Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.

System Requirements

• x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too).
• Admin account with UAC set on default settings required.

Download

git clone https://github.com/hfiref0x/UACME.git

Usage

Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See “Run examples” below for more info.

First, param is a number of methods to use, second is the optional command (executable file name including full path) to run. The second param can be empty – in this case, a program will execute elevated cmd.exe from system32 folder.

Warning

• This tool shows ONLY popular UAC bypass method used by malware, and reimplement some of them in a different way of improving original concepts. There are exists different, not yet known to general public methods, be aware of this;
• Using (5) method will permanently turn off UAC (after reboot), make sure to do this in ta est environment or don’t forget to re-enable UAC after tool usage;
• Using (5), (9) methods will permanently compromise the security of target keys (UAC Settings key for (5) and IFEO for (9)), if you do tests on your real machine – restore keys security manually after you complete this tool usage;
• This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk;
• Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope;
• If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code;
• Most of the methods created for x64, with no x86-32 support in mind. I don’t see any sense in supporting 32-bit versions of Windows or wow64, however, with small tweaks, most of them will run under wow64 as well.