Vulnerability & Exploit Database

Back to search

Windows UAC Protection Bypass (Via FodHelper Registry Key)

This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/local/bypassuac_fodhelper

Authors

  • winscriptingblog
  • amaloteaux <alex_maloteaux [at] metasploit.com>

Targets

  • Windows x86
  • Windows x64

Platforms

  • windows

Architectures

  • x86
  • x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/local/bypassuac_fodhelper msf exploit(bypassuac_fodhelper) > show targets ...targets... msf exploit(bypassuac_fodhelper) > set TARGET <target-id> msf exploit(bypassuac_fodhelper) > show options ...show and set options... msf exploit(bypassuac_fodhelper) > exploit