all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Auto-Elevate - Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation

Add to bookmarks
April 1, 2022, 8:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITY\SYSTEM.


The following image demonstrates using UACME combined with Auto-Elevate to go from a low-privileged Administrator account to NT AUTHORITY\SYSTEM on Windows 10 …

authority auto bypass exploit impersonation integrity lpe system token uac uac bypass windows windows 10 winlogon

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

VectorKernel - PoCs For Kernelmode Rootkit Techniques Research 4 days, 19 hours ago | www.kitploit.com
64bit api education kernel +17
Cookie-Monster - BOF To Steal Browser Cookies & Credentials 5 days, 19 hours ago | www.kitploit.com
cookie-monster passwords processes python +2
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected 6 days, 19 hours ago | www.kitploit.com
mechanism microsoft mimikatz noargs +3
Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of … 1 week ago | www.kitploit.com
frameless-bitb scanners scripts subdomains +2
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking 1 week, 1 day ago | www.kitploit.com
analysis beginners cracking infosec +11
Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The … 1 week, 3 days ago | www.kitploit.com
api api endpoints automated client +20
APKDeepLens - Android Security Insights In Full Spectrum 1 week, 4 days ago | www.kitploit.com
android security apkdeeplens mobile security vulnerabilities +1
RemoteTLSCallbackInjection - Utilizing TLS Callbacks To Execute A Payload Without Spawning Any Threads In A … 1 week, 5 days ago | www.kitploit.com
academy anti-debugging api home +8
Sicat - The Useful Exploit Finder 1 week, 6 days ago | www.kitploit.com
exploit finder metasploit modules reconnaissance sicat

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

L2-Network Security Administrator

@ Kyndryl | KIN51515 Mumbai (KIN51515) We Work
View on infosec-jobs.com

Head of Cybersecurity Advisory and Architecture

@ CMA CGM | Marseille, FR
View on infosec-jobs.com

Systems Engineers/Cyber Security Engineers/Information Systems Security Engineer

@ KDA Consulting Inc | Herndon, Virginia, United States
View on infosec-jobs.com

R&D DevSecOps Staff Software Development Engineer 1

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com
View more jobs