Following the Veris groups instructions:
1. I downloaded the PowerUp.ps1 script from their github repo at https://github.com/HarmJ0y/PowerUp. Notice as of Dec 2014 this repo is no longer supported.
2. Drop the file PowerUp.ps1 into a location you can write to. I have a folder I created called c:\PowerUp.
3. Then execute "powershell.exe -nop -exec bypass" to enable the execution bypass.
4. Then execute "import-module c:\PowerUp\powerup.ps1" of the full path plus the filename of the powershell script.
5. To setup the stage of having a vulnerable service to demonstrate with, I modified the following registry key to allow for an unquoted path vulnerability.