This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.
9f324275d7747e6056b99457eba72507d809e7fdc4d2bbdb300c55c482595517MASM code for a Windows RT ARM bindshell that binds to port 4444.
20f4063f00116b1083fffe678bc7b12a954c40a2b867e8e8f93f8acd3de0a6d6This archive includes a presentation and code samples. The presentation is called Parsing Binary File Formats with PowerShell.
2ee444a0cd762da3305af205e37bf1cd02f62382b8e740e9691fa5f622881576
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed