Privilege Escalation (EoP) on Windows Server 2012 via PowerShell (PS)

Monday 5 December 2016 (2016-12-05)

Saturday 27 September 2025 (2025-09-27)

noraj (Alexandre ZANNI)

security, windows

🇬🇧

Download this powershell script and save it 39719.ps1.
Open an unprivileged powershell terminal.
Go to the folder location where you saved the script.
Source the script: . .\39719.ps1.
Then type Invoke-MS16-032.
Let the magic happens, you just got a nt authority\system cmd.exe.

I tested it on Windows Server 2012 R2 Datacenter Edition 64 bits but author tested it on others Windows.

You can read more about:

the exploit on Exploit Database,
MS16-032 on Google Project Zero.

Script infos:

Author: Ruben Boonen (@FuzzySec)
Blog: http://www.fuzzysecurity.com/
License: BSD 3-Clause
Required Dependencies: PowerShell v2+
Optional Dependencies: None