SneakyEXE : Embedding “UAC-Bypassing” Function Into Your Custom Payload

SneakyEXE is a tool which helps you embedding UAC-Bypassing function into your custom Win32 payloads ( x86_64 architecture specifically )

  • Tested on Windows 7,8,10 ( 64bit)
  • Free and Open-sourced with full source codes published

Requirements


LinuxWindows
ArchitectureOptionalx86_64
Python 3.x >YESNO
ModuletermcolorNO
DistrosAnyWindows
VersionAnyWindows 7,8,10

Also Read – Slackor : A Golang Implant That Uses Slack As A Command & Control Server

Usage

[ Linux ]:

This tool does require a python module called termcolor. When you run the script it will automatically install it if you haven’t, but if you want the tool to function faster, i would suggest you doing it manually before proceeding

$ pip3 install termcolor #installing termcolor

$ #Temporary usage only, installation below
$ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git
$ cd SneakyEXE/Linux $ chmod +x sneakyexe.py
$ ./sneakyexe <option>=<path to payload/code> out=<where you wanna save>

[ Windows ]:

  • visit https://github.com/Zenix-Blurryface/SneakyEXE
  • Download the repository, “clone or download” -> “Download ZIP”
  • Unzip it into your optional directory
  • Change dir to \SneakyEXE\Win32\
  • Execute sneakyexe.exe ( or sys\sneakyexe.exe for an improved startup speed )
  • ( Optional : you can copy sneakyexe.exe to whatever directory you want and delete the unzipped one )

– NOTE – The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn’t succeed.

Installation

[ Linux ]:

$ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git
$ cd SneakyEXE
$ chmod +x install.sh
$ sudo ./install.sh

[ Windows ]:

  • UNAVAILABLE
  • ( Soon will if many people demand )

Build

  • Built on Opensuse Leap 15.0
  • Developed using Python 3.6.5
  • Developed with gcc (MinGW.org GCC-8.2.0-3) 8.2.0 for the payload compilation
[ Payload Embedding ]
  • In order to build the elevator from source, you will need gcc gcc 8.2.0 ( c11 ) and a AMD64 machine with Windows 10(7/8) 64-bit installed.

# Windows 10/7/8 (AMD64)
# Open cmd.exe / powershell.exe
>> gcc -mwindows -o <output>.exe /source/main.c

[ GUI Version ]
  • In order to build the GUI version from source, you will need Python 3.5.6 ( or higher ) with modules like Pyinstaller, Pillow and a AMD64 machine with Windows 10 (7/8) 64-bit installed.

# Assume we already had Python preinstalled
# Open cmd.exe / powershell.exe
>> pip install pillow # Installing Pillow
>> pip install pyinstaller # Installing Pyinstaller
>> mkdir compile # Optional directory name
>> cd compile
>> pyinstaller –windowed –onefile –icon=Icon.ico /source/Win32/GUI.py
# For sysematic version ( /sys ), remove –onefile
>> cd dist
>> GUI.exe # The compiled executable :}

Disclaimer

  • This tool was made for academic purposes or ethical cases only. I ain’t taking any responsibility upon your actions if you abuse this tool for any black-hat activity
  • Feel free to use this project in your software, just don't reclaim the ownership.
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

2 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

2 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

4 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

7 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago