Bypass UAC in Windows 10 using bypass_comhijack Exploit

In this article, we are going to bypass User Access Control (UAC) in the targeted system. It is the post-exploitation; hence attacker must exploit the target system at first then escalate UAC Protection Bypass via COM Handler Hijack.

Let’s start!!

Attacker: Kali Linux

Target: window 10

Firstly exploit the target to receive a meterpreter session of a victim’s system. Once you get the meterpreter session 1 then type the following command to check system authority and privileges.

From the given image you can perceive that the attacker is inside the meterpreter shell of a victim’s system but don’t have system/admin authorities and privileges. Hence here we need to bypass UAC Protection of the targeted system.

To perform this attack you need to manually add bypass_comhijack exploit inside Metasploit framework.

Copy the entire content of “bypass_comhijack” from here and past it in a text document, now save as bypass_comhijack.rb inside the following path:

 From the given image you can observe bypass_comhijack.rb exploit has been saved, as the attacker has his meterpreter session therefore now he can use this exploit in order to bypass UAC protection.

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entire are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation.

From the given image you can observe that meterpreter session 3 opened, now type the following command to determine system authority privileges.

Wonderful!! The attacker got system/admin authorities and privileges.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

5 Comments Bypass UAC in Windows 10 using bypass_comhijack Exploit

  1. da rk

    Hey when I tried to ‘use exploit/windows/local/bypassuac_comhijack’ I received the following error:

    Failed to load extension: No module of the name ext_server_exploit/windows/local/bypassuac comhijack.x86.dll round

    Please, please help! It’s urgent!!!

  2. bijay gosh

    msf exploit(windows/local/bypassuac_comhijack) > exploit

    [*] Started reverse TCP handler on

    [-] Exploit aborted due to failure: no-access: Not in admins group, cannot escalate with this module

    [*] Exploit completed, but no session was created.

    So, how get admin?

  3. Jude

    Bypassuac was successful and if i try to run again it says already in elevated state but i cant do getsystem


Leave a Reply

Your email address will not be published. Required fields are marked *