pro hacker teaches you how to bypass this!
Ғылым және технология
Bypassing command prompt and powershell restrictions tutorial.
// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.
Пікірлер: 548
Kids, remember....do not hack uncle hacker loi 😎.
@nadjehelhamza3923
Жыл бұрын
Paid to pinned the comment 😮😮
@LeafWoT
Жыл бұрын
@@nadjehelhamza3923 jealous
@Rockety521
Жыл бұрын
@@LeafWoT But bro's P2W
@justind4615
Жыл бұрын
@@Rockety521 ?
@ReligionAndMaterialismDebunked
Жыл бұрын
Hehe. Early in the pinned commer. :3
Writing %CD% will write the writing directory into the window. If you use the set command with "%CD%> " instead of "cmd~" then you can see your directory the same way you would in a normal CMD window. If your computer doesn't allow you to use batch files directly, put them in a compressed file and run them from inside it. If that still fails, change the extension of the script file from .bat to .cmd and try the compressed folder.
@petkov2005
Жыл бұрын
%CD% works very nicely but sadly %CD%> crashes CMD Still works better than nothing
@ftwgaming0
Жыл бұрын
@@petkov2005 It doesn't crash if you have the quotation marks around it, :start set /p cmdin="%CD%>" %cmdin% goto start
@alif__
Жыл бұрын
Nice info bro, thanks💪
@ddeboy002
Жыл бұрын
like I said 95% of corp networks have this blocked via AD. If you don't you deserved to get cracked.
@MawTaw
Жыл бұрын
@@ddeboy002 AD?
People need to realise that he's running CMD etc on a user account on the local administrator group. So of course he'll be able to bypass a restricted command prompt and use admin commands. It doesn't matter so long as the user account's local group is admin.
@whattachhit
Жыл бұрын
huh?
@That_Son_Ofa_Itch
Жыл бұрын
Even so he shouldn’t have access unless he’s the admin with the admin account. It will show some stuff but will prompt for a password unless you do a literal bypass like shown here. (or you get a request error for the admin to log in)
@rainbowdoesinfosec
Жыл бұрын
@@That_Son_Ofa_Itch This is incorrect. There is no elevation of privilege here. He is a local administrator, but is running all of these processes in a low integrity context. Even if he wants to execute an application in a high integrity level (as administrator), it wouldn't be a problem because he is a local administrator. Granted, if UAC required a password he did not know, he would not be able to run the process as an administrator, however, this is not the point of the techniques he is demonstrating.
@jpvoodoo5522
Жыл бұрын
@@rainbowdoesinfosec, I agree that there is no elevation of privilege as you said. However, the group policy block was in place regardless of the fact that he was a local admin. The policy restricts the computer, not the user. The only advantage his admin acct gave him is he could have simply disabled the blocking without finding a hack it if he wanted to. But he didn't for purposes of demonstration. He needed the afmin access to show you why cmd was blocked. That s, it was a setting n local group policy that disallowed anyone, including admins from running the command.
As someone who's been coding in batch for years now, I thought this was genuinely clever. I expected the solution to be something simple like editing the registry value of the computer policies but the solution / solutions were very clever. Keep doing what you do!
@carloautor
Жыл бұрын
Actually this wont work, because in GPO I also blocked the execution of .bat and .cmd. This all won't work
@isymbol
Жыл бұрын
Batch isn't considerated a programming, its considerated commands
@Alexciaooo
Жыл бұрын
@@isymbol No. It's called a Scripting language. Bash is. PowerShell is. Heck, Bash and Shell are scripting languages.
@ReligionAndMaterialismDebunked
Жыл бұрын
@@carloautor work./!/...*
@ReligionAndMaterialismDebunked
Жыл бұрын
@@Alexciaooo yeah, Bash is what you use in Linux, and a reverse shell is what you do when you want to use a TCP or other connect to have a backdoor, or consenting access.
Back in school I pulled off the batch trick. But what worked for me too was just putting in cmd.exe or regedit into the batch file and it'd open whatever I wanted. So no advanced trickery necessary. One opportunity I missed is that they used network boot, which took forever to boot and was otherwise set up pretty well, so I wish I already had acquired the Linux skills to set up my own Raspberry Pi DHCP + tFTP PXE server. Also one interesting discovery I made: Teachers tend to have unchanged default passwords + nice power tools. What a fun time it was. I learned so much and the teachers were incredibly chill.
