Windows Escalate UAC Protection Bypass Via SilentCleanup

Posted by deepcore on June 29, 2019 – 2:42 pm

There’s a task in Windows Task Scheduler called “SilentCleanup” which, while it’s executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%system32cleanmgr.exe. Since it runs as Users, and we can control user’s environment variables, %windir% (normally pointing to C:Windows) can be changed to point to whatever we want, and it’ll run as admin.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] LibreNMS 1.46 – 'addhost' Remote Code Execution Google Chrome JS Execution Use-After-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Windows Escalate UAC Protection Bypass Via SilentCleanup

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL