Skip to content

boh/Aggressor-Scripts

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 

Repository files navigation

Aggressor-Scripts

Aggressor scripts for Cobalt Strike

UAC Bypass - Silent Cleanup

This is a cna for the silentcleanup UAC bypass that bypasses "always notify" aka the highest UAC setting, even on Windows 10 (1909) as per March 2020. You can find details here.

This code uses plaintext's C# port of the bypass, which can be found here.

I modified the code a bit (line 45 or line 46, depending on whether a command is passed or an exe is passed as an arg).

With the exe method (uac-silentcleanup-exe), powershell.exe is called along with Start-Process -NoNewWindow to attempt to hide any indication that a new program was launched.

With the command method (uac-silentcleanup-command), cmd.exe /c is used to pass a command string provided by the user.

Run it from CS with

beacon > runasadmin uac-silentcleanup-exe c:\windows\temp\beacon.exe

beacon > runasadmin uac-silentcleanup-command net user Jim.Lahey Liquor1 /add

About

Aggressor scripts for Cobalt Strike

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%