WinPwnage: Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques
iSpeech
The meaning of this repo is to study the techniques. All of the samples/techniques are found online, on different blogs and repos here on GitHub. I do not take cred for any of the findings, thanks to all the researchers! Rewrote all of them and ported it to Python. Some of the code is not tested at all but should work anyway.
-##### Windows 10:
-* sdclt_uac_bypass
-* sdclt_control_uac_bypass
-* event_viewer_uac_bypass
-* fodhelper_uac_bypass
-* image_file_execution
-* admin_to_system
-* registry_persistence
–
-##### Windows 8:
-* slui_file_hijack
-* sysprep_dll_hijack
-* admin_to_system
-* registry_persistence
–
-##### Windows 7:
-* cliconfig_dll_hijack
-* sysprep_dll_hijack
-* fax_dll_hijack
-* mcx2prov_dll_hijack
-* event_viewer_uac_bypass
-* sdclt_control_uac_bypass
-* admin_to_system
-* registry_persistence
Download
git clone https://github.com/rootm0s/WinPwnage.git
Read:
- https://wikileaks.org/ciav7p1/cms/page_2621770.html
- https://wikileaks.org/ciav7p1/cms/page_2621767.html
- https://wikileaks.org/ciav7p1/cms/page_2621760.html
- https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx
- https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
- https://github.com/winscripting/UAC-bypass/
- https://www.greyhathacker.net/?p=796
Source: https://github.com/rootm0s/
Gloss