T1191-CMSTP

Based on the research of these people

• https://oddvar.moe/2017/08/15/research-on-cmstp-exe/
• https://gist.github.com/tylerapplebaum

This is just a self contained script to perform UAC bypass and then executed the payload in order to test T1191

https://attack.mitre.org/techniques/T1191/

Simply replace the payload parameter to the payload of your choice.

Warning - This script drops all the files in c:\Users\public\Downloads\ and hides them

Ref:

https://lolbas-project.github.io/lolbas/Binaries/Cmstp/

~ @sec_groundzero