Share
## https://sploitus.com/exploit?id=4C3FD5B1-8851-5F03-A1D7-250E44CB8187
# Elevation

![Windows](https://img.shields.io/badge/platform-Windows%2010%20%7C%2011-0078D4?logo=windows&logoColor=white)
![C++](https://img.shields.io/badge/language-C%2B%2B-00599C?logo=c%2B%2B&logoColor=white)
![Security](https://img.shields.io/badge/focus-Red%20Teaming-red)

> **A comprehensive lab for Windows vertical movement — featuring deep-dives into UAC Bypasses and Kernel-level Privilege Escalation.**

---

##  UAC Bypass vs. Privilege Escalation

While both result in the same outcome—getting higher permissions—they live at different levels of the security stack. 

### 🛡️ User Account Control (UAC) Bypass
UAC is **not** considered a security boundary by Microsoft; it’s a "convenience" feature to prevent accidental system changes. 
- **The Concept:** You are already an administrator, but you're running in a "Split Token" mode (limited rights).
- **The Exploit:** Tricking a trusted Windows process (like `fodhelper.exe`) into giving you your **own** Administrator token back without asking the user.
- **Complexity:** Usually relies on registry hijacks, COM interfaces, or DLL sideloading.

### ⚔️ Privilege Escalation (PrivEsc)
Privilege Escalation targets actual **Security Boundaries** (like the boundary between a standard User and the Kernel/SYSTEM).
- **The Concept:** You are a standard user with **no** administrative association. You want to become SYSTEM.
- **The Exploit:** Abusing kernel vulnerabilities, Misconfigured Services, or Unquoted Service Paths to force the system to give you a token you were **never** supposed to have.
- **Complexity:** Often involves more complicated steps, driver exploitation, or complex logic bugs in high-privilege services.

---

## 📂 Repository Roadmap

| Category | Description | Contents |
| :--- | :--- | :--- |
| [**UAC Bypass**](./UAC-Bypass/) | Methods to go from Admin (Limited) to Admin (Full) silently. | `fodhelper`, `ComputerDefaults` |
| [**Privilege Escalation**](./Privilege-Escalation/) | Methods to go from Standard User to SYSTEM/NT Authority. | *Coming Soon* |

---

## 🚀 Getting Started

To dive into a specific technique, navigate to its category and select a technique folder. Each one contains:
1. **README.md:** Deep technical explanation of the "How" and "Why".
2. **Source Code:** A clean, documented C++ PoC.
3. **Detection Indicators:** Tips for Blue Teams to catch the exploit.

### 🛠️ Unified Compilation
To avoid DLL entry-point errors and environment conflicts, use the provided `compile.bat` script from the root of the repository. It uses an isolated MSYS2 environment to build standalone, statically-linked binaries.

**Usage:**
```powershell
.\compile.bat [exploit_name]
```

**Examples:**
- `.\compile.bat fodhelper`
- `.\compile.bat ComputerDefaults`

The compiled `.exe` will be generated directly inside the specific exploit's folder.

---

## ⚖️ Disclaimer

This repository is for educational purposes and authorized security research only. The author is not responsible for any misuse of the information provided herein.