ctrl+shit+esc brings up task manager.

Can't find shit button. Still looking for tab tbqh.

I don't have the shit button either :(

is it near the any key?

http://support.microsoft.com/kb/126449

/thread

You can hack windows rather easily without knowing the root password or stealing the hash from memory (lol windows unsalted passwords 2014)

Basically create a named pipe from something with system level privileges, impersonate the pipe, open the thread token, and then spawn a reverse shell with it.

Sources:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378618(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx

My computer has a retractable cupholder

My computer has a retractable cupholder

Mine does too.

Does it hold a Largefarva or a litrecola?

You can hack windows rather easily without knowing the root password or stealing the hash from memory (lol windows unsalted passwords 2014)

Basically create a named pipe from something with system level privileges, impersonate the pipe, open the thread token, and then spawn a reverse shell with it.

Sources:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378618(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx

.exe pls. I want to get my script kiddy on.

windows key + M (minimizes all your windows to show only desktop)

.exe pls. I want to get my script kiddy on.

Not going to compile a virus at work!

Maybe this long weekend if I find time I'll whip something up. I know it works on Win7 and server 2008, but haven't tested it on 8+ but I assume it should work since Microsoft always lets all sorts of exploitable stuff stay in for backwards compatibility reasons.

Still looking for 'shit' key.

windows key + M (minimizes all your windows to show only desktop)

This might be the first relevant use for the windows key.

This might be the first relevant use for the windows key.

I use this so much on a day to day basis. Especially running dual monitors and just going crazy with multiple windows for work, minimize everything I have then open up the few windows I might actually need at that given time.

This might be the first relevant use for the windows key.

Actually; I've always used Windows + R for run box cuz appwiz.cpl is better than clicking 4 different places.

Actually; I've always used Windows + R for run box cuz appwiz.cpl is better than clicking 4 different places.

Yep.

I make extensive use of Win + L.

Well I pried mine out with a screwdriver and put a piece of tape over it so I never accidentally minimize eq again!!

You guys sound like you work on your computers.

You can hack windows rather easily without knowing the root password or stealing the hash from memory (lol windows unsalted passwords 2014)

Basically create a named pipe from something with system level privileges, impersonate the pipe, open the thread token, and then spawn a reverse shell with it.

Sources:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378618(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx


or burn ophcrack for windows to a cd and boot your system from that disc.

you basically hit a button and it finds the passwords.

This can be a remote exploit that is more effective than brute force (and why bother when you could just pass the hash (http://en.wikipedia.org/wiki/Pass_the_hash#Mitigations)). Also allows you to steal domain level credentials instead of just local. But yea cracking the passwords on a local machine is easy since they use the same crappy hashing algorithm they did 20 years ago. Windows "security" truly is a nightmare and it is yet another reason most infrastructure runs on the superior *nix based operating systems.

Linux is terrible.

This can be a remote exploit that is more effective than brute force (and why bother when you could just pass the hash (http://en.wikipedia.org/wiki/Pass_the_hash#Mitigations)). Also allows you to steal domain level credentials instead of just local. But yea cracking the passwords on a local machine is easy since they use the same crappy hashing algorithm they did 20 years ago. Windows "security" truly is a nightmare and it is yet another reason most infrastructure runs on the superior *nix based operating systems.

Yup but who is going to load linux for a bunch of idiot end users in a production environment.


Also if some hacker asshole has access to the equipment most likely they already have won. Thats why you hire people who are not assholes.

My users cant wrap their head around a non outlook email interface.

I envy you. Mine can barely handle 365 OWA.

10 times a day " what is this zimbra thing?"



It's the plugin that pops up when it syncs to the server. I now remember to hide it.

I eschewed outlook completely and use the superior zimbra client

I hate outlook. Users who can't handle much more than outlook is how we get stuff like the ILOVEYOU worm.

Also if we're talking about Nancy the office clerk and such-- if someone gains access to their systems noone cares. I'm talking stuff like DoD sensitive data, which simply does not exist anywhere on a Windows file system. I work for a defense contractor and we are assigned laptops with windows which we use to remote into a linux server which is where all development occurs and version control repositories exist. It's a requirement to maintain the certifications we need.

