This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.
efb5f415da1f4ff8220fecb3902a9074d9f559bfe81332a3991c71dc7246dc7f
This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.
52eae7699fd217998bd9f71d972ca94c711fbd59761cf10ee7f2ba42b345263e