UACME v3.1.8 releases: Defeating Windows User Account Control

UACMe

System Requirements

  • x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too).
  • Admin account with UAC set on default settings required.

Changelog v3.1.7

  • Method 56 added, bugfixes, post-execution cleanup routine for method 38, readme updated.

Download

git clone https://github.com/hfiref0x/UACME.git

 

 

 

Usage

Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See “Run examples” below for more info.

First, param is a number of methods to use, second is the optional command (executable file name including full path) to run. The second param can be empty – in this case, a program will execute elevated cmd.exe from system32 folder.

Warning

  • This tool shows ONLY popular UAC bypass method used by malware, and reimplement some of them in a different way of improving original concepts. There are exists different, not yet known to general public methods, be aware of this;
  • Using (5) method will permanently turn off UAC (after reboot), make sure to do this in ta est environment or don’t forget to re-enable UAC after tool usage;
  • Using (5), (9) methods will permanently compromise the security of target keys (UAC Settings key for (5) and IFEO for (9)), if you do tests on your real machine – restore keys security manually after you complete this tool usage;
  • This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk;
  • Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope;
  • If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code;
  • Most of the methods created for x64, with no x86-32 support in mind. I don’t see any sense in supporting 32-bit versions of Windows or wow64, however, with small tweaks, most of them will run under wow64 as well.

If you wondering why this still exist and work here is the explanation, an official Microsoft WHITEFLAG (including totally incompetent statements as a bonus) https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105

Copyright (c) 2014 – 2019, UACMe authors

Source: https://github.com/hfiref0x/

Share