OffensiveCSharp
OffensiveCSharp copied to clipboard
Published
20 hours ago •
matterpreter
matterpreter
Implement a cleanup function for MockDirUACBypass
When a user deletes the mock directory C:\Windows \System32\, Windows will attempt to delete the real System32. Need to implement a cleanup function to do this as an argument. This can likely be done with kernel32!RemoveDirectory, but will require a few other steps as the directory must be emptied prior to deletion.
