public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Correcting 'UAC bypass' to 'UAC Bypass'

Browse Source
This commit is contained in:
xenoscr 2022-09-10 22:58:06 -04:00
parent 0ed1694bf1
commit dd58662ee9
No known key found for this signature in database
GPG Key ID: 52C26F96860C0DAA
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSBinaries/Eventvwr.yml
View File

@ -7,7 +7,7 @@ Commands:
- Command: eventvwr.exe - Command: eventvwr.exe
Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user. Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user.
Usecase: Execute a binary or script as a high-integrity process without a UAC prompt. Usecase: Execute a binary or script as a high-integrity process without a UAC prompt.
Category: UAC bypass Category: UAC Bypass
Privileges: User Privileges: User
MitreID: T1548.002 MitreID: T1548.002
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10

2
yml/OSBinaries/Wsreset.yml
View File

@ -7,7 +7,7 @@ Commands:
- Command: wsreset.exe - Command: wsreset.exe
Description: During startup, wsreset.exe checks the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command for the command to run. Binary will be executed as a high-integrity process without a UAC prompt being displayed to the user. Description: During startup, wsreset.exe checks the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command for the command to run. Binary will be executed as a high-integrity process without a UAC prompt being displayed to the user.
Usecase: Execute a binary or script as a high-integrity process without a UAC prompt. Usecase: Execute a binary or script as a high-integrity process without a UAC prompt.
Category: UAC bypass Category: UAC Bypass
Privileges: User Privileges: User
MitreID: T1548.002 MitreID: T1548.002
OperatingSystem: Windows 10 OperatingSystem: Windows 10