform
System Type: x64-based PC