WinPwnage: Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques

WinPwnage: Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniques

The meaning of this repo is to study the techniques. All of the samples/techniques are found online, on different blogs and repos here on GitHub. I do not take cred for any of the findings, thanks to all the researchers! Rewrote all of them and ported it to Python. Some of the code is not tested at all but should work anyway.

-##### Windows 10:
-* sdclt_uac_bypass
-* sdclt_control_uac_bypass
-* event_viewer_uac_bypass
-* fodhelper_uac_bypass
-* image_file_execution
-* admin_to_system
-* registry_persistence
–
-##### Windows 8:
-* slui_file_hijack
-* sysprep_dll_hijack
-* admin_to_system
-* registry_persistence
–
-##### Windows 7:
-* cliconfig_dll_hijack
-* sysprep_dll_hijack
-* fax_dll_hijack
-* mcx2prov_dll_hijack
-* event_viewer_uac_bypass
-* sdclt_control_uac_bypass
-* admin_to_system
-* registry_persistence

Download

git clone https://github.com/rootm0s/WinPwnage.git

Read:

• https://wikileaks.org/ciav7p1/cms/page_2621770.html
• https://wikileaks.org/ciav7p1/cms/page_2621767.html
• https://wikileaks.org/ciav7p1/cms/page_2621760.html
• https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx
• https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
• https://github.com/winscripting/UAC-bypass/
• https://www.greyhathacker.net/?p=796

Source: https://github.com/rootm0s/