Bypass UAC via SluiFileHandlerHijack

EmpireProject / Empire

Empire is a PowerShell and Python post-exploitation agent.

http://www.powershellempire.com/

BSD 3-Clause "New" or "Revised" License

7.4k stars 2.81k forks source link

Bypass UAC via SluiFileHandlerHijack #1248

Open ThePirateWhoSmellsOfSunflowers opened 5 years ago

ThePirateWhoSmellsOfSunflowers commented 5 years ago

Hi all,

This module exploits the UAC Bypass via SluiFileHandlerHijack by @gushmazuko Original bypass by @bytecode77

This is a rewriting (and supersede) of #1243 by @Truneski

Tested on W10 (if someone can test on W8)

:sunflower:

ThePirateWhoSmellsOfSunflowers commented 5 years ago

Currently, the module does not work on W8.1. The launcher is ok, Invoke-SluiBypass -command "powershellcmd is ok, but if you try Invoke-SluiBypass -command "powershell -NoP -NonI -w Hidden -enc [...] an error is raised:

This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.

Need time to debug before merging

gushmazuko commented 5 years ago

Good job!