could be if you use SendInput or SetCursorPos to get around UIPI.
-
-
-
That's what UIPI is supposed to prevent. If you know a way around it, that's probably a real vulnerability, because you could (for example) do it to the consent dialog..
- 1 more reply
New conversation -
-
-
I converted this into UAC bypass some time ago. https://amonitoring.ru/article/uac_bypass_english/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Agreed, although I see that cobalt strike has a UAC bypass which asks the victims to click on yes or no, so, If UAC bypass operation should happen without interaction, why does the method of Cobalt strike UAC bypass asks the victim to click yes or no to get the administrator?
-
I guess the method in cobalt strike is used to "trick" to user to click yes. UAC is not meant to prevent stupid users from clicking yes.. The method in cobalt strike is not really a UAC bypass either..
- 5 more replies
New conversation -
-
-
I was always under the impression that the goal of UAC bypass was to run an elevated payload without interaction. Maybe such cases where interaction avoids the "sanity prompt" can be considered a bypass as well? I think its a stretch, IMO.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If this is a UAC bypass, then almost all high integrity process with UI is a UAC bypass, so ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is not a UAC bypass. Look here for another example:https://twitter.com/z3roTrust/status/1174998670342836224?s=19 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.