Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key)

Hello friends! Today we are going to share new article related to how to bypass window 10 UAC once you have hacked the victim’s system. In metasploit a new module has been added to achieve admin access in window 10s.

Attacker: Kali Linux

Target: Windows 10

This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

Hence you can see another meterpreter session 2 opened which means we successfully exploited the target once again now let’s check user privilege.

Awesome!!!! We got admin privilege successfully.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Leave a Reply

Your email address will not be published. Required fields are marked *