Readme by AI
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
# PoC — SAS Desktop DoS via UAC Spoofing
|
||||
|
||||
A Windows proof-of-concept that demonstrates how a hidden UAC elevation prompt can be used to block the Secure Attention Sequence (SAS) while a rapid desktop-switching loop prevents the user from regaining control of their session.
|
||||
|
||||
> **Disclaimer:** For authorised security research and CTF use only. Do not run against systems you do not own or have explicit written permission to test.
|
||||
|
||||
---
|
||||
|
||||
## What It Does
|
||||
|
||||
1. Creates a shadow desktop invisible to the user and fires a UAC elevation prompt on it. Windows holds the SAS lock for the duration of the pending prompt, meaning Ctrl+Alt+Del and the secure desktop are blocked.
|
||||
|
||||
2. Rapidly switches between the shadow desktop and the default desktop at full CPU speed. This thrashes the display pipeline and prevents the system from stabilising — without the UAC lock the user could recover, but with it there is no escape route left to recover into.
|
||||
|
||||
3. Installs a system-wide low-level keyboard hook that swallows all input. The only key that passes through is Escape, which tears everything down cleanly.
|
||||
|
||||
4. Plays a fullscreen looping video and pins an overlay to the bottom of the screen showing "Press Escape to Quit".
|
||||
|
||||
The UAC is the lock. The desktop switching is the hammer. Together they make the session unrecoverable without pressing Escape.
|
||||
|
||||
---
|
||||
|
||||
## Requirements
|
||||
|
||||
- Windows 10 / 11
|
||||
- Python 3.x (no third-party packages)
|
||||
- Optional: mpv or VLC for the video payload
|
||||
|
||||
## Running
|
||||
|
||||
```
|
||||
python poc_sas_dos.py
|
||||
```
|
||||
|
||||
Press **Escape** to exit cleanly.
|
||||
Reference in New Issue
Block a user