Posts Tagged ‘windows command line’

Spawning A CMD Prompt From MS Word or Excel

October 15th, 2009

This is an old trick, but I still see a number of Administrators that think they have locked users out of the command prompt by simply removing the icon from the menu and disabling the Start–> Run option. In this post I’ll discuss how to create a command prompt with Visual Basic for Applications (VBA), as well as how to mitigate (although never completely eliminate) the risk of someone achieving access to the prompt.

Creating a command prompt with VBA

This technique will work with any application that supports VBA, but I’m specifically going to use Microsoft Word in my example. Here’s what you need to do:

  1. Launch Microsoft Word
  2. Press “ALT-F11” to launch the VBA editor
  3. Double click “ThisDocument” in the left pane
  4. When the editor window appears, type in the text shown in Figure #1
  5. Press the “F5” key
Figure 1: Our simple VB script

Figure 1: Our simple VB script

You should see a command prompt window appear in your task bar. Here’s a copy of the code you need in step 4 so you can copy/paste:

Sub GetCMD()

Shell “cmd.exe cmd.exe”

End Sub

How to prevent VBA from spawning a command prompt

Execution of the command prompt can be disabled with the Group Policy Editor tool. Here are the steps:

  1. Click Start –> Run
  2. Type in “gpedit.msc” (without the quotes)
  3. Click User Configuration –> Administrative Templates –> System
  4. Search down the list for “Prevent access to the command prompt” and double click it

You have two options available to you:

  • Enable/Disable access to the command prompt
  • Yes/No Disable command prompt scripting process

If you only disable the first option, direct access to cmd.exe is prevented but a smart user can still get to it via a batch file. To prevent script access, need to disable the second option as well. This prevents ALL scripting however and can play havoc in many environments. Also, both of these settings will apply to the Administrator account as well. This can make admin and troubleshooting far more difficult.

Even with both options disabled, a user can still get around these settings by using command.com instead of cmd.exe. To fix this, you need to restrict access to command.com via user permissions. If you are still running some old 16-bit apps, this fix will break them.

All of these steps do not completely solve the problem however. A user who knows what they are doing with debug can simply copy cmd.exe to another location and modify it so a prompt is achieved when using it to run a bogus command. So we also have to delete “debug.exe”.

Even then, a savvy programmer can create an executable to get around all of the above security checks. So we need to remove all ability to copy or write to the drive as well. Needless to say we have a pretty useless computer at that point.

Exec Summary

If someone smart has access to your system, it is doubtful you will be able to prevent him or her from getting to the command line. The Group Policy Editor can most certainly make it more difficult, but the tool simply reduces the risk of attack. You cannot completely eliminate the risk without severely hampering the system’s operation and usefulness.

No comments »

Posted in 4-notice, Windows Security

Tags:

How To Use Windows Auto-Complete And Command Line History

August 13th, 2009

Ran into this issue at a client site today so I thought I would post some info on it. I see a lot of Windows administrators that don’t know how to fully leverage the Windows auto-complete functionality as well as the command line history. I also see Linux and UNIX administrators who get confused because these features work differently under Windows. Thought I would write up a quick how-to.

Windows auto-complete

Auto-complete permits you to type in a portion of a file name and have the system fill in the rest of the name for you. It’s a great way to save a few keystrokes. Simply type in the first couple of letters for the file name and press the <tab> key. The first file in the current directory, which starts with the letters you typed, will be filled in on the command line. This is shown in Figure #1.

win-auto-complete

For the folks that have used auto-complete on UNIX or Linux, here is where they get confused. Both platforms require you to type in enough of the command to be unique. You can then press <tab> to fill in the rest of the file. Windows works a little different.

Note in Figure #1 Windows filled in the first file name match to the character string “nets” the first time the <tab> key was pressed. If this is not the file you wanted, simply press the <tab> key a second time. You can continue to press the <tab> key and scroll through all of the possible file options.

Eventually the system will wrap and return to the first file it presented. For example pressing <tab> six times in the above example will return you to the file named “netsetup.cpl”. If you need to scroll backwards through the file options, simply hold down the <shift> key while you press <tab>.

Windows command history

Most folks realize you can press the up and down arrow keys to scroll through your command line history. Have you tried the <F7> key? If you are working in a command prompt and press the function 7 key ( <F7> ), a menu appears showing all the commands that you typed. This is shown in Figure #2. You can then use the up and down arrows, as well as the <Page Up> and <Page Down> keys, to navigate this list of commands.

prompt-history

Here’s another area where Windows works a little differently than Linux and UNIX. With Linux and UNIX, pressing the up arrow will always retrieve the last command you typed. If you have 10 sequential commands you wish to repeat, you will have to repeatedly hit the up arrow key 10 times to retrieve each command in sequence. Windows makes this process a little easier.

Try this on your Windows system:

  • Open a command prompt
  • Type the number 1 and press <enter>
  • Ignore the command not found error
  • Repeat the last two steps for numbers 2 – 10
  • Press the up arrow till you retrieve the number 5
  • Press enter
  • Press <F7>

An example is shown in Figure #3. Note the menu bar is over the number 5. This is the current reference point in the command history. While pressing the up arrow on a Linux or UNIX command line will always recalls the last command you typed, Windows shift the reference point to last recalled command. So pressing up arrow recalls the command prior to the last recalled command, not the last executed command like Linux and UNIX.

win-auto-complete2

To test this, press the <Esc> key. This will return you to the command prompt. Now press the up arrow. This will recall “4”, the command prior to “5” in the history, not “10” which was the last command executed prior to recalling “5”. Now press the down arrow until the “7” command is displayed and press <Enter>. If you now press <F7> you will notice the reference pointer has been moved to “7”, the last recalled command.

Exec Summary

Some functions operated differently at the Windows command line than their UNIX or Linux counterparts. Auto-complete and command line history are two great examples. Which implementation is preferable, unusually depends on which operating system you are most comfortable using.

No comments »

Posted in 4-notice, Windows Security

Tags:

Uber Geek Your Windows Laptop

July 12th, 2009

Thought some folks might find this useful. I’ve noticed that over the last few years working with the Windows command line has become a bit of a lost art. This is too bad as you can do some really cool stuff. This instructional is geared towards those folks that do not know the power of working from “the dark place”. There are general tips for setup, how to perform common task, common error codes and how to resolve them, as well as batch file basics.

This is relatively low level material, but IMHO its a great primer for those who have not spent a lot of time working at the command line.

Enjoy!

C

Uber Geek Your Windows Laptop

No comments »

Posted in 4-notice, Windows Security

Tags: