UAC bypass in computerdefaults.exe using protocol hijacking

hfiref0x / UACME

Defeating Windows User Account Control

BSD 2-Clause "Simplified" License

6.3k stars 1.31k forks source link

UAC bypass in computerdefaults.exe using protocol hijacking #99

Closed lafwaN closed 3 years ago

lafwaN commented 3 years ago

Hi, I made a repo showcasing a UAC bypass over here: https://github.com/lafwaN/mychoppa

It works on Windows 10 LTSC 1809, it should also hopefully work on some other versions though. I would like you to take a look at it.

Thanks, Nawfal

hfiref0x commented 3 years ago

Hello, it is the same as method 67 but with computerdefaults.exe as target. Fodhelper/ComputerDefaults pair ms-settings hijacking is known for years and since this repo already has 3 methods (2 for hijacking ms-settings registry entries for FodHelper/ComputerDefaults) and 1 for hijacking ms-settings protocol for FodHelper) there is no need in another one.

lafwaN commented 3 years ago

That is understandable. Thank you for reviewing my issue.