UAC bypass

Home / Tag: UAC bypass

30 Dec

Windows Privilege Escalation – a cheatsheet

Pentester
Privilege Escalation,Skills
Tags: accesschk, KiTrap0D, MS10-021, MS10-059, MS11-011, ms11-080, Privilege Escalation, sysinternals, UAC bypass
no comments

This is a work in progress. Additions, suggestions and constructive feedback are welcome. The purpose of these cheatsheets is to, essentially, save time during an attack and study session. Stored credentials Search for credentials within: c:\unattend.xml Unattend credentials are stored in base64 and can be decoded manually with base64: user@host $ base64 -d cABhAHMAcwB3AG8AcgBkAFAAYQBzAHMAdwBvAHIAZAA= Metasploit Framework […]

15 Nov

Custom Metasploit payload with UAC bypass

The machine I am attacking has anti-virus installed. I have managed to use Veil Framework in order to create an initial reverse shell payload that is undetected by the AV. However, UAC is enabled on the Windows 7 target. I am trying to use Metasploit’s exploit/windows/local/ask in order to prompt the user, in the hope that they click yes […]