WinPwnage
UAC bypass, Elevate, Persistence methods.
UAC bypass techniques:
- UAC bypass using runas
- UAC bypass using fodhelper.exe
- UAC bypass using slui.exe
- UAC bypass using silentcleanup scheduled task
- UAC bypass using sdclt.exe (isolatedcommand)
- UAC bypass using sdclt.exe (App Paths)
- UAC bypass using perfmon.exe
- UAC bypass using eventvwr.exe
- UAC bypass using compmgmtlauncher.exe
- UAC bypass using computerdefaults.exe
- UAC bypass using token manipulation
- UAC bypass using sdclt.exe (Folder)
- UAC bypass using cmstp.exe
- UAC bypass using wsreset.exe
- UAC bypass using slui.exe and changepk.exe
Persistence techniques:
- Persistence using mofcomp.exe (SYSTEM privileges)
- Persistence using schtasks.exe (SYSTEM privileges)
- Persistence using image file execution option and magnifier.exe
- Persistence using userinit key
- Persistence using HKCU run key
- Persistence using HKLM run key
- Persistence using wmic.exe (SYSTEM privileges)
- Persistence using startup files
- Persistence using cortana windows app
- Persistence using people windows app
- Persistence using bitsadmin.exe
- Persistence using Windows Service (SYSTEM privileges)
Elevation techniques:
- Elevate from administrator to NT AUTHORITY SYSTEM using handle inheritance
- Elevate from administrator to NT AUTHORITY SYSTEM using token impersonation
- Elevate from administrator to NT AUTHORITY SYSTEM using named pipe impersonation
- Elevate from administrator to NT AUTHORITY SYSTEM using schtasks.exe (non interactive)
- Elevate from administrator to NT AUTHORITY SYSTEM using wmic.exe (non interactive)
- Elevate from administrator to NT AUTHORITY SYSTEM using Windows Service (non interactive)
- Elevate from administrator to NT AUTHORITY SYSTEM using mofcomp.exe (non interactive)