GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → bytecode77 → slui-file-handler-hijack-privilege-escalation

bytecode77 / slui-file-handler-hijack-privilege-escalation

Licence: BSD-2-Clause license
Slui File Handler Hijack UAC Bypass Local Privilege Escalation

Programming Languages

C++
36643 projects - #6 most used programming language

Labels

uac-bypassfileless

Projects that are alternatives of or similar to slui-file-handler-hijack-privilege-escalation

Uacme
Defeating Windows User Account Control
Stars: ✭ 3,868 (+4675.31%)
Mutual labels:  uac-bypass
UUB
UIAccess UAC Bypass using token duplication and keyboard events
Stars: ✭ 22 (-72.84%)
Mutual labels:  uac-bypass
Bypass-Uac
Small utility written in c++ to bypass windows UAC prompt
Stars: ✭ 27 (-66.67%)
Mutual labels:  uac-bypass
go-escalate
The goal is to provide an easy to use API to escalate privileges on Linux, Windows and Mac OS
Stars: ✭ 23 (-71.6%)
Mutual labels:  uac-bypass
QuickUACk
🐤 Some of my antiUAC Scripts for Rubbber Ducky 🐤
Stars: ✭ 22 (-72.84%)
Mutual labels:  uac-bypass
Manifesto
Search for information from manifests
Stars: ✭ 33 (-59.26%)
Mutual labels:  uac-bypass
wsudo
Proof of concept sudo for Windows
Stars: ✭ 71 (-12.35%)
Mutual labels:  uac-bypass
SneakyEXE
Embedding a "UAC-Bypassing" function into your custom payload
Stars: ✭ 95 (+17.28%)
Mutual labels:  uac-bypass
Privilege Escalation
UAC Bypass for windows
Stars: ✭ 33 (-59.26%)
Mutual labels:  uac-bypass
dccwUACBypass
PowerShell script to bypass UAC using DCCW
Stars: ✭ 17 (-79.01%)
Mutual labels:  uac-bypass
ToRat client
This is the ToRat client, a part of the ToRat Project.
Stars: ✭ 29 (-64.2%)
Mutual labels:  uac-bypass
Powershell-Obfuscator
Powerful script for logical obfuscation of powershell scripts
Stars: ✭ 27 (-66.67%)
Mutual labels:  fileless
living-off-the-land
Fileless attack with persistence
Stars: ✭ 170 (+109.88%)
Mutual labels:  fileless

Slui File Handler Hijack LPE

Exploit Information
Date 15.01.2018
Patched Windows 10 20H1 (19041)
exploit-db 44830
Tested on Windows 8-10, x86/x64 independent

Description

slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking.

Read access to HKCU\Software\Classes\exefile\shell\open is performed upon execution. Due to the registry key being accessible from user mode, an arbitrary executable file can be injected.

This exploit is generally independent from programming language and bitness, as no DLL injection or privileged file copy is needed. In addition, if default system binaries suffice, file drops can be avoided altogether.

Expected Result

When everything worked correctly, a cmd.exe should be spawned with high IL.

Downloads

Compiled binaries:

SluiFileHandlerHijackLPE.zip (ZIP Password: bytecode77)

Project Page

bytecode77.com/slui-file-handler-hijack-privilege-escalation

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].