logo
Red team
Slipping past the gatekeeper: Bypassing user account control
  • Green team
  • Blue team
  • Purple team
  • Indigo team
  • Broomstick Brief
  • Ty Myrddin
Initializing search
      • IN: Where the falcons and foxes roam
      • THROUGH: Where the raccoons burrow and rummage
        • The art of staying where you are not wanted
        • Where the raccoon overflows the bin—on purpose
        • Foraging for secrets in binaries
        • The payload is in the picnic photo
        • Tipping the stack—and the garbage can
        • Nature’s cheats: The raccoon’s guide to slipping through the cracks
          • Slippery paws: Practise makes untraceable
            • Threading the needle: The raccoon’s art of process injection
            • Dancing with shadows: Outsmarting the digital watchdogs
            • The masked marauder: Cloaking intent in code
            • Breaking the mould: Evading digital fingerprints
            • Slipping past the gatekeeper: Bypassing user account control
              • GUI based bypasses
              • AutoElevating processes
              • Fodhelper-curver exploit
              • Bypassing Always Notify
              • Automated exploitation
            • Slipping past the gatekeeper: Bypassing user account control
              • GUI based bypasses
              • AutoElevating processes
              • Fodhelper-curver exploit
              • Bypassing Always Notify
              • Automated exploitation
            • The invisible intruder: Evading real-time defences
            • Erasing the trail: Evading logging and monitoring
            • Urban survival: Using the environment against itself
            • Navigating the digital thicket: Evading network defences
            • Through the firebreak: Breaching digital barriers
            • Dodging the trap: Escaping the sandbox
      • OUT: Where squirrels swipe the crown jewels

    Slipping past the gatekeeper: Bypassing user account control¶

    User Account Control (UAC) is designed to prevent unauthorised changes, but even it can be circumvented. Explore techniques to bypass UAC prompts, allowing code to execute with elevated privileges without raising suspicion.

    When the raccoon finds the door locked, it finds a window.

    • GUI based bypasses
    • AutoElevating processes
    • Fodhelper-curver exploit
    • Bypassing Always Notify
    • Automated exploitation
    THM Room: Bypassing UAC
    Last update: 2025-05-19 17:27
    Back to top
    Previous Real world challenge
    Next GUI based bypasses
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7