UAC Mode can be bypassed!

Status
Not open for further replies.
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
(BlackBox) Hacker said:
Well I have had loads of Computer from PC World, all of them are only restricted because of the UAC Mode is enable in Windows 8 Pro and 7, this will make it a basic account for sure! For full rights you usually type a command to enable admin or find the main mmc in System32 folder. Also you could use the existing restricted default admin account and disable UAC on Windows 8 and get the full admin account, but Microsoft have also made it so you can use the Metro Screen to run each application as Administrator!
Click to expand...
no gpedit in home addition.
net user administrator /active:yes
to disable
net user administrator /active:no

http://www.sevenforums.com/tutorials/507-built-administrator-account-enable-disable.html
 
  • Like
Reactions: (BlackBox) Hacker
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
upload_2014-5-17_10-14-57.png


I can't test the Software yet sorry! If you do use this program? The Vendor will not allow you to test it before purchase!

Huracan said:
@(BlackBox) Hacker Could you give VoodooShield a try? The concept behind it is good. http://www.voodooshield.com/
New Beta version: http://malwaretips.com/threads/voodooshield-2-beta.26912/

Let us know what you make of it. Cheers. :cool:
Click to expand...
 
ismethere

ismethere

Level 8
Verified
May 9, 2014
396
@Huracan
My dear Admin, to be honest i never had tried VoodooShield, i have connotation
it's real voodoo, but this time I should believe with your suggest..i wil tried..Thanks for
the link..btw can i try as evaluation or trial version.
 
  • Like
Reactions: (BlackBox) Hacker
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
Here are the screenshots of my UAC test!

upload_2014-5-17_10-25-33.png


Start the Ncat Hacking Tool!

upload_2014-5-17_10-26-14.png


Then run a fake 1980's Pacman game!

upload_2014-5-17_10-26-51.png


This fake error message before Spyware!

upload_2014-5-17_10-27-48.png


Connection back to the attackers PC!

upload_2014-5-17_10-28-36.png


Whats this a porn picture?

upload_2014-5-17_10-29-44.png


Nope just a fake picture as a key log file!

upload_2014-5-17_10-31-5.png


Clear the log file!

upload_2014-5-17_10-32-8.png


I can even infect startup without the Registry wow!

Verdict!
I have also made this Pacman game into a Trojan Dropper as well, so it's just like a ninja in your startup folder without any errors showing up in example. As shown you can bypass the UAC totally, because you still have limited write access to your hard disk. The most of basic protection can stop this write access say a simple HIPS! But if I have found security flaws in Spy Shelter what about VoodooShield 1.30? Applocker should protect you even better for 100% free and Spy Shelter works great only, If you terminate all of the Spyware processes? because of the Reverse Shell connection still lives on your computer after being blacklisted with Spy Shelter. Because the reason why Spy Shelter got bypassed is because it's more than one exploit in one binary file!
 

Attachments

  • upload_2014-5-17_10-24-12.png
    upload_2014-5-17_10-24-12.png
    651.4 KB · Views: 403
Last edited:
  • Like
Reactions: nissimezra and Deleted member 178
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
A cracked version of Spy Shellter is still very good, If you only still have Windows 7 home versions? Else I would use Applocker instead of Windows UAC crap!

------------- Spy Shelter -------------

1. Detect Spyware Process
2. Kill Spyware Process
3. Delete Trojan files from process path

Note: All of the Spyware will be blocked including connection also remote Shell!!!

ismethere said:
@Huracan
My dear Admin, to be honest i never had tried VoodooShield, i have connotation
it's real voodoo, but this time I should believe with your suggest..i wil tried..Thanks for
the link..btw can i try as evaluation or trial version.
Click to expand...
 
Last edited:
  • Like
Reactions: nissimezra
D

Deleted member 178

ismethere said:
@Huracan
My dear Admin, to be honest i never had tried VoodooShield, i have connotation
it's real voodoo, but this time I should believe with your suggest..i wil tried..Thanks for
the link..btw can i try as evaluation or trial version.
Click to expand...

i will not recommend to use VoodooShield v2 beta now for malware testing, some major bugs in the blocking feature are not ironed yet; we beta-testers and the devs, are working on it.

thanks
 
  • Like
Reactions: (BlackBox) Hacker
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
If I would of tested it would of failed my security tests as well lol? This is why the free trials have expired in VoodooShield!!! And I must add that Zemana AntiLogger is crap when compared with Spy Shelter!

Umbra Polaris said:
i will not recommend to use VoodooShield v2 beta now for malware testing, some major bugs in the blocking feature are not ironed yet; we beta-testers and the devs, are working on it.

thanks
Click to expand...
 
Last edited:
  • Like
Reactions: nissimezra
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
Because I couldn't test the Software for any security flaws what so ever, does this sound strange to you? It's like the vender wanted your money for no protection ever!

Umbra Polaris said:
i don't see the relation there, your trial is expired so ? what it has to do with failure or success to block your test.
Click to expand...
 
  • Like
Reactions: nissimezra
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
Yet to be tested by me and I hate the name VoodooShield! If you have a spare copy somewhere with key? Then you could send me it to be tested? If the blacklist can fail on Spy Shelter then what secrets will VoodooShield hold? These days I don't use any form of P2P Software!

Umbra Polaris said:
BTW , voodooshield can block Cmd
Click to expand...
 
Last edited:
  • Like
Reactions: nissimezra
D

Deleted member 178

(BlackBox) Hacker said:
Because I couldn't test the Software for any security flaws what so ever, does this sound strange to you? It's like the vender wanted your money for no protection ever!
Click to expand...

what you think we do on Wilders forum, i suggest you to pass by there. if you ask politely , and seriously participate to its development you may get a license for testing.

(BlackBox) Hacker said:
Yet to be tested by me!
Click to expand...

it was already tested by me and many other beta testers. i had to disable the protection to run cmd. it was even a bug , since cmd was launched on "training mode" so should be allowed to run.
 
  • Like
Reactions: nissimezra and (BlackBox) Hacker
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
I only test using my stuff, I don't use tools like Metasploits only stuff I compile as a exploit!

Umbra Polaris said:
what you think we do on Wilders forum, i suggest you to pass by there. if you ask politely , and participate you may get a license for testing.



it was already tested by me and many other beta testers. i had to disable the protection to run cmd. it was even a bug , since cmd was launched on "training mode" so should be allowed to run.
Click to expand...
 
  • Like
Reactions: nissimezra
B

(BlackBox) Hacker

Level 2
Thread author
Verified
Apr 21, 2014
179
What are you recommending people to use instead of VoodooShield?

Umbra Polaris said:
what you think we do on Wilders forum, i suggest you to pass by there. if you ask politely , and seriously participate to its development you may get a license for testing.



it was already tested by me and many other beta testers. i had to disable the protection to run cmd. it was even a bug , since cmd was launched on "training mode" so should be allowed to run.
Click to expand...
 
  • Like
Reactions: nissimezra
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
Deprecated Microsoft to discontinue Application Guard app and browser extensions in May 2024
Replies
3
Views
297
Web Extensions
nickstar1
nickstar1
S
    • Like
    • Thanks
Aria’s command line becomes more powerful – Chat with Aria and do page deep dives with new Page Context Mode
Replies
2
Views
279
Opera
Slerion
Slerion
anirbandutta01
    • Like
Serious Discussion Safe mode protection
Replies
11
Views
404
General Security Discussions
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top