Let’s face it, a lot of public Windows machines aren’t locked down properly. This trick, sent in by 0perator, goes to show how trivial it can be to obtain a shell using the notorious MsPaint tool. Begin by opening Paint and starting a new image with the dimensions of 1 px tall and 6 px wide. Then from left to right paint one pixel at a time with these custom RGB values:
- 10,0,0
- 13,10,13
- 100,109,99
- 120,101,46
- 0,0,101
- 0,0,0
Now save the image as a 24-bit bmp file. Rename the extension .bat, open and enjoy the shell.
To see what’s really going on here open the file in a hex editor. My favorite on Windows is HxD Hex Editor.
It’s freeware. Of course it’s worth mentioning that any machine secured
properly with group policies isn’t going to be susceptible to this
attack, but you’d be surprised how many aren’t.
No comments:
Post a Comment