C
Need help with alpc-mmc-uac-bypass?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
DimopoulosElias

Description

UAC Bypass with mmc via alpc

131 Stars 27 Forks 7 Commits 0 Opened issues

Services available

Need anything else?

ALPC-BypassUAC

UAC bypass with Direct call to RAiLaunchAdminProcess and mmc.

  1. net use \\127.0.0.1\C$
  2. Create Folder C:\gweeperx
  3. Copy paste test.msc inside C:\gweeperx
  4. Execute ALPC-BypassUAC.exe
  5. anything under https://web/jskdnvkjsdnfkjsdfnjsfnl.html will be executed as admin

References:

https://www.youtube.com/watch?v=D-F5RxZ_yXc

https://www.rump.beer/2017/slides/fromalpctouacbypass.pdf

A bad PoC for Windows 10 Enterprise 1809: https://youtu.be/eOXq-2Gg6lU

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.