id: uac-elevate-without-prompt

info:
  name: UAC Elevate Without Prompting Enabled
  author: princechaddha
  severity: high
  description: Checks if User Account Control (UAC) elevates privileges without prompting, reducing security.
  impact: |
    Elevating privileges without prompting can allow unauthorized changes to the system.
  remediation: |
    Configure UAC to prompt for administrative actions.
  tags: uac,privilege,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'ConsentPromptBehaviorAdmin'

    matchers:
      - type: word
        words:
          - "ConsentPromptBehaviorAdmin : 0"
# digest: 4a0a0047304502205a620eaea9e82c63fe6fbcb4df164cbe516d793c1f293f383cef5e1f3c77b7170221008795689222acfcd50652a54ffb3c2519475c6f670d8470844d2a4e19e3451ab0:922c64590222798bb761d5b6d8e72950