Forum Discussion
Advanced CTF Challenge: Hardened Maze
Try fodhelper again manually.
Thanks - i got reverse shell to the windows host but cannot find the way to escalate privileges to view token because host is in WORKGROUP not domain member...
AmbassadorHi Domel44! How did it go? Any progress?
Hi Nneka_AN - no progress :/
i try all metasploit reverse shell bypass UAC payloads - don't work
also try from windows machine run multiple tools fodhelper, eventvwr, sdclt to try bypass UAC but no luck. Read articles about this:
https://medium.com/@RosanaFS/bypassing-uac-tryhackme-walkthrough-c74818f11bbf
maybe I'm trying to approach this from the wrong side, i don't know :)Try fodhelper again manually.
- autom8on
Clearly I'm missing something... obviously, metasploit's bypassuac_fodhelper claims it isn't vulnerable:
So, I try manually running the script from UAC-bypass/FodhelperBypass.ps1 at master · winscripting/UAC-bypass · GitHub - which gets me nowhere. No obvious error messages, but just end up dumped back at a low-priv powershell command, I can't get it to spawn anything elevated...
Similarly, running the individual commands listed in the "Example PowerShell Commands" section of this article gets me nowhere - (10) UAC Bypass Using Fodhelper.exe | LinkedIn. I've even tried coming up with a modified version of the "Improving the Fodhelper exploit" bit of that article (using CurVer) - but I'm still struggling to get it to actually execute anything...
Time to do more reading, I guess...
