pro hacker teaches you how to bypass this!
Summary
TLDRThe video explains how to bypass restrictions on school or work laptops that prevent access to Command Prompt or PowerShell. It guides users through a step-by-step process of using Notepad to create a .bat file, which allows executing restricted commands. The tutorial also discusses using FTP services and renaming PowerShell files as a workaround. The video highlights how to bypass local Group Policy restrictions and access administrative functions using coding tricks, but cautions viewers that hacking is illegal and advises against misuse.
Takeaways
- 💻 CMD and PowerShell access is often restricted on work or school laptops.
- 🔑 The video teaches a method to bypass these restrictions using Notepad to write a batch script.
- 📂 The batch script includes commands like 'echo off' to hide execution output, followed by a looping structure that runs commands.
- 👨💻 The script is saved with a '.bat' extension and allows execution of various commands like 'dir' and 'net user'.
- 🚫 Restrictions can also be bypassed using services like FTP to run commands indirectly.
- 🛠️ Restrictions are usually enforced through Local Group Policy Editor, which blocks CMD or PowerShell.
- 🖥️ To bypass blocked PowerShell, you can use PowerShell ISE (Integrated Scripting Environment).
- 📄 A method involves renaming 'powershell.exe' to something else (e.g., 'powershell_hack.exe') to bypass restrictions.
- 🔍 Windows security settings like software restriction policies can block executables based on file hashes, but this can be circumvented.
- ⚠️ The video emphasizes that hacking is illegal, and viewers should be aware of the consequences.
Q & A
What is the main problem addressed in the video?
-The main problem addressed is the restriction on accessing the Command Prompt or PowerShell on school or work laptops, and the video teaches methods to bypass these restrictions.
Why does the speaker suggest using Notepad as a workaround?
-Notepad is used as a workaround because it allows users to create and execute batch scripts (.bat files) that can bypass Command Prompt or PowerShell restrictions by coding commands directly.
What does the 'Echo off' command do in the script created in Notepad?
-'Echo off' prevents the commands from being displayed on the screen when the script is executed, making the output cleaner.
What is the purpose of setting a variable in the script?
-The variable is used to store whatever input is entered after the 'cmd' command, allowing the script to process user commands and execute them in a loop.
What is an infinite loop in programming, and how is it used in the script?
-An infinite loop is a sequence of instructions that continuously repeats until it is terminated. In this script, the loop allows continuous execution of commands by jumping back to the start after each command.
What is the significance of renaming 'powershell.exe' to 'powershell_hackeralloy.exe'?
-Renaming the executable helps bypass the restriction placed on 'powershell.exe' by tricking the system into running the file under a different name, thus allowing access to PowerShell.
How does the Local Group Policy Editor restrict access to Command Prompt and PowerShell?
-The Local Group Policy Editor can prevent access by setting policies to block the execution of 'cmd.exe' and 'powershell.exe,' preventing users from running these programs.
What is the FTP service mentioned in the video, and how is it used as an alternative to execute commands?
-The FTP service is used to run commands when direct access to Command Prompt is blocked. By leveraging FTP's capabilities, users can execute commands such as 'dir' or 'net user' indirectly.
What is the purpose of the hash rule in Windows security settings?
-The hash rule prevents certain executables from running based on their hash values (unique identifiers for files). In this case, 'powershell.exe' is blocked, but modifying the executable bypasses the restriction.
What lesson does the speaker emphasize regarding hacking?
-The speaker emphasizes that hacking is illegal, warning viewers to be cautious and understand the risks of being caught while performing unauthorized actions.
Outlines
💻 Logging into Restricted Systems and Encountering CMD Restrictions
This paragraph introduces the issue of restricted access to command prompt (CMD) on certain computers like school or work laptops. The narrator explains how users are often blocked from executing commands through CMD or PowerShell due to system restrictions. The section hints at a tutorial for bypassing these restrictions, while also issuing a disclaimer that hacking is illegal. The narrator proceeds by demonstrating an initial unsuccessful attempt to access CMD.
📝 Using Notepad to Create a Command Execution Loop
Here, the narrator presents a method for bypassing CMD restrictions using Notepad. They demonstrate writing a batch file (.bat) with simple code that sets up an infinite loop to continuously execute commands in the background. The narrator explains using ‘Echo off’ to hide command output and setting variables to automate the process. They then show how to save and execute the batch file, successfully accessing the directory and listing user information on the restricted system.
🌐 Leveraging FTP to Execute Commands
This paragraph shifts to another method of executing commands by utilizing the FTP service. The narrator explains how users can bypass CMD restrictions by running commands through FTP, demonstrating the process step-by-step, including setting font size for easier visibility. They show how commands like ‘dir’ and ‘net user’ can be executed to gather system information, once again successfully bypassing system restrictions.