For people who actually care about stuff, the "curly thing" is called a tilde.
@jesjames
Жыл бұрын
alt+126 LOL
@Arley_
Жыл бұрын
@@jesjames or just shift + ` (or shift + # on uk keyboards)
@Msantor1605
Жыл бұрын
Yea, he obviously doesn't know French.
@Bf26fge
Жыл бұрын
You might as well call it a curly thing or pronounce the L in salmon, because nothing really matters anymore.
@markylon
5 ай бұрын
@@jesjames it's there ON THE KEYBOARD LOL
ive been working on a project on the school computers that uses python to pretty much do the same as this, but add extra commands to access public desktop, C:\ drive etc. and its cool to see how it could all be implented in batch
Well i dont need to bypass cmd restrictions, since my school / city administration was so smart to block dark mode but not cmd 😂
@galaxys8-ml
Жыл бұрын
Why did they block dark mode?
@Omena0
Жыл бұрын
@@galaxys8-ml idk bruh it just says its blocked by my organization lmao
@_SebJ1000
Жыл бұрын
My school was smart enough to block CMD, group policies settings and Task Manager but totally forgot about powershell and bat scripts so me and my group of friends have been using that to our advantage.
@Coblasteus
Жыл бұрын
Your school wants to blind you My high school in Australia, the laptops they give me, they can both run cmd and use dark mode (we can even use Task Manager). All of this stuff was disabled at primary school for some reason.
@xMdb
Жыл бұрын
@@Coblasteus EQ?
Back in college, some malware had taken over a lab machine and changed the registry so that the computer couldn't open exe files. I used a doc file to open Word. Then I used VBA to open regedit. Finally I was able to fix the regkey and regain access to the machine. Appending something to the end of the exe was a technique I hadn't seen before, but most of these were ones I have used as some point for legitimate reasons. Knowing how your machine works is key.
@markylon
5 ай бұрын
Knowing how to NOT get MALWARE is even KEYER!!
@R.B.
5 ай бұрын
@markylon sure, which is why I didn't get infected when I used the lab machine myself. I did save off the class files in an inactive format to dissect it later, but it wasn't all that clever.
You could easily disable the ability to edit that by adding a deny entry for take ownership, and make the keys in the registery deny everything else but read. Additionally you could create a second user group that denys the Backup & Restore Privileges to people in a group, which would override the privileges and since deny takes priority over allow this would be an effective block.
Yup. This is really helpful! As an Admin this is very useful information.
This video remembers me of what I did in IT class yesterday: Booted up HBCD PE from my usb stick created a new admin account, installed some programs, and played around with the settings (my school does not even let me change the desktop background, but cmd is alright 😎)
Hello.the new style of filming and the background music is Awesome,I like it👊👍
That's nice 🙂 Now, teach us how you change all the without having administrative permissions already on the account, would be very interesting :)
that video really turned a corner at one point, useful more advanced information. Plus you showed a way that would stop most people, good cop bad cop. Not bad.
So... quick question... i tried this and it didnt work on my work computer. (I was gonna report it as an exploit if it worked). Within a couple hours my internet was cut off and by the end of the day they took away my work laptop... they suspended me while they launch an investigation. Additionally, after the exploit failed, i also toyed around with the commands, using something to the effect of net user password {password here |*} several times. It would cause my prompt to close. Is this something that IT would immediately detect and get really spooked by?
You're already an administrator, which assumes you have way more rights than you should. This is great if you already have that level of access, however, you have much more capabilities and you could have disabled the GPO if you wanted to. The "bypasses" work, but are pointless if you do not already have Administrative control over the system. This may only be useful if you were able to drop a stage-0 payload onto a machine, elevate privileges, then execute a shell. The only real use case here is being able to execute commands on a system where you have GUI access as an Administrator. Great examples of this are kiosks in public areas, or an open VNC/Remote Admin connection (ex: AnyDesk). Still a very interesting video! Good work! I don't mean to diss the content, just informing everyone of the assumptions you need to make.
