EvilZone

Hacking and Security => Hacking and Security => Topic started by: NC009 on August 11, 2011, 08:43:31 PM

Title: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: NC009 on August 11, 2011, 08:43:31 PM

Interesting...this could be useful... ???

Quote

Let’s face it, a lot of public Windows machines aren’t locked down properly. This trick, sent in by 0perator, goes to show how trivial it can be to obtain a shell using the notorious MsPaint tool. Begin by opening Paint and starting a new image with the dimensions of 1 px tall and 6 px wide. Then from left to right paint one pixel at a time with these custom RGB values:
 

• 10,0,0
• 13,10,13
• 100,109,99
• 120,101,46
• 0,0,101
• 0,0,0

Now save the image as a 24-bit bmp file. Rename the extension .bat, open and enjoy the shell.
To see what’s really going on here open the file in a hex editor. My favorite on Windows is HxD Hex Editor (http://mh-nexus.de/en/hxd/). It’s freeware. Of course it’s worth mentioning that any machine secured properly with group policies isn’t going to be susceptible to this attack, but you’d be surprised how many aren’t.

- Hak5


http://www.youtube.com/watch?v=Nwc2g4eGvTs=player embedded (http://www.youtube.com/watch?v=Nwc2g4eGvTs=player%20embedded)

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: ElectricNoodle on August 11, 2011, 11:02:40 PM

Haha wow! It works!! :P Thats pretty cool :D I wonder if its possible to convert normal source code into images.. that way.. it would be like art in two ways :P You never know.. some programs might look really nice!!! lol

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: Jath on August 12, 2011, 04:17:39 AM

thats really cool, i was not expecting that.

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: NC009 on August 12, 2011, 02:43:05 PM

Quote from: ElectricNoodle on August 11, 2011, 11:02:40 PM

Haha wow! It works!! :P Thats pretty cool :D I wonder if its possible to convert normal source code into images.. that way.. it would be like art in two ways :P You never know.. some programs might look really nice!!! lol

This does open for some new ideas regarding hex translation...

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: Stackprotector on August 12, 2011, 03:21:47 PM

mhm, cool, not sure it will work on the average public computer,  this type of attack may be the same as creating a bat file and telling the computer to open cmd or command.
Not sure tough

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: FuyuKitsune on August 12, 2011, 05:42:25 PM

I wish they'd put the time of each video segment in the description. I don't give a flying crap about the pre-show talk and the streaming is not very forgiving on my internet.

Not really useful. Just make a text file then change the extension to .bat or .cmd.

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: gringoire on August 23, 2011, 04:39:47 PM

Nice thing to know, might be useful some time, I never saw a windows computer without paint.
Too bad I don't have a windows computer handy to try it on right now :(

Title: Re: Breaking into command prompts using Microsoft Paint! by 0perator c/o Hak5
Post by: petermlm on August 24, 2011, 02:43:54 AM

Quote from: Gringoire on August 23, 2011, 04:39:47 PM

Nice thing to know, might be useful some time, I never saw a windows computer without paint.
Too bad I don't have a windows computer handy to try it on right now :(

You can try this with Virtual Box.