⚙️ Group Policy Editor: Restricting CMD and PowerShell
The focus shifts to explaining how restrictions are enforced through the Local Group Policy Editor. The narrator walks through the process of preventing access to CMD and PowerShell by modifying user configurations and system settings. They demonstrate how specific applications, like PowerShell, can be restricted, and how the system prevents access when these policies are enabled.
🔑 Bypassing PowerShell Restrictions through Renaming
The narrator introduces a method to bypass PowerShell restrictions by renaming the executable file. They show how simply changing the name of 'powershell.exe' allows access despite the restrictions in place. This paragraph emphasizes the role of hash value rules in enforcing executable restrictions, explaining how to modify these settings in the security configuration to bypass them.
🖥️ Executing Renamed PowerShell and Overcoming Security Policies
This section continues with the process of bypassing PowerShell restrictions by modifying its executable file. The narrator explains how to copy and rename PowerShell to trick the system into allowing access. They successfully demonstrate the workaround, showing how changing the hash value or renaming the file lets them launch PowerShell despite restrictions. The paragraph concludes with a reminder about hacking, wrapping up the tutorial.
Mindmap
Keywords
💡Command Prompt (CMD)
💡Notepad Hack
💡Batch File (.bat)
💡Local Group Policy Editor
💡PowerShell
💡FTP (File Transfer Protocol)
💡Hash Value
💡Powershell_ise.exe
💡Script Kiddie
💡Group Policy Restrictions
Highlights
Access to command prompt is often restricted on school or work laptops, preventing the execution of certain commands.
An initial workaround is using Notepad to create a batch file that simulates a command prompt environment.
The script uses an 'Echo off' command to hide executed commands, providing a cleaner output.
A loop is created in the batch file using label and jump commands to execute commands continuously.
The batch file, when executed, allows users to input common commands like 'dir' and 'net user' as if in a regular command prompt.
It’s possible to bypass command prompt restrictions using FTP services, allowing command execution through the FTP interface.
The video demonstrates how to change font size within the FTP service for better visibility of executed commands.
Local Group Policy Editor is identified as the source of restrictions on cmd.exe and Powershell, with settings for preventing access.
Another method to bypass these restrictions involves using the integrated scripting environment 'Powershell ISE' as an alternative to the standard Powershell.
The video explains how to copy and rename the Powershell executable to circumvent restrictions based on the executable’s name.
The restrictions might also be based on hash values, which can be modified or worked around to gain access.
Demonstrating the use of the Software Restriction Policy, the video shows how modifying hash rules can alter the accessibility of certain applications.
Renaming the Powershell executable to a different name allows the user to bypass application restrictions.
The concept of modifying executable paths and values is highlighted as a way to circumvent administrator restrictions.
The video concludes with a reminder that these actions are considered hacking and may be illegal, emphasizing the need to use such knowledge responsibly.
Transcripts
whenever you log into a computer the
first thing you may do is to go ahead
and enter into command prompt so you
enter CMD you see command prompt app you
hit enter on and boom that's a problem
and just like me we are not a fan of
this problem and we have to fix it
[Music]
and this generally happens when you are
trying to log into a school laptop your
work laptop and you're restricted from
executing some super interesting stuff
because they restrict you from going to
command prom or Powershell I'm teaching
you how to bypass that you definitely
want to watch the end because I don't
know if YouTube is going to take down
this video and now before we get started
kids remember hacking is illegal if you
get caught hacking
now what we can do here is go ahead and
close off the command prompt that's not
working and what we can do now is go
ahead and enter into say notepad click
OK on that so what happens now is we
need to do a little bit of coding
trick the computer into executing what
we want them to run so the first thing I
do is enter Echo off so that whatever we
are executing do not get displayed so it
gives us a cleaner output so this is a
label that is the beginning of a loop
next up we set the variable com for
whatever is entered after CMD followed
by that Curly thing and a super
interesting part right here is where we
execute comment variable and finally we
jump back into the label and this allows
us to create an infinite Loop and once
you're ready go ahead and save this file
to your favorite location in this case I
will save it over to desktop and I'll
call this
hackerlaw.bat it's safe on that done so
what I can do now again go ahead and
execute on this so when I double click
you can see right here there is a prompt
so let me zoom in a little more so it's
easier for you to see click on your
phone click under say 28 click OK on
that and let's see what we can do right
here so what I'll do right now is to go
ahead and enter something like print
working directory all right so that does
not work because we're on windows so I
enter the IR
and you can see right here we are
directory of users
and we can list all of this information
in fact I can even enter say for example
all right let's see whether this work
who am I
and what if I enter something like net
user Loi Liang young what do we get
right here all right this user is part
of the administrator's group as you can
see right here and I can enter net user
and see the list of all of the users
that are within the computer and of
course we have one of our favorite
person here a script Kitty Loy
