UACME v3.1.9 releases: Defeating Windows User Account Control
- Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.
- x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too).
- Admin account with UAC set on default settings required.
- Fix method 38 for 20H1
Fix method 55 for 20H1, Fubuki updated
Mark methods 40 and 47 as fixed in 19H1
WD compatibility fix for methods 47, 53, 56
git clone https://github.com/hfiref0x/UACME.git
Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See “Run examples” below for more info.
First, param is a number of methods to use, second is the optional command (executable file name including full path) to run. The second param can be empty – in this case, a program will execute elevated cmd.exe from system32 folder.
- This tool shows ONLY popular UAC bypass method used by malware, and reimplement some of them in a different way of improving original concepts. There are exists different, not yet known to general public methods, be aware of this;
- Using (5) method will permanently turn off UAC (after reboot), make sure to do this in ta est environment or don’t forget to re-enable UAC after tool usage;
- Using (5), (9) methods will permanently compromise the security of target keys (UAC Settings key for (5) and IFEO for (9)), if you do tests on your real machine – restore keys security manually after you complete this tool usage;
- This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk;
- Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope;
- If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code;
- Most of the methods created for x64, with no x86-32 support in mind. I don’t see any sense in supporting 32-bit versions of Windows or wow64, however, with small tweaks, most of them will run under wow64 as well.
If you wondering why this still exist and work here is the explanation, an official Microsoft WHITEFLAG (including totally incompetent statements as a bonus) https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105
Copyright (c) 2014 – 2019, UACMe authors