At preemptive cyber security we have performed a number of projects where in the lab environment our customers have asked us to break into Kiosk machines. Following are some of the methods which can be handy to break out of restricted mode in the Windows environment.
Shell Protocols:
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}
- Shell:Profile
- Shell:ProgramFiles
- Shell:System
- Shell:ControlPanelFolder
- Shell:Windows
- shell:DocumentsLibrary
- shell:Librariesshell:UserProfiles
- shell:Personal
- shell:SearchHomeFolder
- shell:System shell:NetworkPlacesFolder
- shell:SendTo
- shell:Common Administrative Tools
- shell:MyComputerFolder
- shell:InternetFolder
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{A0953C92-50DC-43BF-BE83-3742FED03C9C}
- shell:::{4234d49b-0245-4df3-b780-3893943456e1} = This one opens up the application folder
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{374DE290-123F-4565-9164-39C4925E467B}
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{1CF1260C-4DD0-4EBB-811F-33C572699FDE}
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{088e3905-0323-4b02-9826-5d99428e115f}
- shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}*
- shell:::{018D5C66-4533-4307-9B53-224DE2ED1FE6}
- shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0::{15eae92e-f17a-4431-9f28-805e482dafd4}
- shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}*
- shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{d3162b92-9365-467a-956b-92703aca08af}
Folder Path Alternatives:
- %USERPROFILE%
- %PROGRAMDATA%
- %PUBLIC%
- %TMP%
- %WINDIR%
- %SYSTEMDRIVE%
- %SYSTEMROOT%
Written by: va-user
Tagged as: security, trojan, virus, cyber security alert, internet, ransomware.
Post comments (0)