Jump to content

[RELEASE] UAC-DUCK Payload generator | Fast D&E UAC BYPASS


Skiddie

Recommended Posts

This is my official release of my UAC bypassing Rubber Ducky payload generator "UAC-DUCK".

Download and execute any binary executable on any windows machine with UAC enabled as administrator WITHOUT prompting the user to elevate privileges .

Its a 3 second download and execute with admin access. 

Generator written in Python so it's cross compatible with Windows and Linux. 

6ce56fd5bffee9288810dad07756d98b.png

Github: https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky

Full demo: http://sendvid.com/uh6i317i

It uses a simple 2 stage process

Stage 1: Stage one is the script that is triggered when the ducky is connected to any targeted windows machine. It will execute an powerful one-liner inside the "run" dialog of the system. The one liner is a simple powershell script, that when executes instantly hides then powershell windows and runs it the background. The powershell script downloads and execute our stage 2 .vbs payload in the %temp% directory

Stage 2: Once your .vbs payload is on the system, we proceed to download our main binary payload. The .vbs script exploits a flaw in the windows registry system, this allows us to execute any binary file on the system with admin privilege without prompting the user for access (UAC).

 

My Twitter: https://twitter.com/SkiddieTech

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...