The one thought that comes to mind here is the level at which you start at when you try to do the things in this video. If you are not at the administrator level for your local machine, you may find editing the group policy a bit tricky, especially given that it may be updated as part of the login process, so it reverts to its original settings if that's the way that your domain admin wants it. Personally, what I tend to do is run the command that I need from the Run box, for example if I want to run a directory listing, I'd open a run command (Win+R) and type in cmd /c dir && pause (the "&& pause" stops the output from disappearing). This is especially the case where the domain admin has also restricted using executable files such as batch files, PS2 files and so forth.
@tooru
Жыл бұрын
cmd /k dir and no pause
@joshoneill9676
Жыл бұрын
My run command is restricted any way to bypass it?
@Oktokolo
Жыл бұрын
He edited the group policy to demonstrate how the "restrictions" are enabled.
@joshoneill9676
Жыл бұрын
@@Oktokolo yes i know. That isn't what i asked though LOL
@Oktokolo
Жыл бұрын
@@joshoneill9676 Wasn't meant to.
You can actually just enable cmd through the registry by changing a single value. It is much easier than what this tutorial entails and doesn’t require access to the group policy editor. Good video none the less!
@whohan779
Жыл бұрын
I don't think an administrator who'd block CMD would allow regedit (though there are of course also exploits & simply third-party programs, so true control is basically only possible through a whitelist [the extreme of that would be an update S-mode that's actually unexploitable]).
@GarfieldIsEpic
Жыл бұрын
@@whohan779 Not sure about other circumstances, but I have only managed to enable it through the registry on my school laptop, which blocks almost every single administration program available on Windows. I’ll try it on a different restricted device and give you the results.
@lightyagami1752
Жыл бұрын
The option to disable registry editing is right below that for command line disabling. It would be a terrible sysadmin that disabled one but not the other. Besides, registry hacks actually change saved system settings, and you have to remember to undo them to cover your tracks. With this, it's as easy as Ctrl-Deleting shortcuts from the desktop.
Hey, thanks for this video it showed me I need to reinforce security in my infrastructure. Is this actually something we can mitigate or is it a design problem ?
i can accsses the cmd but some codes require admin pwd and i cant edit group policy any solution?
That's What We Need 🙃 We Don't Need AWS tutorial
My school disallowes running of executables except from specific locations, is there anyway to get around this?
GP editor only works if the machine user is local. This won't work for domain accounts. Also, there are lots of reasons to block executing programs on computers that belong to an organization. Mostly security. Second, it keeps people from screwing up their machines and causing more work for their IT departments who are probably overworked already.
@stubro25javee34
Жыл бұрын
Unless there from India and don't have a clue how to fix or block anything.
Still says command prompt is disabled by administrator and also they have it to where you can't view group policy editor
How are any of the things you demonstrated considered hacks when you were logged in with an administrator account?
Waiting for this video from a long time :)
Sweet stuff! Now do it from a user that isn't a local admin on the computer.
i managed to do smth similar, if you make a batch file with the commands you want then ass pause at the end, you can easily bypass it
I'm a huge CMD guy and this is very clever!
thanks for making this video as it has helped me to bypass my schools rules so i don't need to ask my teacher every time i need to install something
Can this be applied via windows server 2012?
so what can you do with cmd and powershell? I am sure many other things will also be block and not be able to execute via those 2 programs.
@davidfishwick5573
11 ай бұрын
Powershell scripts aside, not much that you can't do just by using the GUI. As they are run (by default) with your standard permissions, they can only do what your user account has permissions to do.
There are many ways to get around the local group policy to read data. However, it really isn’t of much value on your work computer. Especially as a standard user with those local policies overruled by Active Directory Group policy.
how would i be able to launch task manager this same way, i tried simply replacing "cmd" with "taskmgr" but it only opens a blank cmd panel that you cant interract with
but does this work if you don't have admin right?
Hey, what if something in the pc makes an application like terminal or settings close instantly before even doing anything. Is there a way to bypass that?
Mr i download nice stuff from baidu but there are always trojans and nasty stuff,is there a way to prevent it?its the 4th time my pc got attacked :/ first 1 punished my router and redirected all my trafic to china and chinese webs,. and had to reset firmware,then trojans,last one 1 week ago trojan and win 32 ramnit that attacked all my exes and dll in my pc and had to format :(
Question: what do i do if i cant access group policy manager?
@Loi Liang Yang What if you cannot access group policy or secpol?
Most tools these days have portable installation options. Even Powershell can be installed as a portable install.
Now show us how you elevate all those terminals you showed with a no admin user to do something really interesting.
