Update README.md
This commit is contained in:
parent
0281d88a21
commit
1e17ff81fe
@ -4,7 +4,7 @@
|
|||||||
# The fault :
|
# The fault :
|
||||||
This program is based on an easy break in windows. There are some services that are considered as trusted, so windows executes them with admin rights without warning you, because it could become a mess on your computer to have so many UAC prompts...
|
This program is based on an easy break in windows. There are some services that are considered as trusted, so windows executes them with admin rights without warning you, because it could become a mess on your computer to have so many UAC prompts...
|
||||||
Fodhelper.exe is one of these trusted services. Located in system32, you often execute it without even thinking about it. This program is responsible of the following menus : Screen Resolution, general programs etc...
|
Fodhelper.exe is one of these trusted services. Located in system32, you often execute it without even thinking about it. This program is responsible of the following menus : Screen Resolution, general programs etc...
|
||||||
Why do we talk about it ? Pretty simple. When you launch this program, windows go to the registry folder "HKCU\Software\Classes\ms-settings\shell\open\command" and check if there's any registry key named "DelegateExecute". If this key is present, it will look at the value of the default key in this folder, and instead of executing what he was going to do, windows executed what is entered in the default value. With admin rights. Please note that this folder doesn't exist in regedit if you haven't done this manipulation before. That's how the fault works. Also please remember that I didn't discovered it and that many people use it for privilege escalation. And also note that I'm not responsible of what you're doing with this stuff.
|
Why do we talk about it ? Pretty simple. When you launch this program, windows go to the registry folder "HKCU\Software\Classes\ms-settings\shell\open\command" and check if there's any registry key named "DelegateExecute". If this key is present, it will look at the value of the default key in this folder, and instead of executing what he was going to do, windows will execute what is entered in the default value. With admin rights. Please note that this folder doesn't exist in regedit if you haven't done this manipulation before. That's how the fault works. Also please remember that I didn't discovered it and that many people use it for privilege escalation. And also note that I'm not responsible of what you're doing with this stuff.
|
||||||
|
|
||||||
# What does this batch do ?
|
# What does this batch do ?
|
||||||
This batch will first check wether or not it's executed with admin rights. If yes, it will just tell you that it has the admin rights. If not, it will firstly add the two keys to the registry library. The first one is the default one, to tell what windows will have to do. Here, the batch just tell windows to launch itself. But with admin rights. Then it creates the "DelegateExecute" key, to tell windows "Notice me Senpai (and execute what I told you with admin rights)" (actual text may vary from a machine to another). And then it launches itself by using "fodhelper.exe" which will execute the code we put in the default key. When it relaunches itself, using the fodhelper fault, it checks again if it has the admin rights, and if yes, it deletes the two keys, to make things back to normal, but keeps it's rights.
|
This batch will first check wether or not it's executed with admin rights. If yes, it will just tell you that it has the admin rights. If not, it will firstly add the two keys to the registry library. The first one is the default one, to tell what windows will have to do. Here, the batch just tell windows to launch itself. But with admin rights. Then it creates the "DelegateExecute" key, to tell windows "Notice me Senpai (and execute what I told you with admin rights)" (actual text may vary from a machine to another). And then it launches itself by using "fodhelper.exe" which will execute the code we put in the default key. When it relaunches itself, using the fodhelper fault, it checks again if it has the admin rights, and if yes, it deletes the two keys, to make things back to normal, but keeps it's rights.
|
||||||
|
Loading…
Reference in New Issue
Block a user