Lỗi the command prompt has been disabled by your administrator

  -  
The command prompt has been disabled by your administrator. Press any key to continue... Or use these weird tricks to bypass – admins will hate you!
The command prompt has been disabled by your administrator. Press any key khổng lồ continue... Or use these weird tricks lớn bypass – admins will hate you!

Introduction

Have you ever faced this message before và given up on executing commands via Command Prompt?


*

The restriction is often seen in environments such as kiosks PCs and prevents an interactive command prompt with the goal of reducing the possibilities of an attacker.

Bạn đang xem: Lỗi the command prompt has been disabled by your administrator

This post explains how the restriction may be bypassed to lớn obtain (interactive) command execution via Command Prompt lớn increase the possibilities in a penetration test. Mitigations against these bypasses can be found at the kết thúc of the post.

The restriction can be phối using the “Prevent access to lớn the command prompt” policy in “User Configuration > Administrative Templates > System”:


*

Or setting one of these registry keys (the above policy sets the HKCU one):

HKLMSOFTWAREPoliciesMicrosoftWindowsSystem

HKCUSOFTWAREPoliciesMicrosoftWindowsSystem

The registry key has the REG_DWORD “DisableCMD” which can have the values:

0 = Policy disable

1 = Policy enable, disable script processing

2 = Policy enable, enable script processing

If the target system is configured with disable script processing (value = 1) in HKLM, then there’s no bypass as far as I know, unless you have administrator privileges that allows changing the HKLM value lớn 0.

Xem thêm: Cách Sửa Lỗi Not Responding Trên Win 7, 7 Cách Để Khắc Phục Lỗi Windows Not Responding

The PowerShell bypass

Firstly PowerShell may not be restricted, if PowerShell is an acceptable alternative, try one of these:

1.Execute "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe"

2.Execute "C:WindowsSystem32WindowsPowerShellv1.0powershell_ise.exe"

3.If application allowlisting (e.g. AppLocker) blocks the above paths, you may copy the executables lớn another path & execute them from there.

The HKCU bypass

This bypass can be used if the registry value is mix only in HKCU, the bypass is simply lớn disable the restriction by setting the value khổng lồ 0.

Xem thêm: Cách Đổi Tên Administrator Win 7, Hướng Dẫn Cách Đổi Tên Administrator Win 10, 7, 8

The “/k” or “/c” bypass

This bypass can be used if the policy is configured with enable script processing (value = 2 either in HKCU or HKLM).