Share
## https://sploitus.com/exploit?id=BD74F0F3-2B2E-515C-A333-66E63F62C92B
# CVE-2021-43326 Exploit
 Automox Windows Agent Privilege Escalation Exploit

```Lacework Labs Blog Post```  https://www.lacework.com/blog/cve-2021-43326/

```Automox Community Post```  https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636

```CVE-2021-43326```  https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-43326

# Instructions

Modify exploit.ps1 with the desired commands you would like to run as SYSTEM and then run the exploit.ps1 script and wait for the agent polling process to take place. This should happen every hour.

```powershell
.\exploit.ps1
```

To manually trigger the agent polling and force automox to query the local system, modify the getOS.sh script with your organization's parameters and run the script to trigger agent polling. 

```bash
chmod +x getOS.sh; ./getOS.sh
```

# Disclaimer

Automox has patched this vulnerability - only versions 31 - 33 are susceptible to this attack. This code is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.

# Author

greg.foss[at]owasp.org