User Account Control (UAC) - What Penetration Testers Should Know (article)

Discussion in 'other security issues & news' started by MrBrian, Apr 18, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Anyone have evidence of any malware that uses techniques to evade UAC at max level?
     
  4. guest

    guest Guest

    you have some hacktools (that could be packed with legit files) bypassing UAC but you have to execute them yourself, i don't heard yet a malware that do it automatically without the user intervention (by this i meant; you surf then UAC get bypassed silently) .
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    What techniques are these using (if you know)? Do they get admin privileges without exploiting an operating system vulnerability or program vulnerability?
     
  6. guest

    guest Guest

    we had a long and passionate discussion about it here

    Become interesting at page 2

    the thread was about someone running Windows unpatched and get infected then it goes to UAC discussion ^^, you will find videos and links to some samples.

    it uses OS "vulnerability"
     
    Last edited by a moderator: Apr 20, 2014
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the link :).

    I tried BypassUAC from
    Code:
    hxxps://www.trustedsec.com/downloads/tools-download/
    on Win 7 x64. With UAC at max, use of the tool results in 2 "blue color (=Windows component)" UAC prompts. With UAC at default, use of the tool results in 0 UAC prompts.
     
  8. guest

    guest Guest

    as i said most bypasses are made via hacktools rarely used by malware-writters; UAC works at kernel level and needs too much efforts, it is easier to bypass softwares by using exploits or modified files/keygens that prompt users to overide UAC
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Even with that particular tool, with UAC at max, a knowledgeable user would hopefully be suspicious of an unexpected UAC prompt.
     
  10. guest

    guest Guest

    yes sure but "happy-clickers" will not ^^
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, so what is the end conclusion? That UAC sucks? :)

    I did turn it off in Win 8, it was kinda annoying, but I´ve read that in Win 8, you can´t completely disable it. By default, all processes run in non-admin mode (even when if you´re logged in as Admin), which is a good thing, am I correct?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I have UAC set to max (Win 7). I didn't see anything in the thread mentioned in post #6 that changed my mind.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.