Skip to content

Commit

Permalink
Version 2.1.0
Browse files Browse the repository at this point in the history 
Completely redesigned code structure. Conversion of the project into the library format. Getting rid of redundant constructions, optimization, code structuring. Added several new methods:
- wsreset.exe
- Cortana
- People
- Startup
  • Loading branch information
@0x9ef
0x9ef committed Mar 24, 2022
1 parent 145aee8 commit 7a2beec
Show file tree
Hide file tree
Showing 42 changed files with 1,230 additions and 1,171 deletions.
2 changes: 0 additions & 2 deletions .gitattributes
View file

This file was deleted.

12 changes: 0 additions & 12 deletions .gitignore
View file

This file was deleted.

2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2019 Paparoni Alvardo
Copyright (c) 2019-2022 0x9ef

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
70 changes: 51 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,61 @@
# Golang UAC Bypasser (GUACBP)
# Golang UAC Bypasser
Collection of bypass techiques written in Golang.

![Image of Golang UAC Bypasser](http://s01.geekpic.net/di-Q8HD4W.jpeg)
Rewrite of - https://github.com/rootm0s/WinPwnage to Golang.

Techniques are found online, on different blogs and repos here on GitHub. I do not take credit for any of the findings, thanks to all the researchers.
![Demonstration](image/demo.png)

Rewrite of - https://github.com/rootm0s/WinPwnage to Golang.
Techniques are found online, on different blogs and repos here on GitHub. I do not take credit for any of the findings, thanks to all the researchers.

## Techniques implemented:
* UAC Bypass using _computerdefaults.exe_
* UAC Bypass using _eventvwr.exe_
* UAC Bypass using _fodhelper.exe_
* UAC Bypass using _HKCU Registry_
* UAC Bypass using _HKLM Registry_
* UAC Bypass using _IFEO_
* UAC Bypass using _schtasks.exe_
* UAC Bypass using _sdcltcontrol.exe_
* UAC Bypass using _silentcleanup.exe_
* UAC Bypass using _slui.exe_
* UAC Bypass using _userinit.exe_
* UAC Bypass using _wmic.exe_

### Once
* Using cmstp.exe
* Using computerdefaults.exe
* Using eventvwr.exe
* Using fodhelper.exe
* Using sdcltcontrol.exe
* Using silentcleanup.exe
* Using slui.exe
* Using wsreset.exe

### Persist
* Using Cortana
* Using HKCU registry key manipulations
* Using HKLM registry key manipulations
* Using magnifier.exe
* Using People
* Using Startup folder and malicious lnk file
* Using Userinit registry key manipulations

## How to build:
1. `set CGO_ENABLED=0`
2. `go build -v -a -ldflags="-w -s" -o guacbypasser.exe main.go`
2. `go build -v -a main.go`

## How to use:
You can use this as a library for single method calls to the executor.
```go
package main

import (
once "github.com/0x9ef/golang-uacbypasser/once"
)

func main() {
path := os.Args[1]
tstart := time.Now()
err := once.ExecFodhelper(path)
if err != nil {
panic(err)
}
tend := time.Now()
fmt.Printf("Time tooked: %.2f\n", tend.Sub(tstart).Seconds())
}
```

You can use as a program which automatically calling selected methods.
More information you can found by passing --help flag.
```
main.exe --list --once --technique=TECHNIQUE
```

## If you find error in the code or you want to support project please commit this changes.
## **_Support project - BITCOIN: 18YsYvrQhyrtAqUcpTXpHFrQ6RHyd73dS6_**
Binary file removed bin/main.exe
View file
Binary file not shown.
14 changes: 14 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
module uacbypass

go 1.18

require (
github.com/jessevdk/go-flags v1.5.0
github.com/olekukonko/tablewriter v0.0.5
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
)

require (
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
)
12 changes: 12 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs=
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Binary file added image/demo.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 7a2beec

Please sign in to comment.