So we decided to write a list of our hacking techniques that we use in case someone tries to close some registry keys ;-)
We will try regularly update this list:
Basic shortcuts:
- Open file: Ctrl + o
- Save File: Ctrl + s
- Open New Browser: Ctrl + n, Shift (or Ctrl) + Left Click on link
- Browser History: Ctrl + h
- Task Manager: Ctrl+Shift+Esc
- File manager: Windows + E
- Run commands: Windows + R
- Utility Manager: Windows + U
- Windows search: Windows + F
Open Internet browser:
- Press F1 – Click on any URL to open.
- Click on help on the language bar.
- Windows + U -> Help
- Run calc -> Help -> Help Topics -> Mouse right click on the window blue frame -> Jump to URL
Get local files (like cmd.exe):
- Printing window (Ctrl + p) -> print to file -> filename=* -> Enter -> and browse to system32
- Right Mouse Click (or Shift + F10) -> Save Picture As -> filename=* ->…
- View Source -> filename=* ->…
If the right mouse click is forbidden:
- Use Shift + F10
Run Command Shell:
- Run command.com
- Drag other file on cmd.exe or command.com
- Shortcut to cmd.exe or command.com
- Batch file with: c:\windows\system32\cmd /c (Or /K) any_command
- VBS script: Dim shlomi ShellSet shlomiShell= WScript.CreateObject ("WScript.shell") oShell.run "cmd /K CD C:\ & Dir" Set shlomiShell= Nothing
Open file manager using IE:
- Favorites -> Drag any folder to browser’s window.
Using office applications:
- Insert Picture -> filename=* ->…
- Insert Hyper Link - > file://c:\windows\system32\cmd.exe
- Insert object -> Create from File -> cmd.exe or command.com
- Run VB (or VB Macro).
If you can't run shell:
- Rename cmd.exe (or command.com) to applicationName_uCanRun.exe.
- Use Debug.exe, using this you can run almost any exe you like. You just need to upload the Assembly code or write by yourself.
- Run VB compiler, using office applications.
One more to the list:
ReplyDeleteEnumerate and see hidden network units information. In any Open, Save, Print -> Save As file dialog enter d:, e:, f:, etc, at the filename field. If the unit exist, even if it is hidden, it will display its information.
good, i drop by here through keyword "sql injection" via a service call "blogger auto follow" im following u.. hope to see u in my followers list soon and would love to share anything from internet, network and information security stuff.
ReplyDeleteregards,
Hacking Expose! Team
a handy trick i've used to open IE when it's been "disabled" in the past is to launch the following from start->run: res://ieframe.dll
ReplyDeleteNice technique for opening cmd:
ReplyDelete1) Open MSPaint and change image attributes to: Width=6 and Height=1 pixels.
2) Set pixels values to (from left to right):
1st: R: 10, G: 0, B: 0
2nd: R: 13, G: 10, B: 13
3rd: R: 100, G: 109, B: 99
4th: R: 120, G: 101, B: 46
5th: R: 0, G: 0, B: 101
6th: R: 0, G: 0, B: 0
3) Save it as 24-bit Bitmap (*.bmp;*.dib)
4) Change it's extension from bmp to bat and run.
;-)
Source:
http://www.digitalwhisper.co.il/0x26/
iKAT 2012 Release - Interactive Kiosk Attack Tool
ReplyDeletehttp://ikat.ha.cked.net/Windows/
iKAT is a 100% free SaaS website that you can visit from any browser
environment. iKAT will attempt to exploit the browser and spawn a
local shell for you.
Bypassing Group Policy restrictions and running Command Prompt:
ReplyDeletehttp://blog.owobble.co.uk/nftf-bypassing-group-policy-denied-command-pr