In this article, we are going to bypass User Access Control (UAC) in the targeted system. It is the post-exploitation; hence attacker must exploit the target system at first then escalate UAC Protection Bypass via COM Handler Hijack.
Let’s start!!
Attacker: Kali Linux
Target: window 10
Firstly exploit the target to receive a meterpreter session of a victim’s system. Once you get the meterpreter session 1 then type the following command to check system authority and privileges.
From the given image you can perceive that the attacker is inside the meterpreter shell of a victim’s system but don’t have system/admin authorities and privileges. Hence here we need to bypass UAC Protection of the targeted system.
To perform this attack you need to manually add bypass_comhijack exploit inside Metasploit framework.
Copy the entire content of “bypass_comhijack” from here and past it in a text document, now save as bypass_comhijack.rb inside the following path:
From the given image you can observe bypass_comhijack.rb exploit has been saved, as the attacker has his meterpreter session therefore now he can use this exploit in order to bypass UAC protection.
This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entire are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation.
From the given image you can observe that meterpreter session 3 opened, now type the following command to determine system authority privileges.
Wonderful!! The attacker got system/admin authorities and privileges.
