Bypass UAC

Microsoft introduced User Account Control (UAC) in Windows Vista and refined it in Windows 7. UAC is a lot like sudo in UNIX. Day-to-day a user works with a limited set of privileges. If the user needs to perform a privileged action--the system asks if they would like to elevate their rights.

Open a command shell and type whoami /groups to see which groups you're in and which rights apply to you. If you see Mandatory Label\High Mandatory Level in the output--then you're running in a process with administrator rights.

If you see Mandatory Label\Medium Mandatory Level then you're in a process with standard user rights. The Bypass UAC attack helps you elevate from a Medium Integrity context to a High Integrity context. It requires that the current user is in an administrators group. It also requires that the UAC prompt settings are not set to High on the target system.

Go to [beacon] -> Access -> Bypass UAC to launch the Bypass UAC attack. Cobalt Strike will ask you which listener to spawn a session to.