Bypass UAC in Windows 10 using bypass_comhijack Exploit

In this article we are going to bypass User Access Control (UAC) in targeted system. It is the post exploitation; hence attacker must exploit target system at first then escalate UAC Protection Bypass via COM Handler Hijack.

Let’s start!!

Attacker: Kali Linux

Target: window 10

Firstly exploit the target to receive meterpreter session of victim’s system. Once you get the meterpreter session 1 then type following command to check system authority and privileges.

From given image you can perceive that attacker is inside the meterpreter shell of victim’s system but don’t have system/admin authorities and privileges. Hence here we need to bypass UAC Protection of targeted system.

To perform this attack you need to manually add bypass_comhijack exploit inside metasploit framework.

Copy the entire content of “bypass_comhijack” from here and past it in a text document, now save as bypass_comhijack.rb inside the following path:

usr>share>metasploit_framework>modules>exploit>windows>local

 From given image you can observe bypass_comhijack.rb exploit has been saved, as attacker has his meterpreter session therefore now he can use this exploit in order to bypass UAC protection.

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entire are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation.

 

 

From given image you can observe that meterpreter session 3 opened, now type following command to determine system authority privileges.

Wonderful!! Attacker got system/admin authorities and privileges.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

5 Comments Bypass UAC in Windows 10 using bypass_comhijack Exploit

  1. da rk

    Hey when I tried to ‘use exploit/windows/local/bypassuac_comhijack’ I received the following error:

    Failed to load extension: No module of the name ext_server_exploit/windows/local/bypassuac comhijack.x86.dll round

    Please, please help! It’s urgent!!!

    Reply
  2. bijay gosh

    msf exploit(windows/local/bypassuac_comhijack) > exploit

    [*] Started reverse TCP handler on 192.168.0.186:2664

    [-] Exploit aborted due to failure: no-access: Not in admins group, cannot escalate with this module

    [*] Exploit completed, but no session was created.

    So, how get admin?

    Reply
  3. Jude

    Bypassuac was successful and if i try to run again it says already in elevated state but i cant do getsystem

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *