** Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.**
User Account Access is a Windows security feature used to prevent unauthorized changes to the OS.
- A non-privileged user attempting to execute a program with elevated privileges will be prompted with UAC credential prompt.
whereas a privileged user will be prompted with a consent prompt(Yes, No).
In order to elevate privileges by bypassing UAC, you will need access to a user that is a member of the local administrators group.
We will use [[UACMe]] tool to elevate our privileges....
MSF Module:
search bypassuac
we gonna use this memory injection technique (Only try if the user you have is in the administrators group): To check if the user in the administrator group???
- Go from meterpreter session to system session:
shell - Enum users:
net users - Enum users in administrators group:
net localgroup administrators - If you find the same user ur logged in then continue with this module.....
exploit/windows/local/bypassuac_injection
- This module has 2 options (x86 and x64) architectures. Choose as your target architecture...
- Choose a payload that's same as target architecture.