Skip to content
/ EventViewer-Unsafe-Deserialization-UACBypass Public

A uacbypass that works on medium IL that abuses EventViewers unsafe deserialization to RecentViews

13 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

moom825/EventViewer-Unsafe-Deserialization-UACBypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

Properties

Properties

 
 

dlls

dlls

 
 

packages

packages

 
 

.editorconfig

.editorconfig

 
 

FodyWeavers.xml

FodyWeavers.xml

 
 

FodyWeavers.xsd

FodyWeavers.xsd

 
 

Program.cs

Program.cs

 
 

README.md

README.md

 
 

Testing resuse pt2.csproj

Testing resuse pt2.csproj

 
 

Testing resuse pt2.csproj.user

Testing resuse pt2.csproj.user

 
 

Testing resuse pt2.sln

Testing resuse pt2.sln

 
 

packages.config

packages.config

 
 

Repository files navigation

EventViewer-Unsafe-Deserialization-UACBypass

A Proof of Concept (PoC) demonstrating a User Account Control (UAC) bypass technique in Windows by exploiting the unsafe deserialization of Event Viewer's RecentFiles. This technique was discovered by orange_8361.

Installation

This project is a Visual Studio Code project and requires Visual Studio and C# to be installed.

Usage

  1. Go to the "Releases" section of this repository.
  2. Download the latest release of "EventViewerDeserializationExploit.exe."
  3. Open a command prompt or PowerShell.
  4. Run the exploit executable with the desired command, like: EventViewerDeserializationExploit.exe cmd.exe

Credits

Credits to orange_8361 for discovering and sharing this UAC bypass technique.

About

A uacbypass that works on medium IL that abuses EventViewers unsafe deserialization to RecentViews

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 1

Release Latest
Aug 29, 2023

Packages

No packages published

Languages