Cyber security

Automated Multi UAC Bypass – Streamlining Elevation Across Windows Versions

In today’s digital landscape, navigating User Account Control (UAC) prompts efficiently across various Windows operating system versions is a critical aspect of system administration and security testing.

This article explores an innovative approach to automate UAC bypasses, offering a seamless experience tailored for a spectrum of Windows versions, including Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022.

By leveraging an automated OS version selector and streamlined deployment methods, this solution aims to enhance productivity and efficacy in managing UAC prompts while adhering to ethical and legal considerations.

  • Automated os version selector to run UAC based on OS versions.

Affected OS Versions

  • win 10
  • win 11
  • win server 2019
  • win server 2022

Windows 10 Versions Support

  • Windows 10 Home
  • Windows 10 Pro
  • Windows 10 Education
  • Windows 10 Enterprise
  • Windows 10 Enterprise 2015 LTSB
  • Windows 10 Enterprise LTSC 2019
  • Windows 10 Enterprise LTSC 2021
  • Windows 10 Mobile and Mobile Enterprise
  • Windows 10 IoT Core
  • Windows 10 Iot Entreprise LTSC 2021

Windows 11 Version Support

  • Windows 11 Home
  • windows 11 team
  • Windows 11 Pro
  • Windows 11 Education
  • Windows 11 Enterprise
  • Windows 11 Pro Education
  • Windows 11 Pro for Workstations
  • Windows 11 Mixed Reality

Windows Server 2019 Support

  • Windows Server 2019 Datacenter evolution
  • Windows Server 2019 Standard
  • Windows Server 2019 Datacenter
  • Windows Server 2019 Essentials

Windows Server 2022 Support

  • Windows Server 2022 Datacenter Evolution
  • Windows Server 2022 Datacenter
  • Windows Server 2022 Standard

Version Not Supported ??

  • Make a ticket and list the windows version with the ticket, it will help me to work out a fix faster.

Compile DLL

You can do it with the .ps1 or manual wit these one liners.

  • output to working dir Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\sl0puacb.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "sl0p.dll"
  • output to system 32 Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\sl0puacb.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "C:\Windows \system32\sl0p.dll

Setup

  • Set-ExecutionPolicy -ExecutionPolicy {Unrestricted or Bypass} -Scope CurrentUser
  • Or use one of the bypasses like type file.ps1 | poweshell.exe -no-profile or what ever suites
  • Add a automation process to disable tamper once uac been invoked (this can be done!!)

Setup 23h2

  • Fetch the location of powershell.exe for either v2 or v7.
  • add a variable or make it auto check the exec location of powershell.exe
  • add that dir to Start-Process {location}powershell.exe -Verb RunAs -ArgumentList (‘-noprofile -noexit -file “{0}” -elevated’ -f ($myinvocation.MyCommand.Definition))
  • Set-ExecutionPolicy -ExecutionPolicy {Unrestricted or Bypass} -Scope CurrentUser
  • Or use one of the bypasses like type file.ps1 | poweshell.exe -no-profile or what ever suites
  • Add a automation process to disable tamper once uac been invoked (this can be done!!)
  • run the ps1 file

Usage

  • Download these files from either this repo directly if machine has inet capabilities. (Or download these files and serve them with python :D)
  • Get the files on the system
  • cd to dir
  • ./{File}.ps1

Change Log

v1.5.8-beta rolled out

  • Changed main file .ps1
  • Added sl0p.dll << Generated from the new .cs (old files in backup folder, including old .cs and old dll).
  • Added xor Encoding
  • Added xor Decoding
  • Added Obfuscate data
  • Added Debfuscate
  • Added Clear Event Logs

Main File Change

  • .ps1 file been re-dev by keytrap-x86 Thanks sir, Tips hat.

Issues

  • Feel free to make issue ticket, if sum is not working, or support blocks missing.
  • To assist me when creating a ticket, list ur windows version pulled with powershell and list it with the ticket.

Opened The Discussion Section For Idea’s To Improve.

  • Feel free to bring idea’s for improvements.

Legal Disclaimer:

  • I am not responsible for U using it on non authorized systems, make sure u use it on systems u own or are authorized on.
  • x0xr00t
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Automated Multi UAC Bypasscybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

23 hours ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 day ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 day ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 day ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 day ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

1 day ago