So many time's I've been on a server and CMD is disabled for security hardening but powershell is still available.
What if they blocked local group policy application aswell?
Hey I want to access gpedit even though its in the list of applications i cannot run how do i bypass and enter it?
Or if bios has no password(can reset with cmos but not always will work or remove cmos for a long enough time for conductors to lose power).just boot into strelec and admin password is gone. Also you can modify ease of access button to give you adim cmd or change registry. So many ways to crack a windows user.
In high school, I would boot into recovery mode, go into the system files copy the command prompt from inside system32 and rename it to the sticky keys app. Then rebooting, I would simply activate sticky keys with the shift key and cmd would pop up in system32 dir. I would have complete control of the system from there.
Can't wait try this at school on Monday
@jackrogers1115
Жыл бұрын
You won't be a local administrator, so this video is meaningless. Not system admin is going to disable cmd for your profile but leave you a local admin....
@nittani.
Жыл бұрын
@@jackrogers1115 tf
@godofwisdom3141
Жыл бұрын
@@jackrogers1115 It still works
@shadowrl7637
Жыл бұрын
@@godofwisdom3141yes it will work. What he saying is you have local admin access to the user you’re on. Not any other users.
@taikomadeitt
Жыл бұрын
It’ll still work
when i run it (cmd txt) and type ipconfig or net user its shut down..why?
I seem to recall bypassing cmd being disabled using msoffice scripting tools and calling it from there.
I've been known to bypass this at school using the python subprocess library in thonny on my school's computers
Mr loi, can you explain more about android hacking please ?
thanks a lot so helpful
thanks for making this video. i learned a lot by just watching your videos thanks a lot btw i liked and sub
Wow, this is the first time I've even SEEN that.
I have an old laptop with windows XP on it. Its admin password is locked. It would be cool to see whats on my teenage laptop. Any help getting in would be much appreciated
i actually figured the first back in high school when i was 13 but some commands don't work, idk why
Wow so much fun and good food for the Brain . Now I have one probelm on window 10 . That is I can not access the ( local group policies ) it send me on a web page that tell me how to do it ..... and them pages look suspicious >.....
How to check if our phone has been hacked? How to erase or delete? Can it be deleted or restore if we did factory reset?
I'm an old fella and have had a huge interest in computers and systems. Just never had the time to learn. Would love to know more and learn more. Sad thing is, now a lot of the time some people will need to know how to hack, just to get admin control of their own pc's OS system.
i remember i wrote this but instead of saying cmd~ i used this one variable that always has your current directory (i forget which one) and it would show me where im at
@SOTP.
8 ай бұрын
"%cd%>"
i can access computer, and use internet but, when looking to update or make changes, computer asks for administrator password. I dont remember. i watched your video, i got to part where i need to type new password. would not alow me to type. keys would not work. i hit enter twice (nothing typed) after validating password. . says, access denied. any suggestions??
We need to acknowledge this man, remember he does this For free just to teach us! Thank You Mr Loi And Keep up The Content ❤
@MrSlosky
Жыл бұрын
he gets money on videos,
@ReligionAndMaterialismDebunked
Жыл бұрын
@@MrSlosky true. :3
@JayThaaGamer
Жыл бұрын
He's still teaching free no matter how you put it, revenue from YT content is just an token of appreciation!
I guess this is why you whitelist (hash) all the necessary applications that the user is supposed to be able to use in a company environment. I could see a workaround of that too by finding ways in those said programs to execute a DLL file but I'm not sure how much you can actually do even if you execute your own code in a guest environment!
Hi, can you give me code to by pass copy past firewall and coding in a cloud software ?
Thank you.😍
I remember doing the same back in university with C++ system() functions and infinite loop haha 😀😀😀
Hi I bought a pc it works wel but non of your methods is working the pc is locked I mean I can use it go to google but I can’t use it for my self for my personal use, cuz everything is locked all access are being denied cmd is totally locked everything is locked, my problem is the screen is crack to I am using hdmi to my tv but I can not Remove the admin or retailer password can u help 😢
can u make a vid to bypass admin restrictions on downloading software
Do a vid abt "Digital footprint!" Please
Do you do CTFs hacker loi????
