Author Topic: CMD (Read 4492 times)

BlackPlanet · « **on:** February 05, 2012, 01:18:49 AM »

Used a .Bat file to locate and run CMD programme, however it has been blocked by the administartor. Anyway to override that ?

Cheers

noob · « **Reply #1 on:** February 05, 2012, 04:59:56 AM »

Ask the admin for Active Directory domain password and change GPO rules

Kulverstukas · « **Reply #2 on:** February 05, 2012, 08:48:15 AM »

Load Linux live distro - steal SAM and SYSTEM files and use SAMInside to get the password.
Don't ask me how to do it!

xzid · « **Reply #3 on:** February 05, 2012, 08:53:20 AM »

Quote from: Kulverstukas on February 05, 2012, 08:48:15 AM

Load Linux live distro - steal SAM and SYSTEM files and use SAMInside to get the password.
Don't ask me how to do it!

pointless note: you can do that with admin anytime you want(VSS, without outside OS). I actually have C code that will do just that, finding docs to decode those files are often extremely vague so I use SAMinside myself

neusbeer · « **Reply #4 on:** February 05, 2012, 02:00:11 PM »

if you can run programs. make a small c exe wich starts cmd.
if not.. powershell maybe?

Kulverstukas · « **Reply #5 on:** February 05, 2012, 03:11:33 PM »

Quote from: neusbeer on February 05, 2012, 02:00:11 PM

if not..

kill yourself maybe?

neusbeer · « **Reply #6 on:** February 05, 2012, 06:28:00 PM »

Quote from: Kulverstukas on February 05, 2012, 03:11:33 PM

kill yourself maybe?

Still won't give you a command shell I think ...
But.. sure can try..

xor · « **Reply #7 on:** February 07, 2012, 10:05:43 AM »

Powershell was a good recommendation.
You also have tinyXP or Hirens live boot CD's / USB keys which will allow you to do what ever you want in a non-domain context.

I_Learning_I · « **Reply #8 on:** February 08, 2012, 11:21:12 AM »

The answer isn't as easy as you're making it sound like.
It depends on how is the cmd being locked. Locally, or Network, with an external program or not.

With that said the solution might vary to much to make guesses.
Of course being an admin and logging in locally would fix it, but what if he needs to be in the network to access some files while using cmd? In that case this plan would fail, which means he would need to root the main server and edit his account priveleges, which isn't nearly as simple.
If you want to access privileged files you can just boot up a Live OS.
If you just want to play with msg command and that kind of stuff, you can do it in the "Run" itself.
Also there's another possibility much better, boot up a Live Distro and replace the file magnifier.exe (might not be the exact name) with cmd.exe (change cmd to magnifier). Before logging in you will have access to the CMD if you try to use the magnifier. It's an old technique that has never been fixed, as far as I know.

Z3R0 · « **Reply #9 on:** February 08, 2012, 11:30:06 AM »

Quote from: I_Learning_I on February 08, 2012, 11:21:12 AM

Also there's another possibility much better, boot up a Live Distro and replace the file magnifier.exe (might not be the exact name) with cmd.exe (change cmd to magnifier). Before logging in you will have access to the CMD if you try to use the magnifier. It's an old technique that has never been fixed, as far as I know.

If going this route, I don't recommend replacing magnifier, as not everyone knows how to use it. I instead recommend doing this same thing to "utilman.exe" aka the windows Ease of Access program. It's opened by pressing [windows key] + [ u]. Very simple, and gives you a very easy to remember shortcut key.

Also, @OP, by doing this, you will have privileges higher than that of the Administrative user. It's similar to the root user in linux, except this one is called "NT Authority/System"

BlackPlanet · « **Reply #10 on:** February 08, 2012, 04:17:10 PM »

Cheers guys the majority of these replies were pretty helpful.
I managed to over ride it quite simply tbh.

Just restarted the computer , pressed a few buttons and made myself admin, then enabled CMD

ande · « **Reply #11 on:** February 08, 2012, 07:30:33 PM »

You can also hex edit CMD.exe to override the policy disable function.

I_Learning_I · « **Reply #12 on:** February 09, 2012, 09:11:35 AM »

Quote from: ande on February 08, 2012, 07:30:33 PM

You can also hex edit CMD.exe to override the policy disable function.

Can you get more in detail?
I always thought there was a thread running that would compare the name of the file being run against policies.

CMD.exe by itself should be just a program that has it's functions (run files, list files, etc... etc...) but once you try to execute it, it's not CMD.exe that will compare to the policy if can be ran, but rather a Security Service (A permanently running service, multi-thread, working as proxy) that will always compare you're actions against the policy set perimeters.

And I'm pretty sure it works like that, otherwise every single file would be considerably larger, it's like embedding a 200 lines piece of code in every file, no point when you can have another file that does it, then you just call it.

But share you're idea, I'm curious now!

ande · « **Reply #13 on:** February 10, 2012, 12:00:49 AM »

Quote from: I_Learning_I on February 09, 2012, 09:11:35 AM

Can you get more in detail?
I always thought there was a thread running that would compare the name of the file being run against policies.

CMD.exe by itself should be just a program that has it's functions (run files, list files, etc... etc...) but once you try to execute it, it's not CMD.exe that will compare to the policy if can be ran, but rather a Security Service (A permanently running service, multi-thread, working as proxy) that will always compare you're actions against the policy set perimeters.

And I'm pretty sure it works like that, otherwise every single file would be considerably larger, it's like embedding a 200 lines piece of code in every file, no point when you can have another file that does it, then you just call it.

But share you're idea, I'm curious now!

CMD in itself does very little. Mostly calls for other programs. Tho it sounds weird. You can get runnable CMD's when CMD is disabled. But.. Its not really all that cool anyway. I mean, you can run any program you want. So why not run something useful. Ill attach edited CMD.exe and regedit.exe, both will run when they are disabled by policy.

I am sorry I am so details greedy, but I dont have time right now

neusbeer · « **Reply #14 on:** February 10, 2012, 12:17:47 PM »

Quote from: ande on February 10, 2012, 12:00:49 AM

CMD in itself does very little. Mostly calls for other programs. Tho it sounds weird. You can get runnable CMD's when CMD is disabled. But.. Its not really all that cool anyway. I mean, you can run any program you want. So why not run something useful. Ill attach edited CMD.exe and regedit.exe, both will run when they are disabled by policy.

I am sorry I am so details greedy, but I dont have time right now

interesting, what exactly is changed ?

Author Topic: CMD (Read 4492 times)

BlackPlanet

CMD

noob

Re: CMD

Kulverstukas

Re: CMD

xzid

Re: CMD

neusbeer

Re: CMD

Kulverstukas

Re: CMD

neusbeer

Re: CMD

xor

Re: CMD

I_Learning_I

Re: CMD

Z3R0

Re: CMD

BlackPlanet

Re: CMD

ande

Re: CMD

I_Learning_I

Re: CMD

ande

Re: CMD

neusbeer

Re: CMD