I have tried with a Windows 10 Professional 22H2 (latest iso downloaded from Microsoft) and still the same problem :
This time I just downloaded the zip and ran the powershell.

https://i.imgur.com/0DUsTns.mp4

Please see the video
https://i.imgur.com/0aBAPJG.mp4

After running the modification script, all the shortcut settings on my computer (such as personalization and display settings) became CMD pop ups, and I don't know how to restore them

22H2

Despite using the latest version with no compilation errors, the script still fails with "access denied" while trying to copy the sl0p.dll in C:\windows folder.

The line that fails :

Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\sl0puacb.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "C:\Windows\system32\sl0p.dll"

I have thoroughly reviewed this repo, and i really don't understand where the UAC bypass is executed. I see the code that is in the .cs file and the .net dll file that has the UAC bypass, but what in the world calls it?
The ps1 script just sets it up. I converted the dll into an exe and executed it, but still no popping of an elevated cmd.
What am i missing here?

Hi,

I was trying to test to bypass UAC on a Windows 10 Iot Entreprise 2021 LTSC.

Here are the steps I took :

1. Dowloaded .ps1 & .cs files to c:\tmp
2. Encoded command 'cmd' to base64 and replaced >b64PayloadHere< in sl0puacb.cs with the base64 value of 'cmd' (I wanted to launch a cmd)
3. Executed Set-ExecutionPolicy Bypass -Scope CurrentUser in powershell
4. cd to C:\tmp and started .ps1 file (as low power local user).

Here's the output :

Did I understand everything correctly or did I make a mistake ?
Also, I don't understand how the script is supposed to copy sl0p.dll to c:\windows\xxx if it hasn't got the admin rights ?

Hello
What is CVE id of this MUlti UAC Bypasses?

OS; Windows 10 pro build 19044
First i've ran "Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser"
After that I put I all the files together. When I run the script with powershell I only get this output in terminal:
`
$ C:\Users\user\Downloads\Automated-MUlti-UAC-Bypass-master>powershell -noexit -executionpolicy bypass -command ".\Win-Multi-UAC-Bypass.ps1"

000000000000000000000000000000000000000000
0 Sl0ppyR00t Gonna Check the os version. 0
0 We do the UAC based on the os 0
0 So that u dont need to check it. 0
0 Team Sl0ppyRoot 0
0 x0xr00t 0
000000000000000000000000000000000000000000

$ PS C:\Users\user\Downloads\Automated-MUlti-UAC-Bypass-master>
`

Nothing else happens. But there are no errors. As you see I other 'Write Host" text is missing so it seems to stop running. I didn't touch the code at all. I tried to .exe too. Same problem. how to solve this?

OS Build: 22631.3007

screenshots

cmd.exe appears on the screen, can't I secretly run a script instead of cmd?