Hak5 925 – Break into shell with MsPaint, Launchy, BackTrack Wireless and more

This time on the show , breaking into command prompts using Microsoft Paint! Navigate Windows like a power user with Launchy. FTP from anywhere, manually control wireless connections in BackTrack Linux and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

Breaking into command prompts using Microsoft Paint!

Let’s face it, a lot of public Windows machines aren’t locked down properly. This trick, sent in by 0perator, goes to show how trivial it can be to obtain a shell using the notorious MsPaint tool. Begin by opening Paint and starting a new image with the dimensions of 1 px tall and 6 px wide. Then from left to right paint one pixel at a time with these custom RGB values:

  • 10,0,0
  • 13,10,13
  • 100,109,99
  • 120,101,46
  • 0,0,101
  • 0,0,0

Now save the image as a 24-bit bmp file. Rename the extension .bat, open and enjoy the shell.

To see what’s really going on here open the file in a hex editor. My favorite on Windows is HxD Hex Editor. It’s freeware. Of course it’s worth mentioning that any machine secured properly with group policies isn’t going to be susceptible to this attack, but you’d be surprised how many aren’t.

Navigate Windows like a pro with Launchy

A lot of power users- like Darren- don’t really use the start menu or well… their mouse. They just want to be able to put in a couple of keystrokes and immediately get to the program they need to use.

There’s this nice, simple utility called Launchy that does just what Darren needs. Launchy is a free cross-platform utility designed to help you forget about your start menu, the icons on your desktop, and even your file manager. It indexes the programs in your start menu and can launch your documents, project files, folders, and bookmarks with just a few keystrokes!

Launchy can be found at launchy.net, where you can download, donate, and check out skins and how-tos, The skins on their website kind of remind me of the days of Winamp skins, so I’m just sticking to the simple black one.

The download is available for Windows up to 7, Mac, Linux, as well as a portable version.

After downloading Launchy, open the main window and type in a program name or something you want to find, and press enter. It should automatically open that program within a few seconds. If you find that doesn’t work, click on the settings button and choose the catalog tab. Click the plus button and add your program files folder.

A few keystrokes to know: Alt + Space opens and closes the Launchy window. Typing something in then hitting tab with start a command line entry. For example, type in chrome, then hit tab, then type in the hak5 website.

You can look at your history of searches by press down when the window is blank. Press shift + delete to delete a highlighted program in that list.

To add functionality for other file types other than programs, go to the Catalog tab under settings, choose your destination or create a new one, then click + to add a different file type, type in *.mp3 or *.jpg…, and choose rescan Catalog.

Along with the healthy does of easy GUI is a handful of plugins for your mere enjoyment. The Launchy website features many plugins to make the utility easier to use and more useful- including a built in calculator, a website browser, and a program killer for background programs.

I think this is a tool for those users who need something to help them speed up their daily processes just a bit by giving them that freedom to not have to use the mouse. Also, the portable version would be really handy for IT support who don’t necessarily know where programs are on each computer they work on. Booting up this tool and searching for a program is as easy as making sweet tea. Mmmm. Delicious.

FTP from anywhere, manually control wireless connections in BackTrack Linux

Alex submitted this tip at hak5.wpengine.com/nibble. He writes

Need to access a file on an FTP server, but you’re on a machine where you can’t install programs, or you don’t have your all singing all dancing flash drive full of portables? Well by using the full address with the “”FTP://”” at the beginning you can access it using Firefox, Chrome, IE and even the Windows File explorer!

Thanks! I’d also like to add that the syntax for FTP URLs goes ftp://username:[email protected]:21/directory

Props to Alex for submitting this and getting some free Hak5 swag! Submit your 4-bit tips at hak5.wpengine.com/nibble

Mark writes:

love your show
how to disable tcp-ip, dhcp and other stuff in BT and other linux distro
that you don’t accidentally connect to ap

Check out the config files in /etc/network, specifically /etc/network/interfaces

Also don’t use network manager or Wicd, instead connect manually from the terminal. For example in my case for a WPA network I’ll first scan, then create a passphrase file, then connect:

iwlist wlan0 scan | grep 'ESSID\|Encryption\|WPA'
wpa_passphrase ssid password
wpa_supplicant -B -Dwext -i wlan0 -c ssid"

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at [email protected].

There are two things IT professionals and their clients have in common, they want the job done right and they want it done fast. That’s why I highly recommend Go To Assist Express by Citrix to anyone in I.T. It puts clients at ease with its simple and secure remote support and puts you in position to do what you do best – Access, Diagnose and Resolve. Try Go To Assist Express FREE for 30 days. Visit GoToAssist.com/hak5 to see how you can deliver LIVE tech support to anyone, anywhere with Go To Assist Express. That’s GoToAssist.com/hak5 for a FREE trial.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to Domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think Domain.com. Got a great idea? It all starts with a great domain. Domain.com

Computer disasters eventually happen to everyone – (your computer crashes, gets infected with a virus, you drop it, theft, fire, etc.) but if you get Carbonite Online Backup before your disaster then NO NEED TO WORRY because your files will be backed up – automatically and safely offsite – and it’s really easy to get them back. Plus, you get anytime, anywhere access to your backed up files from any computer – or on your smartphone or iPad with a free Carbonite app! With Carbonite, unlimited backup for your PC or Mac is just $59 a year. That’s less than $5 a month. But when you use the offer code “hak5” to start your Free 15-day Trial you’ll get Two Months Free if you decide to buy. All the details are at Carbonite.com and remember to use the offer code “hak5” to get Two Months Free with purchase.


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>