User Account Control Bypass

Goal: Advance knowledge surrounding User Account Control (UAC) bypass techniques.

​Lets begin with the sysprep method which is the most commonly used method of bypassing UAC. Made famous by Leo Davidson in 2009, it involves the following steps:

1. Copy/plant a DLL in the C:\Windows\System32\sysprep directory. The name of the DLL depends on the Windows version:

CRYPTBASE.dll for Windows 7
shcore.dll for Windows 8

2.  Execute sysprep.exe from the above directory. It will load the the above DLL and execute it with elevated privileges. 

In fact, all the UAC bypass methods involve playing with DLL and executable names and locations. See the table below: