{"id":14976825,"url":"https://github.com/advancedhacker101/bypass-uac","last_synced_at":"2026-03-17T06:37:43.242Z","repository":{"id":80741690,"uuid":"95224759","full_name":"AdvancedHacker101/Bypass-Uac","owner":"AdvancedHacker101","description":"Small utility written in c++ to bypass windows UAC prompt","archived":false,"fork":false,"pushed_at":"2018-08-04T18:33:14.000Z","size":88,"stargazers_count":38,"open_issues_count":1,"forks_count":25,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-09-28T22:41:01.587Z","etag":null,"topics":["c-plus-plus","c-sharp","uac","uac-bypass","windows-7"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AdvancedHacker101.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-23T13:54:07.000Z","updated_at":"2024-08-12T19:30:49.000Z","dependencies_parsed_at":"2023-03-06T04:30:21.821Z","dependency_job_id":null,"html_url":"https://github.com/AdvancedHacker101/Bypass-Uac","commit_stats":{"total_commits":14,"total_committers":3,"mean_commits":4.666666666666667,"dds":0.2857142857142857,"last_synced_commit":"2d4e8373699f32867be4ee2306786b958b042394"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AdvancedHacker101%2FBypass-Uac","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AdvancedHacker101%2FBypass-Uac/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AdvancedHacker101%2FBypass-Uac/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AdvancedHacker101%2FBypass-Uac/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AdvancedHacker101","download_url":"https://codeload.github.com/AdvancedHacker101/Bypass-Uac/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219860664,"owners_count":16556016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-plus-plus","c-sharp","uac","uac-bypass","windows-7"],"created_at":"2024-09-24T13:54:30.734Z","updated_at":"2025-10-27T21:31:28.216Z","avatar_url":"https://github.com/AdvancedHacker101.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bypass UAC\nThis project can bypass UAC on an administrator account with default UAC settings  \nThe project contains snippets from the UacMe project by hfiref0x, but formatted to work with the [c# R.A.T Client](https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client)  \n## Disclaimer\nThis application is for educational purposes only.  \nUsing this tool without understanding how it's working can lead to negative consequences  \nI'm not responsible for the consequences of using this tool!  \nOnly run it on a computer you have permission to!\n## How it works\nThe bypass has 2 main parts  \n1. Copy a fake dll to System32  \nThis can be done with IFileOperation  \n2. Execute the fake dll with Admin privs  \npkgmgr.exe with the `/n:` options calls Dism.exe which has dll hijacking vuln  \npkgmgr is an autoelevating .exe, it requires no uac prompt or admin privs, but runs on High IL  \nThe executing is done by running: `pkgmgr.exe /quiet /n:unattend.xml`  \nAfter this the High IL Dll executes the R.A.T client with admin privs  \n**testDll**: the fake DismCore.dll which will be copied to System32  \n**testAnything**: a launcher, which executes the dll  \n**copyFile**: copies a file to the destination, without the uac prompt  \n\n## System requirements  \n### On 32 bit (x86) Machine\n**x86 Release** build of testDll  \n**x86 Release** build of testAnything  \n**x86 Release** build of copyFile  \n### On 64 bit (x64) Machine  \n**x64 Release** build of testDll  \n**x64 Release** build of testAnything  \n**x64 Release** build of copyFile  \n\nThe tool was tested on a Windows7 x64 bit machine  \nThe source code in this form only works with the c# R.A.T client, but you can modify it for your own project  \n## More Information  \nYou can read information related to contribution [here](https://github.com/AdvancedHacker101/Bypass-Uac/blob/master/CONTRIBUTING.md)  \nYou can read the Code of Conduct [here](https://github.com/AdvancedHacker101/Bypass-Uac/blob/master/CODE_OF_CONDUCT.md)  \nYou can view the project's licence [here](https://github.com/AdvancedHacker101/Bypass-Uac/blob/master/LICENSE)  \n*Happy Coding*\n\n**-Advanced Hacking 101**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvancedhacker101%2Fbypass-uac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvancedhacker101%2Fbypass-uac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvancedhacker101%2Fbypass-uac/lists"}