MakeMeAdmin VS UACME

If they must have it, then make me admin is good for allowing temp admin rights. Although, admittedly, it's permanent in the sense of allowing it whenever - https://github.com/pseymour/MakeMeAdmin

The college I work at uses this https://github.com/pseymour/MakeMeAdmin for as needed elevation.

Make available an on demand access to admin such as MakeMeAdmin ( https://github.com/pseymour/MakeMeAdmin ) which logs all uses and times out after 15 minutes.

MakeMeAdmin's wiki contains a document on [User Account Control (UAC) settings](https://github.com/pseymour/MakeMeAdmin/wiki/UAC-Settings) and, towards the bottom, you'll see `EnableLUA` which this app designates enabling the setting as a requirement. For what it's worth, I build our Windows 10/11 Golden Images for my employer (~12,500 devices) and each image I build is required to pass a pen-test. Having `EnableLUA` instantly disqualifies the image and fails the pen-test. I'm not sure exactly what it does but I'd hesitate to enable this setting globally throughout my organization.

Hey guys, I apologize because it's probably a dumb question but im new in the sysadmin world (started the apprenticeship earlier this year) and was tasked by my boss to implement an app called Make Me Admin (https://github.com/pseymour/MakeMeAdmin) into our Azure and write a powershell script that, when executed, would install it and also change the setting of the app to grant the user admin rights for 60 minutes instead of the default 10 minutes.

We use a “make me temp admin” script that elevates their accounts to admin for a set amount of time depending on the dept. https://github.com/pseymour/MakeMeAdmin

Malware can get admin rights without being run as admin. If you're running a default windows installation, you're very likely already an admin which is much more "dangerous" because of Auto-Elevate and multiple ways you can bypass UAC

I am having problems compiling the newest version of UACME tool. (https://github.com/hfiref0x/UACME) I have no clue which step I am missing, but my akagi.exe is simply not working in any of the modes. :( Could someone please provide step by step support?

Hi, I had this issue where I had a lot of problems with UAC Bypass until I found UACME (https://github.com/hfiref0x/UACME). This is the best tool for UAC Bypass. Also, you can use Metasploit, but if you are preparing for OSCP, you should look for a way to bypass UAC without Metasploit. Hope it helps.

There's some very good points in there, but (4) is unfair. It's true that there's no boundary between a sudoer and root in Linux, but there's also no boundary between an Administrator and SYSTEM in Windows. UAC, even in the "secure" AlwaysNotify mode which uses the secure desktop, has countless unpatched bypasses[1].

Also, (3) should raise some eyebrows for readers paying attention. Cool, Microsoft removed font parsing from the kernel, how wise of them. Wait a second, why was font parsing in the kernel to begin with? With win32k.sys, it shouldn't be surprising that Microsoft has to do more legwork to bring the attack surface back down to the level of other OSes. They're also exploring the use of eBPF in the Windows kernel too[2].

[1]: https://github.com/hfiref0x/UACME

Look into UACME a short summary of the general theme of bypasse's can be found here:

The usefulness and security offered by UAC is debatable, but it's better to have it so that you can make the decision whether you want to permit the access or not when prompted. There are, of course, numerous ways to bypass UAC silently but to their credit Microsoft is making UAC more and more like a seamless sudo as time goes on.

The UACME project has a tool with 70 distinct bypasses for UAC available. These bypasses are well known and documented.

Unfortunately I now have to add some more context, because if I don't a bunch of other InfoSec peeps are going to come here and do some chest beating. So, let's do that: UAC is nowhere near foolproof and most malware authors write malware specifically to exploit the known methods of avoiding the prompt. However, as most of you home PC owners are going to be administrators, turning off the UAC prompt completely makes no sense. So, whilst not-that-good, UAC may one day pop a Yes/No prompt where you click NO and save yourself a lot of heartache.