搜索

[26704] 2021-03-09_从项目中看BypassUAC和BypassAMSI

文档创建者:s7ckTeam
浏览次数:3
最后更新:2025-01-19
2021-03-09_从项目中看BypassUAC和BypassAMSI 1 2 B y p a s s U A C B y p a s s A M S I     m o o n s e c   2 0 2 1 - 0 3 - 0 9 B y p a s s U A C B y p a s s A M S I e x e p s 1 U A C A M S I U A C M E D o u n t B y p a s s U A C B y p a s s A M S I B y p a s s U A C B y p a s s U A C U A C M E h t t p s : / / g i t h u b . c o m / h f i r e f 0 x / U A C M E D l l H i j a c k R e g i s t r y k e y   m a n i p u l a t i o n E l e v a t e d C O M i n t e r f a c e 2 3 3 3 4 1 U A C M E g l o b a l . h K U M A _ S T U B 2 . 1   D l l H i j a c k 2 3 W i n 7 w i n 1 0 u c m I n i t ( ) c m d
P E B P r o c e s s P a r a m e t e r s P E B P r o c e s s P a r a m e t e r s M e t h o d s M a n a g e r C a l l ( ) M e t h o d u c m M e t h o d s D i s p a t c h T a b l e d l l d l l
d l l I D R _ F U B U K I 6 4 d l l F u b u b i b i n U C M _ A P I _ D I S P A T C H _ E N T R Y 2 3 M e t h o d D i s m ( ) u c m D i s m M e t h o d ( ) u c m x G e n e r i c A u t o e l e v a t i o n ( ) F U B U K I 6 4 d l l s u p W r i t e B u f f e r T o F i l e ( ) C : U s e r s k e n t A p p D a t a L o c a l T e m p d i s m c o r e . d l ! : u c m M a s q u e r a d e d M o v e F i l e C O M ( ) c o m { 3 A D 0 5 5 7 5 - 8 8 5 7 - 4 8 5 0 - 9 2 7 7 - 1 1 B 8 5 B D B 8 E 0 9 } 使 I F i l e O p e r a t i o n C : W i n d o w s s y s t e m 3 2
u c m M a s q u e r a d e d R e n a m e E l e m e n t C O M ( ) d l l u c m x D i s e m e r ( ) C : W i n d o w s s y s t e m 3 2 p k g m g r . e x e / i p / m : p e 3 8 6   / q u i e t s u p R u n P r o c e s s 2 ( ) : S H E L L E X E C U T E I N F O S h e l l E x e c u t e E x ( ) 2 3 D l l H i j a c k 2 . 2     R e g i s t r y k e y   m a n i p u l a t i o n 3 3 w i n 1 0 w i n 7 使 2 5 f o d h e l p e r . e x e H K C U C l a s s e s m s - s e t t i n g s s h e l l o p e n c o m m a n d H K C R C l a s s e s m s - s e t t i n g s s h e l l o p e n c o m m a n d f o d h e l p e r . e x e 便 M e t h o d s M a n a g e r C a l l ( )
3 3 p a y l a o d D L L U C M _ A P I _ D I S P A T C H _ E N T R Y T a r g e t A p p ( f o d h e l p e r . e x e ) p a y l o a d ( C : W i n d o w s s y s t e m 3 2 c m d . e x e ) u c m S h e l l R e g M o d M e t h o d ( ) { 7 E 9 9 F F 9 8 - 7 D 6 6 - 4 0 E 8 - A 0 9 5 - B 6 4 6 7 7 6 8 C 2 8 A } c o m m a n d S y m b o l i c L i n k V a l u e D A T A { 7 E 9 9 F F 9 8 - 7 D 6 6 - 4 0 E 8 - A 0 9 5 - B 6 4 6 7 7 6 8 C 2 8 A } S H E L L E X E C U T E I N F O S h e l l E x e c u t e ( ) f o d h e l p e r . e x e
2 . 3   C O M E l e v a t e d C O M   i n t e r f a c e 4 1 w i n d o w s : C O M I C M L u a U t i l S h e l l E x e c ( ) C o C r e a t e I n s t a n c e A s A d m i n ( ) C O M D L L 使 r u n d l l 3 2 P E B U A C M E 2 . 1 C O M 2 . 2 p a y l o a d U C M _ A P I _ D I S P A T C H _ E N T R Y C O M B I N D _ O P T S 3 { 3 E 5 F C 7 F 9 - 9 A 5 1 - 4 3 6 7 - 9 0 6 3 - A 1 2 0 2 4 4 F B E C 7 } C O M C M L u a U t i l S h e l l E x e c
3 C O M B y p a s s U A C 1 e l e v a t i o n T r u e A u t o A p p r o v a l T r u e U A C M E Y u u b a r i C O M 使 O l e V i e w . N e t C L S I D 2 C O M C O M c m l u a . d l l S h e l l E x e c ( ) 4 1 使 C 2 l a u n c h B y p a s s A M S I 3 . 1 A M S I A M S I A n t i m a l w a r e S c a n   I n t e r f a c e W i n d o w s   S e r v e r 2 0 1 6 W i n 1 0 p s 3 . 2 B y p a s s A M S I B y p a s s A M S I H K C U S o f t w a r e M i c r o s o f t W i n d o w s S c r i p t S e t t i n g s A m s i E n a b l e 0 W i n d o w s D e f e n d e r 使 A M S I D l l p o w e r s h e l l p o w e r s h e l l . e x e A M S I . d l l D L L I n l i n e H o o k A M S I . d l l D o u n t . N e t D o u n t B y p a s s A M S I h t t p s : / / g i t h u b . c o m / T h e W o v e r / d o n u t a m s i . d l l A m s i S c a n S t r i n g ( ) A m s i S c a n B u f f e r ( ) S _ O K :
A m s i S c a n S t r i n g S t u b ( ) A m s i S c a n S t r i n g S t u b ( ) A m s i S c a n S t r i n g S t u b ( ) A m s i S c a n S t r i n g ( ) : 2 A M S I 使 S i g n a t u r e A M S I 0 x 4 9 5 3 4 D 4 1 A m s i S c a n B u f f e r ( ) W i n d o w s D e f e n d e r E g g H u n t e r D l l C a n U n l o a d N o w ( ) A m s i S c a n B u f f e r ( ) 2 4 F i n d A d d r e s s ( ) A m s i S c a n B u f f e r ( )
4 h t t p s : / / m o d e x p . w o r d p r e s s . c o m / 2 0 1 9 / 0 6 / 0 3 / d i s a b l e - a m s i - w l d p - d o t n e t / h t t p s : / / w w w . c o n t e x t i s . c o m / e n / b l o g / a m s i - b y p a s s  
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理