exploit/windows/local/bypassuac_comhijack (FAILED)

Description

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation.

Steps

notion image

Results

notion image
As seen from the screenshot above, the exploit completed but no session was created.