TpmInitUACBypass - A tool to Bypass User Account Control(UAC) on Windows 8.1 x64 & Windows 10 x64.

TpmInitUACBypass – A tool to Bypass User Account Control(UAC) on Windows 8.1 x64 & Windows 10 x64.

TpmInitUACBypass is A tool to Bypass User Account Control (UAC), to get a High Integrity (or SYSTEM) Reversed Command shell, a reversed PowerShell session, or a Reversed Meterpreter session. When TpmInit.exe starts, it first tries to load the wbemcomn.dll within C:\Windows\System32\wbem. This DLL cannot be found in that folder, so it tries to load the DLL again, but then in C:\Windows\System32. This tool exploits this DLL loading vulnerability within TpmInit.exe, which runs auto-elevated by default. Same issue also applies to the WMI Performance Adapter service (wmiApSrv) which runs with SYSTEM privileges. So while we can use TpmInit.exe to get Elevated priviliges, we can also use it to start the wmiApSrv service, and get a SYSTEM shell using our custom DL
This version has been succesfully tested on Windows 8.1 x64 and Windows 10 x64 (Version 1511).

setup a remote Netcat, Ncat or Meterpreter(x64) listener

setup a remote Netcat, Ncat or Meterpreter(x64) listener

Dependencies:
+ Nmap
+ Metasploit Framework

Usage:

Download: TpmInitUACBypass.zip
Source: https://github.com/Cn33liz/

Strong Advice: Do not use accounts with Administrative privileges for daily computer usage!