通过管道进行通信,可以在非交互模式运行。
将bypassUAC.exe
和PipeClient.exe
放在同目录
.\bypassUAC.exe "whoami /priv"
https://github.com/SkewwG/domainTools/tree/master/regeditBypassUAC
https://idiotc4t.com/privilege-escalation/bypassuac-fodhelper
基于注册表劫持BypassUAC
通过管道进行通信,可以在非交互模式运行。
将bypassUAC.exe
和PipeClient.exe
放在同目录
.\bypassUAC.exe "whoami /priv"
https://github.com/SkewwG/domainTools/tree/master/regeditBypassUAC
https://idiotc4t.com/privilege-escalation/bypassuac-fodhelper
基于注册表劫持BypassUAC