This bypass-UAC method is based on
https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/UAC-TokenMagic.ps1
Generally you must satisfy the following 2 requirements:
-
There is an already elevated process.
-
You have
PROCESS_QUERY_LIMITED_INFORMATIONright to this elevated process.
If your account is under Administrators group, you can open Task Manager to meet those requirements.
Open Developer Command Prompt and
> cl _tmain.cpp /Fe:GetSystem.exe
Just run it.
> GetSystem.exe
