Automated exploitation

An excellent tool is available to test for UAC bypasses without writing your exploits from scratch. Created by @hfiref0x, UACME provides an up-to-date repository of UAC bypass techniques that can be used out of the box.

Akagi runs the actual UAC bypasses. Using it is straightforward and only requires indicating the number corresponding to the method to be tested.

Method Id Bypass technique
33 fodhelper.exe
34 DiskCleanup scheduled task
70 fodhelper.exe using CurVer registry key

A complete list of methods is available on the project’s GitHub description.

Using it is simple. To test for method 33 for example, from a command prompt:

C:\tools>UACME-Akagi64.exe 33

A high integrity cmd.exe will pop up.