Automated exploitation
An excellent tool is available to test for UAC bypasses without writing your exploits from scratch. Created by
@hfiref0x, UACME provides an up-to-date repository of UAC bypass techniques that
can be used out of the box.
Akagi runs the actual UAC bypasses. Using it is straightforward and only requires indicating the number corresponding to the method to be tested.
| Method Id | Bypass technique |
|---|---|
| 33 | fodhelper.exe |
| 34 | DiskCleanup scheduled task |
| 70 | fodhelper.exe using CurVer registry key |
A complete list of methods is available on the project’s GitHub description.
Using it is simple. To test for method 33 for example, from a command prompt:
C:\tools>UACME-Akagi64.exe 33
A high integrity cmd.exe will pop up.