User Account Control (UAC) - What Penetration Testers Should Know (article)

Discussion in 'other security issues & news' started by MrBrian, Apr 18, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Anyone have evidence of any malware that uses techniques to evade UAC at max level?
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    you have some hacktools (that could be packed with legit files) bypassing UAC but you have to execute them yourself, i don't heard yet a malware that do it automatically without the user intervention (by this i meant; you surf then UAC get bypassed silently) .
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    What techniques are these using (if you know)? Do they get admin privileges without exploiting an operating system vulnerability or program vulnerability?
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    we had a long and passionate discussion about it here

    Become interesting at page 2

    the thread was about someone running Windows unpatched and get infected then it goes to UAC discussion ^^, you will find videos and links to some samples.

    it uses OS "vulnerability"
     
    Last edited: Apr 20, 2014
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the link :).

    I tried BypassUAC from
    Code:
    hxxps://www.trustedsec.com/downloads/tools-download/
    on Win 7 x64. With UAC at max, use of the tool results in 2 "blue color (=Windows component)" UAC prompts. With UAC at default, use of the tool results in 0 UAC prompts.
     
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    as i said most bypasses are made via hacktools rarely used by malware-writters; UAC works at kernel level and needs too much efforts, it is easier to bypass softwares by using exploits or modified files/keygens that prompt users to overide UAC
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Even with that particular tool, with UAC at max, a knowledgeable user would hopefully be suspicious of an unexpected UAC prompt.
     
  10. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    yes sure but "happy-clickers" will not ^^
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK, so what is the end conclusion? That UAC sucks? :)

    I did turn it off in Win 8, it was kinda annoying, but I´ve read that in Win 8, you can´t completely disable it. By default, all processes run in non-admin mode (even when if you´re logged in as Admin), which is a good thing, am I correct?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I have UAC set to max (Win 7). I didn't see anything in the thread mentioned in post #6 that changed my mind.
     
Loading...
Thread Status:
Not open for further replies.