so when we try to do a direct access
into command prom over here what happens
is that we get a deny now the question
is is there something else we can use
that can help us call command and one of
the really interesting option is to use
the FTP Service to help us do the
command wait a minute you don't believe
Mr hack along
I told your best friend forever so now
when you go back to the Windows computer
all you got to do right here is go to
bottom left and through FTP hit run
command over here so let me once again
zoom in a little more so it's easier for
you to see so what I can do now is click
on properties and let's go ahead and
give a 28 font and what I can do right
here now is to enter some interesting
stuff which is an exclamation mark
followed by say dir alright so it shows
us all of this information right here I
can also go ahead and enter say net user
see what we get right here we have
loyally we have script kitty line
default user zero and all of that so
we're lavaging on a service which can
help us run those commands that we
wanted to execute on for us super cool
so this happens because of the local
Group Policy editor because the bottom
left side go ahead and enter local Group
Policy click enter edit group policy and
this is the place where you can
configure the Restriction of cmd.exe as
well as a Powershell so you go under you
user configuration amp Street templates
and over here what you can do is go
ahead and click on to click on the
system and right here you can see the
following prevent access to command
prompt double clicked on this and you
can easily enter enable alright so this
will allow us to disable the Run of CMD
and you can see right here too don't run
specific Windows application and in this
case it could also be a restriction of
Powershell so once I click on the don't
run specify Windows application you can
see right here we have the list of this
along application I click show and you
can see the information over here which
is
powershell.exe so when you go to the
bottom left side again I enter
Powershell
dot ex you hit OK on that and it stays
the phone the operation has been
canceled due to restrictions in effect
on this computer please contact your
system administrator so the question of
course is how can we bypass that again
one simple simple trick is to think
about what else can call power shells
and of course in this case Powershell
underscore inc.exe
allow us to do Powershell alright so in
this case what is ISE well it is
basically an integrated scripting
environment so literally we can do
whatever we want here by entering all
those commands see for example I can
enter the same command here by
enumerating or listing down all the
users between the local computer I can
enter net user looking at all the lists
of the users within the computer say for
example your best friend script Katie
Lloyd right here if I copy the same file
somewhere else would that still work
because it could be pointing to a path
so that's the first option you want to
try now the first option here is to go
ahead and copy where Powershell is
located and now we want to Target it
into the desktop directory hit enter on
that okay
and now we've done the copy now the
question is would this work so once I'm
here I double clicked on it it says the
following this operation has been
canceled due to restrictions in fact in
this computer please contact your system
administrator no worries we just have to
try harder and what I do now is I'm
going to rename
powershell.exe into say Powershell
hackeralloy.exe is the same file it's
just a rename of the file I double
clicked on it
boom we are in look at that this is
crazy how can this even work
are we naming the fall the other
interesting part is they could be using
the hash value of the file as you can
see right here we on Windows settings
and then followed by security settings
and then under software restriction
policy and additional rules and right
here we have powershell.exe which takes
in as a hash of value so when I double
click onto here
you can see the following which is Hash
rule alright so when I go ahead and
browse we can Target any form of
executables and this allows the use and
check of those hash value based on the
executable and we can easily change this
up a little which will then allow us to
still execute on the file so what I'll
do now is go ahead and disable don't run
specified Windows application click
apply on that click OK because we're
testing out the hotter hash rule here so
what I can do right now is go ahead and
launch a good friend and what I can do
here is to change up a little bit of the
value in powershell.exe and see whether
we're able to execute on it so what I've
entered here is to copy from system2
Windows Powershell version 1.0
Powershell exe into user desktop I go
ahead and hit enter and that done so we
can see the file on the left so we have
the powershell.exe right here so the
proof and pass it out let's go ahead and
move this over into the center a little
and I double clicked on it and it says
defaulting your system illustrator has
blocked this program for more
information contact consistent registry
or whatever
so what we want to do now is to change
up the value of this a little and see if
we're able to launch Powershell and what
we'll do here is to append it to
powershell.exe hit enter done double
click on the powershell.exe boom we're
in we managed to change up the value of
the executable and this gives us access
to Powershell and remember kids that's
how you do hacking
Ver Más Videos Relacionados
Forgot your Windows 10 password? Bypass password quickly and easily!
🔴 ChatGPT ha la MEMORIA (Tutorial + Come attivarla in Italia)
Reset Forgotten Windows 11 Password, PIN and Microsoft Account without any Software (2023)
Take Screenshot On Restricted Apps | Record Screen On Restricted Apps | Without Root | No Root
✅How To Fix Files Become 0 Bytes Using Commands For Free | How to Restore Zero Byte Files in Windows
Adding and Removing Roles and Features
5.0 / 5 (0 votes)