Windows Escalate UAC Protection Bypass

Posted on 18 November 2019

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.