antonioCoco
/ TaskManagerSecret.c
Created
August 29, 2023 01:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
antonioCoco
/ TcbElevation.cpp
Last active
October 11, 2024 20:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
antonioCoco
/ AltPidFinder.cpp
Created
May 5, 2022 15:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "Windows.h" | |
| #include "stdio.h" | |
| #include "strsafe.h" | |
| #include "winternl.h" | |
| #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004 | |
| typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION | |
| { | |
| ULONG NumberOfProcessIdsInList; |