Cyber security

Automated Multi UAC Bypass – Streamlining Elevation Across Windows Versions

In today’s digital landscape, navigating User Account Control (UAC) prompts efficiently across various Windows operating system versions is a critical aspect of system administration and security testing.

This article explores an innovative approach to automate UAC bypasses, offering a seamless experience tailored for a spectrum of Windows versions, including Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022.

By leveraging an automated OS version selector and streamlined deployment methods, this solution aims to enhance productivity and efficacy in managing UAC prompts while adhering to ethical and legal considerations.

  • Automated os version selector to run UAC based on OS versions.

Affected OS Versions

  • win 10
  • win 11
  • win server 2019
  • win server 2022

Windows 10 Versions Support

  • Windows 10 Home
  • Windows 10 Pro
  • Windows 10 Education
  • Windows 10 Enterprise
  • Windows 10 Enterprise 2015 LTSB
  • Windows 10 Enterprise LTSC 2019
  • Windows 10 Enterprise LTSC 2021
  • Windows 10 Mobile and Mobile Enterprise
  • Windows 10 IoT Core
  • Windows 10 Iot Entreprise LTSC 2021

Windows 11 Version Support

  • Windows 11 Home
  • windows 11 team
  • Windows 11 Pro
  • Windows 11 Education
  • Windows 11 Enterprise
  • Windows 11 Pro Education
  • Windows 11 Pro for Workstations
  • Windows 11 Mixed Reality

Windows Server 2019 Support

  • Windows Server 2019 Datacenter evolution
  • Windows Server 2019 Standard
  • Windows Server 2019 Datacenter
  • Windows Server 2019 Essentials

Windows Server 2022 Support

  • Windows Server 2022 Datacenter Evolution
  • Windows Server 2022 Datacenter
  • Windows Server 2022 Standard

Version Not Supported ??

  • Make a ticket and list the windows version with the ticket, it will help me to work out a fix faster.

Compile DLL

You can do it with the .ps1 or manual wit these one liners.

  • output to working dir Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\sl0puacb.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "sl0p.dll"
  • output to system 32 Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\sl0puacb.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "C:\Windows \system32\sl0p.dll

Setup

  • Set-ExecutionPolicy -ExecutionPolicy {Unrestricted or Bypass} -Scope CurrentUser
  • Or use one of the bypasses like type file.ps1 | poweshell.exe -no-profile or what ever suites
  • Add a automation process to disable tamper once uac been invoked (this can be done!!)

Setup 23h2

  • Fetch the location of powershell.exe for either v2 or v7.
  • add a variable or make it auto check the exec location of powershell.exe
  • add that dir to Start-Process {location}powershell.exe -Verb RunAs -ArgumentList (‘-noprofile -noexit -file “{0}” -elevated’ -f ($myinvocation.MyCommand.Definition))
  • Set-ExecutionPolicy -ExecutionPolicy {Unrestricted or Bypass} -Scope CurrentUser
  • Or use one of the bypasses like type file.ps1 | poweshell.exe -no-profile or what ever suites
  • Add a automation process to disable tamper once uac been invoked (this can be done!!)
  • run the ps1 file

Usage

  • Download these files from either this repo directly if machine has inet capabilities. (Or download these files and serve them with python :D)
  • Get the files on the system
  • cd to dir
  • ./{File}.ps1

Change Log

v1.5.8-beta rolled out

  • Changed main file .ps1
  • Added sl0p.dll << Generated from the new .cs (old files in backup folder, including old .cs and old dll).
  • Added xor Encoding
  • Added xor Decoding
  • Added Obfuscate data
  • Added Debfuscate
  • Added Clear Event Logs

Main File Change

  • .ps1 file been re-dev by keytrap-x86 Thanks sir, Tips hat.

Issues

  • Feel free to make issue ticket, if sum is not working, or support blocks missing.
  • To assist me when creating a ticket, list ur windows version pulled with powershell and list it with the ticket.

Opened The Discussion Section For Idea’s To Improve.

  • Feel free to bring idea’s for improvements.

Legal Disclaimer:

  • I am not responsible for U using it on non authorized systems, make sure u use it on systems u own or are authorized on.
  • x0xr00t
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Automated Multi UAC Bypasscybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

23 hours ago

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

24 hours ago

How To Debug Bash Scripts Using bash -x And set Commands

Introduction Debugging is an important part of Bash scripting. When a script does not work…

1 day ago

How To Use Cron Jobs With Bash Scripts For Automation

Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…

1 day ago

How To Use Pipes In Bash Scripts For Command Chaining

Introduction Pipes are an important feature in Linux and Bash scripting. A pipe allows you…

1 day ago

How To Use grep, awk, And sed In Bash Scripts

Introduction The grep, awk, and sed commands are powerful text-processing tools in Linux. They are…

1 day ago