Skip to content

mr-r3bot/bof-modules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
dst
dst
 
 
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Description

This is a BOF file/project for Havoc C2 framework, the purpose is to port a known techinque for UAC bypass, escalate to Local Administrator in Windows using COM

Then place .o file in the same directory as your Havoc script.

Note: this project is still under development so sorry in advanced for my crappy code :(, it was created as a POC and does not have off-sec features

Usage

To build:

make UACBypass

To run:

uac-lua-bypass com_exec "cmd.exe" "<args>"

Ideas for future development

  • Dump LSAS using Dup Handle and MiniWriteDump
  • Implement PPL bypass techniques to dump LSASS with RunAsPPL=1
  • Implement evasive features and test on EDR

Test in Windows VM with Havoc integration

Before using com_exec to escalate permission, we cannot use nanodump tool to dump LSASS

image

After self-inject beacon again with higher priviledge ( local admin using com_exec ), we are able to dump lsass

image

About

BOF for C2 framework

Resources

Readme
Activity

Stars

40 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages