EvilZone
Hacking and Security => Hacking and Security => : BlackPlanet February 05, 2012, 01:18:49 AM
-
Used a .Bat file to locate and run CMD programme, however it has been blocked by the administartor. Anyway to override that ?
Cheers :)
-
Ask the admin for Active Directory domain password and change GPO rules
-
Load Linux live distro - steal SAM and SYSTEM files and use SAMInside to get the password.
Don't ask me how to do it!
-
Load Linux live distro - steal SAM and SYSTEM files and use SAMInside to get the password.
Don't ask me how to do it!
pointless note: you can do that with admin anytime you want(VSS, without outside OS). I actually have C code that will do just that, finding docs to decode those files are often extremely vague so I use SAMinside myself
-
if you can run programs. make a small c exe wich starts cmd.
if not.. powershell maybe?
-
if not..
kill yourself maybe?
-
kill yourself maybe?
Still won't give you a command shell I think ...
But.. sure can try..
-
Powershell was a good recommendation.
You also have tinyXP or Hirens live boot CD's / USB keys which will allow you to do what ever you want in a non-domain context.
-
The answer isn't as easy as you're making it sound like.
It depends on how is the cmd being locked. Locally, or Network, with an external program or not.
With that said the solution might vary to much to make guesses.
Of course being an admin and logging in locally would fix it, but what if he needs to be in the network to access some files while using cmd? In that case this plan would fail, which means he would need to root the main server and edit his account priveleges, which isn't nearly as simple.
If you want to access privileged files you can just boot up a Live OS.
If you just want to play with msg command and that kind of stuff, you can do it in the "Run" itself.
Also there's another possibility much better, boot up a Live Distro and replace the file magnifier.exe (might not be the exact name) with cmd.exe (change cmd to magnifier). Before logging in you will have access to the CMD if you try to use the magnifier. It's an old technique that has never been fixed, as far as I know.
-
Also there's another possibility much better, boot up a Live Distro and replace the file magnifier.exe (might not be the exact name) with cmd.exe (change cmd to magnifier). Before logging in you will have access to the CMD if you try to use the magnifier. It's an old technique that has never been fixed, as far as I know.
If going this route, I don't recommend replacing magnifier, as not everyone knows how to use it. I instead recommend doing this same thing to "utilman.exe" aka the windows Ease of Access program. It's opened by pressing [windows key] + [ u]. Very simple, and gives you a very easy to remember shortcut key.
Also, @OP, by doing this, you will have privileges higher than that of the Administrative user. It's similar to the root user in linux, except this one is called "NT Authority/System"
-
Cheers guys the majority of these replies were pretty helpful.
I managed to over ride it quite simply tbh.
Just restarted the computer , pressed a few buttons and made myself admin, then enabled CMD :)
-
You can also hex edit CMD.exe to override the policy disable function.
-
You can also hex edit CMD.exe to override the policy disable function.
Can you get more in detail?
I always thought there was a thread running that would compare the name of the file being run against policies.
CMD.exe by itself should be just a program that has it's functions (run files, list files, etc... etc...) but once you try to execute it, it's not CMD.exe that will compare to the policy if can be ran, but rather a Security Service (A permanently running service, multi-thread, working as proxy) that will always compare you're actions against the policy set perimeters.
And I'm pretty sure it works like that, otherwise every single file would be considerably larger, it's like embedding a 200 lines piece of code in every file, no point when you can have another file that does it, then you just call it.
But share you're idea, I'm curious now!
-
Can you get more in detail?
I always thought there was a thread running that would compare the name of the file being run against policies.
CMD.exe by itself should be just a program that has it's functions (run files, list files, etc... etc...) but once you try to execute it, it's not CMD.exe that will compare to the policy if can be ran, but rather a Security Service (A permanently running service, multi-thread, working as proxy) that will always compare you're actions against the policy set perimeters.
And I'm pretty sure it works like that, otherwise every single file would be considerably larger, it's like embedding a 200 lines piece of code in every file, no point when you can have another file that does it, then you just call it.
But share you're idea, I'm curious now!
CMD in itself does very little. Mostly calls for other programs. Tho it sounds weird. You can get runnable CMD's when CMD is disabled. But.. Its not really all that cool anyway. I mean, you can run any program you want. So why not run something useful. Ill attach edited CMD.exe and regedit.exe, both will run when they are disabled by policy.
I am sorry I am so details greedy, but I dont have time right now :P
-
CMD in itself does very little. Mostly calls for other programs. Tho it sounds weird. You can get runnable CMD's when CMD is disabled. But.. Its not really all that cool anyway. I mean, you can run any program you want. So why not run something useful. Ill attach edited CMD.exe and regedit.exe, both will run when they are disabled by policy.
I am sorry I am so details greedy, but I dont have time right now :P
interesting, what exactly is changed ?
-
interesting, what exactly is changed ?
Couple of letters in the registery key path.
-
is it that easy? :P
-
is it that easy? :P
Yup :P
-
sometimes indeed the biggest problem is thinking to difficult..
(my problem most of the time :o )
-
interesting, what exactly is changed ?
Path to the policy was changed so it couldn't be found :)
-
Ah yes, I see what you mean! Good idea, +1
Now I just have to compare you're cmd.exe against mine to see how you edited it, honestly I would make my own C/C++ tool that would call the desired programs, to act like a proxy, editing cmd would be on bottom of my ideas, guess I need to re-think my strategies.