News

Published on February 23rd, 2018 📆 | 2779 Views ⚑

0

UACME: Defeating Windows User Account Control


english text to speech voices

UACMe

  • Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.

System Requirements

  • x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too).
  • Admin account with UAC set on default settings required.

Download

git clone https://github.com/hfiref0x/UACME.git
 [adsense size='1' ]

Usage

Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See “Run examples” below for more info.

First, param is a number of methods to use, second is the optional command (executable file name including full path) to run. The second param can be empty – in this case, program will execute elevated cmd.exe from system32 folder.

[adsense size='1' ]





Warning

  • This tool shows ONLY popular UAC bypass method used by malware, and reimplement some of them in a different way improving original concepts. There are exists different, not yet known to general public methods, be aware of this;
  • Using (5) method will permanently turn off UAC (after reboot), make sure to do this in test environment or don’t forget to re-enable UAC after tool usage;
  • Using (5), (9) methods will permanently compromise security of target keys (UAC Settings key for (5) and IFEO for (9)), if you do tests on your real machine – restore keys security manually after you complete this tool usage;
  • This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk;
  • Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope;
  • If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code;
  • Most of methods created for x64, with no x86-32 support in mind. I don’t see any sense in supporting 32 bit versions of Windows or wow64, however with small tweaks most of them will run under wow64 as well.

If you wondering why this still exist and work here is the explanation, an official Microsoft WHITEFLAG (including totally incompetent statements as bonus) https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105

Copyright (c) 2014 – 2018, UACMe authors

Source: https://github.com/hfiref0x/



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