Bro how do i allow my laptop to download games it doesnt let me because i dont have administrator privilleges
That curly thing is called a tildar
yeah but at my school they don't allow the execution of batch files
can you bypass the display settings if you don't have acces to it ? ex: want to connect a 2nd monitor at work but i can;t acces display setting and can;t setup at a 2nd and not a mirror please help :)
So any ways to remediate the bypasses?
@ChemicalShots
Жыл бұрын
A zero trust solution that doesn't include cmd in the policy
I need that music for programming, please share link
The "wiggly line" if My awful GCSE Spanish is remembered correctly is called a Tilde. 😂
Interesting stuff but what if local group policy editor says access denied lol
i had to learn all of this and more by myself on my school computers was pretty cool
@gilesstockman4913
Жыл бұрын
@linus cat tips good method this was blocked for me tho
wow the way you explain the art of hacking is just great.
If you need command line/ powershell you probably will figure out how to start using it. If you need command line often you will probably switch to Linux/Mac. If you regular user you will never need these tools
Of course, bypassing company restriction policies is a good way to get summarily fired.
Fun fact about my school: They blocked cmd but not powershell (and Powershell automatically launch into administrator
What about it blocking you from entering cmd?
Hello, I have an issue. My windows 11 administrator account was changed, I'm locked out. I have access to a regular account. I can't launch any applications that require elevated privileges. I booted into the bios, the keyboard is disabled. Advanced options for recovery is missing several options like restore, etc. I can launch the task manager, but I can't get to some options, windows explorer is blinking off and on rapidly. I don't want to take it to a shop. If I could boot from the USB, I would reinstall windows. Any ideas??
@SOTP.
8 ай бұрын
recovery screen usually allows acces to cmd if theres no administrator account, you can then replace sethc.exe in system32 by cmd and press shift 5 times on the login screen to open cmd on it. Type net localgroup /add administrators "username" and login. although its prob too late now
what about task manager?
wish you uploaded it years ago so i could have tried it in elemantry
I tried to block cmd and posh at my old (small private) school (I was the only IT person and a student). I knew this trick, so I blocked running batch scripts altogether :D
@SOTP.
8 ай бұрын
you're lame
my device windows 8.2 not working akses powershell
Unfortunately, i tried this before on my school laptop but they automatically delete any batch files that get created.
@SOTP.
8 ай бұрын
what about .cmd files
Hey Loi, I cannot access my admin user account and now every time I click on sign in button it keeps looping back to the login screen yet I can access my 'Other' user account which I created for guests but now I am the guest and don't have admin privileges. And I have tried net user administrator /active:yes it doesnt work and on Computer manager tool Local users group tab is not available. Please help
@yeahnvmnvm1331
5 ай бұрын
Get a technician to reset the pc i suppose
I'm so grateful that I don't have to go through all of these shenanigans to get my PC to do what I want it to do.
@markylon
5 ай бұрын
But it's NOT your pc is it?
@InsideOfMyOwnMind
5 ай бұрын
@@markylonAre you 12?
@markylon
5 ай бұрын
@@InsideOfMyOwnMind Are you thick? F00l
OMG. Such a genius. Now i can get access to my office computer 😜 But there's a firewall they have in their backend server and that's why I can only access limited websites.
@irbaboon1979
Жыл бұрын
There’s always a way… :)
school's computer room after i know this: kaboom
why do i not have local group policy?
My school has cmd blocked.. They didn’t bother to block powershell though
.bat files are also blocked by administrator including all group policies settings.
@ftwgaming0
Жыл бұрын
Place it in a compressed folder and run it from inside the folder.
@piggynatorcool668
Жыл бұрын
@@ftwgaming0 no nothing can be named .bat with that setting
@ftwgaming0
Жыл бұрын
@@piggynatorcool668 I do it all the time to get around my school blocking it. 1) Create a compressed folder. 2) Create the .bat file normally. 3) drag the .bat file into the compressed folder. 4) Open the compressed folder. 5) Run the .bat file from inside the compressed folder.
@pessoaanonima6345
Жыл бұрын
What about .cmd and .ps1?
@piggynatorcool668
Жыл бұрын
@@ftwgaming0 somebody already hacked the network and it's costed millions to fix so they cracked tf down and you can't do ANYTHING on any of these computers anymore without admin
somebody save this please so that if KZread deletes it there is still a copy
Lol, I've bypassed this with a batch script years ago already, and it still works.