Nytro Posted December 19, 2014 Report Share Posted December 19, 2014 (edited) UACMe - Defeating Windows User Account Controlby EP_X0FF » Fri Dec 19, 2014 8:19 am Inspired by ITW WinNT/Pitou legacy MBR x86-64 bootkit dropper.Before anything else read this excellent work -> Windows 7 UAC whitelist, read it carefully as it explains everything especially why Windows User Account Control is a big fucken marketing joke from Microsoft just like DSE.Below is our variant of his work with removal of all C++ trash and adapting different UAC bypass method from WinNT/Pitou (bootkit authors also used as base Leo Davidson work).The only setting UAC somehow is able to show itself - if they are set on maximum. But here revealed another Microsoft UAC architecture flaw by design - even when it blocks something, it cannot properly determine what it blocked, representing possible malicious actions as taken by Microsoft, facepalm. Will you trust verified Microsoft action with verified digital certificate from Microsoft?Supported Windows version, all from 7xxx builds up to latest so "confidential" MS build 9901.Project overview: Win32 and x64 configurations.Compiled in MSVS 2013 U4, used pure C, compiled as C++ No additional dependencies.All libs in attach.Debug builds configurations present only for debugging stuff not for UAC bypass stage execution (shellcode will be screwed up).Require Heavens Gate adaptation for proper work from Win32 app under WOW64, if you don't know what is HG then skip this moment.x64 loader VThttps://www.virustotal.com/en/file/78caa8fa31a802547b160f41c03fd825d01d1edcd064e06984d0cf84a3bc7813/analysis/1418968668/x86-32 loader VThttps://www.virustotal.com/en/file/97952e6bb9cb4b3c43215597be0bb1da504d2066fd1717c20d6fd64917311c06/analysis/1418968812/Screeenshots taken from Windows 10 TP build 9901 uac101.png (325.47 KiB) Viewed 16 times uac102.png (215.73 KiB) Viewed 16 times Attachments UACME.rarpass: uacme(498.9 KiB) Downloaded 6 times Sursa: KernelMode.info • View topic - UACMe - Defeating Windows User Account Control Edited December 19, 2014 by Nytro 1 Quote Link to comment Share on other sites More sharing options...
Technetium Posted August 3, 2017 Report Share Posted August 3, 2017 https://github.com/hfiref0x/UACME 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted August 4, 2017 Author Report Share Posted August 4, 2017 Da, vad ca se pastreaza la curent cu cam tot ce apare nou. Quote Link to comment Share on other sites More sharing options...
