bypass restricted command prompt for none-privileged users

intro

The Windows Command Prompt (sometimes called the DOS prompt) is a tool that allows administrators to invoke system-wide commands to make administration easier and more efficient. The average user has little use for this tool.

many administration prevents users to have a command prompt enabled for their access, as too is considered good practice for system hardening. disabling the cmd prompt could be perfect prevention for intruders.  let’s consider that you are required to conduct a test against a system and figured out that CMD is disabled and you are only allowed to browser files only. that’s really challenging and you can’t run your commands easily, and using bat scripts is not enough and may produce several errors and mistakes because it is still not an interactive mode to troubleshoot if scripts executed or caused an error.

prevent access into cmd

first, let’s disable the cmd and prevent users from using it by following these steps.

  • execute gpedit.msc from run dialog


  • navigate into  User Configuration>Administrative Templates>System. Make sure to click on the System folder rather expanding it.


  • double click on an entry labeled Prevent Access to the Command Prompt. and select the Enabled option




  • after clicking on Apply button, you will figure out that cmd is disabled, and may the following message will display every time you start CMD.

      

bypass disabled/restricted cmd

may writing custom-made BAT scripts helps to execute stored commands, but that’s not a solution while doing internal testing, and you want to use some other tools which may require interactive prompts.

so what I did is I have built a small GUI app using Pascal which allows you to run that commands through cmd and capture the output of it and redirect the content into a visual component (TMemo). in this way, you have enough small undetected tools to accomplish your audit without spending so much time writing BAT scripts.


you can grab the ready compiled executable by downloading it from here.

Please follow and like us:

Leave a Comment