Linux is amazing.

FTFY.

I hate outlook. Users who can't handle much more than outlook is how we get stuff like the ILOVEYOU worm.

Also if we're talking about Nancy the office clerk and such-- if someone gains access to their systems noone cares. I'm talking stuff like DoD sensitive data, which simply does not exist anywhere on a Windows file system. I work for a defense contractor and we are assigned laptops with windows which we use to remote into a linux server which is where all development occurs and version control repositories exist. It's a requirement to maintain the certifications we need.

Find me linux based police management software. Hell. Find me competent police management software. ...

You can hack windows rather easily without knowing the root password or stealing the hash from memory (lol windows unsalted passwords 2014)

Basically create a named pipe from something with system level privileges, impersonate the pipe, open the thread token, and then spawn a reverse shell with it.

Sources:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378618(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx

Isn't this logic flawed with the 'create a named pipe from something with system level privileges'? You don't need to hack a box you're on if you already have system level privileges.

A much easier method is to just use a registry blanker. It's how I got into all my dad's stuff after he died.

iloveu virus was like 1990 *****

Windows Key +:
Left - dock left
Right - dock right
down - minimize
up - maximize
L - Lock
E - 'My Computer'
D - desktop
M - minimize
Shift+M - restore minimized windows
f - search
r - run
t - cycle thru open programs
1-0 - launch pinned taskbar programs
Shift + number - always spawn new taskbar program
Ctrl + number - last active window of taskbar program
Alt + number - open list of common tasks for that taskbar program
tab - 3d view of programs to tab thru
p - presentation mode
U - for old people
X - mobility center
ctrl + b - open program w/ notification

im sure there's others i forgot 'em all though

Mine does too.

Does it hold a Largefarva or a litrecola?

winning

Nice thread!

Isn't this logic flawed with the 'create a named pipe from something with system level privileges'? You don't need to hack a box you're on if you already have system level privileges.

A much easier method is to just use a registry blanker. It's how I got into all my dad's stuff after he died.

Should have been more clear (was saying Create because its the name of the win32 API C function). You don't actually create a named pipe, instead use an existing named pipe, usually something like \\.\pipe\x\IpHlpSvc.log

Isn't this logic flawed with the 'create a named pipe from something with system level privileges'? You don't need to hack a box you're on if you already have system level privileges.

A much easier method is to just use a registry blanker. It's how I got into all my dad's stuff after he died.


http://pogostick.net/~pnh/ntpasswd/


I got an old hiren disk that does the trick

Yea so many windows exploits to crack a password. Just plain awful security.

Now I'll remind refer to the time when I gave antisec (http://en.wikipedia.org/wiki/Antisec_Movement) members a user account on my Linux VPS and asked them try to crack root.

http://www.project1999.com/forums/showpost.php?p=995382&postcount=13

ctrl shift delete ur pron

or burn ophcrack for windows to a cd and boot your system from that disc.

you basically hit a button and it finds the passwords.

If the password is secure, it will take too long to bruteforce since a dictionary attack will fail. I suppose you could use rainbow tables, but even that takes a while and you'll need to lug around a 1TB+ external drive. Its instant if you just use a password remover app.

Of course, all of this is if you have physical access or local admin access to the box. Properly secured boxes are a bit more difficult to compromise.

use hashcat noobs

shift + right click an executable for admin options. Security through obscurity, huzzah.

use hashcat noobs

I prefer this for file/local recoveries because of for its ridiculously simple UI and local grid support. I grew up on command line, but I like a shiny UI to get around menial tasks.

http://www.lostpassword.com/kit-forensic.htm

Windows Key + E opens explorer. Win key + D takes you to the desktop.. Control + Alt + arrow keys rotates your display.

I don't remember who on here told me about this, but if you go right clicking into your apps you can change the affinity(which core in your processor) your app fires up on. I like eq on the last core. Iirc programs load up the first core(0) then move on up the ladder(1, 2, 3, etc)

Good list with the windows key functions, I didn't know most of those.