Tags archives: bypass

 

 

0

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]

The post Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS appeared first on MondoUnix.

 

 

 

 

0

Microsoft Office 2007 Groove Security Bypass / Code Execution

Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file. Source: Microsoft Office 2007 Groove Security Bypass / Code Execution

The post Microsoft Office 2007 Groove Security Bypass / Code Execution appeared first on MondoUnix.

 

 

 

 

0

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. […]

The post Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) appeared first on MondoUnix.