## https://sploitus.com/exploit?id=4C3FD5B1-8851-5F03-A1D7-250E44CB8187
# Elevation



> **A comprehensive lab for Windows vertical movement — featuring deep-dives into UAC Bypasses and Kernel-level Privilege Escalation.**
---
## UAC Bypass vs. Privilege Escalation
While both result in the same outcome—getting higher permissions—they live at different levels of the security stack.
### 🛡️ User Account Control (UAC) Bypass
UAC is **not** considered a security boundary by Microsoft; it’s a "convenience" feature to prevent accidental system changes.
- **The Concept:** You are already an administrator, but you're running in a "Split Token" mode (limited rights).
- **The Exploit:** Tricking a trusted Windows process (like `fodhelper.exe`) into giving you your **own** Administrator token back without asking the user.
- **Complexity:** Usually relies on registry hijacks, COM interfaces, or DLL sideloading.
### ⚔️ Privilege Escalation (PrivEsc)
Privilege Escalation targets actual **Security Boundaries** (like the boundary between a standard User and the Kernel/SYSTEM).
- **The Concept:** You are a standard user with **no** administrative association. You want to become SYSTEM.
- **The Exploit:** Abusing kernel vulnerabilities, Misconfigured Services, or Unquoted Service Paths to force the system to give you a token you were **never** supposed to have.
- **Complexity:** Often involves more complicated steps, driver exploitation, or complex logic bugs in high-privilege services.
---
## 📂 Repository Roadmap
| Category | Description | Contents |
| :--- | :--- | :--- |
| [**UAC Bypass**](./UAC-Bypass/) | Methods to go from Admin (Limited) to Admin (Full) silently. | `fodhelper`, `ComputerDefaults` |
| [**Privilege Escalation**](./Privilege-Escalation/) | Methods to go from Standard User to SYSTEM/NT Authority. | *Coming Soon* |
---
## 🚀 Getting Started
To dive into a specific technique, navigate to its category and select a technique folder. Each one contains:
1. **README.md:** Deep technical explanation of the "How" and "Why".
2. **Source Code:** A clean, documented C++ PoC.
3. **Detection Indicators:** Tips for Blue Teams to catch the exploit.
### 🛠️ Unified Compilation
To avoid DLL entry-point errors and environment conflicts, use the provided `compile.bat` script from the root of the repository. It uses an isolated MSYS2 environment to build standalone, statically-linked binaries.
**Usage:**
```powershell
.\compile.bat [exploit_name]
```
**Examples:**
- `.\compile.bat fodhelper`
- `.\compile.bat ComputerDefaults`
The compiled `.exe` will be generated directly inside the specific exploit's folder.
---
## ⚖️ Disclaimer
This repository is for educational purposes and authorized security research only. The author is not responsible for any misuse of the information provided herein.