Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
WSReset.exe UAC bypass Take 2 #12280
This is a bit of a long story. I was testing and preparing to land another PR: #12226
When it did not work, I looked up "WSReset.exe bypass method" on Google and I realized that the PR was missing crucial steps, so I tried to add them. In the end, I rewrote most of the module, and it worked. Then I realized that there were two ways to bypass UAC using the WSReset.exe file, and I had simply found the wrong one. The original PR used the other way. These methods are fairly different, and share little code, so we decided to split them into two modules.
List the steps needed to make sure this thing works
Running this on non-vulnerable machines appears to result in a shell that cannot be upgraded. Windows Defender has signatures for this attack, but this was not deemed as a vulnerability by MSRT, so
Sep 5, 2019
Works great! Much better now there is no extra windows folder left behind.