alpc-mmc-uac-bypass

by DimopoulosElias

DimopoulosElias /alpc-mmc-uac-bypass

UAC Bypass with mmc via alpc

130 Stars 27 Forks Last release: Not found 7 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

ALPC-BypassUAC

UAC bypass with Direct call to RAiLaunchAdminProcess and mmc.

  1. net use \\127.0.0.1\C$
  2. Create Folder C:\gweeperx
  3. Copy paste test.msc inside C:\gweeperx
  4. Execute ALPC-BypassUAC.exe
  5. anything under https://web/jskdnvkjsdnfkjsdfnjsfnl.html will be executed as admin

References:

https://www.youtube.com/watch?v=D-F5RxZ_yXc

https://www.rump.beer/2017/slides/fromalpctouacbypass.pdf

A bad PoC for Windows 10 Enterprise 1809: https://youtu.be/eOXq-2Gg6lU

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.