:boom: Automox Windows Agent Privilege Escalation Exploit# CVE-2021-43326 Exploit
Automox Windows Agent Privilege Escalation Exploit
```Lacework Labs Blog Post``` https://www.lacework.com/blog/cve-2021-43326/
```Automox Community Post``` https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636
```CVE-2021-43326``` https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-43326
# Instructions
Modify exploit.ps1 with the desired commands you would like to run as SYSTEM and then run the exploit.ps1 script and wait for the agent polling process to take place. This should happen every hour.
```powershell
.\exploit.ps1
```
To manually trigger the agent polling and force automox to query the local system, modify the getOS.sh script with your organization's parameters and run the script to trigger agent polling.
```bash
chmod +x getOS.sh; ./getOS.sh
```
# Disclaimer
Automox has patched this vulnerability - only versions 31 - 33 are susceptible to this attack. This code is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.
# Author
greg.foss[at]owasp.org
[4.0K] /data/pocs/bec054b9f090dfe7b8312a86a8e64dcaf387526d
├── [1.5K] exploit.ps1
├── [ 279] getOS.sh
├── [ 11K] LICENSE
└── [1.2K] README.md
0 directories, 4 files