Skip to content

BiskottoScriptato/Windows-privilege-exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
Privilege Escalation
Privilege Escalation
 
 
UAC Bypass
UAC Bypass
 
 
README.md
README.md
 
 
compile.bat
compile.bat
 
 

Repository files navigation

Elevation

Windows C++ Security

A comprehensive lab for Windows vertical movement — featuring deep-dives into UAC Bypasses and Kernel-level Privilege Escalation.

UAC Bypass vs. Privilege Escalation

While both result in the same outcome—getting higher permissions—they live at different levels of the security stack.

🛡️ User Account Control (UAC) Bypass

UAC is not considered a security boundary by Microsoft; it’s a "convenience" feature to prevent accidental system changes.

  • The Concept: You are already an administrator, but you're running in a "Split Token" mode (limited rights).
  • The Exploit: Tricking a trusted Windows process (like fodhelper.exe) into giving you your own Administrator token back without asking the user.
  • Complexity: Usually relies on registry hijacks, COM interfaces, or DLL sideloading.

⚔️ Privilege Escalation (PrivEsc)

Privilege Escalation targets actual Security Boundaries (like the boundary between a standard User and the Kernel/SYSTEM).

  • The Concept: You are a standard user with no administrative association. You want to become SYSTEM.
  • The Exploit: Abusing kernel vulnerabilities, Misconfigured Services, or Unquoted Service Paths to force the system to give you a token you were never supposed to have.
  • Complexity: Often involves more complicated steps, driver exploitation, or complex logic bugs in high-privilege services.

📂 Repository Roadmap

Category Description Contents
UAC Bypass Methods to go from Admin (Limited) to Admin (Full) silently. fodhelper, ComputerDefaults
Privilege Escalation Methods to go from Standard User to SYSTEM/NT Authority. Coming Soon

🚀 Getting Started

To dive into a specific technique, navigate to its category and select a technique folder. Each one contains:

  1. README.md: Deep technical explanation of the "How" and "Why".
  2. Source Code: A clean, documented C++ PoC.
  3. Detection Indicators: Tips for Blue Teams to catch the exploit.

🛠️ Unified Compilation

To avoid DLL entry-point errors and environment conflicts, use the provided compile.bat script from the root of the repository. It uses an isolated MSYS2 environment to build standalone, statically-linked binaries.

Usage:

.\compile.bat [exploit_name]

Examples:

  • .\compile.bat fodhelper
  • .\compile.bat ComputerDefaults

The compiled .exe will be generated directly inside the specific exploit's folder.

⚖️ Disclaimer

This repository is for educational purposes and authorized security research only. The author is not responsible for any misuse of the information provided herein.

About

List and implementation of windows uac bypasses and exploits

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages