{"id":105575,"date":"2021-08-19T07:00:01","date_gmt":"2021-08-19T14:00:01","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=105575"},"modified":"2021-08-19T08:19:22","modified_gmt":"2021-08-19T15:19:22","slug":"20210819-01","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20210819-01\/?p=105575","title":{"rendered":"How to pwn an unattended laptop, according to Humans"},"content":{"rendered":"

One of my colleagues who pays attention to this sort of thing pointed out that Season 3 Episode 5 of the television documentary Humans<\/i><\/a> demonstrates how you can take over an unattended laptop:<\/p>\n

\n
Administrator: C:\\windows\\system32\\cmd.exe<\/div>\n
\n
Microsoft Windows [Version 10.0.15063]<\/tt><\/div>\n
(c) 2017 Microsoft Corporation. All rights reserved.<\/tt><\/div>\n
\u00a0<\/div>\n
C:\\windows\\system32>powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false<\/tt><\/div>\n
\u00a0<\/div>\n
C:\\windows\\system32>powershell.exe -File C:\\Windows\\config54725.ps1<\/tt><\/div>\n
\u00a0<\/div>\n
No rules match the specified criteria.<\/tt><\/div>\n
\u00a0<\/div>\n
\u00a0<\/div>\n
Updated 3 rule(s).<\/tt><\/div>\n
Ok.<\/tt><\/div>\n
\u00a0<\/div>\n
Exploit installed<\/tt><\/div>\n
\u00a0<\/div>\n
C:\\windows\\system32>_<\/tt><\/div>\n
\u00a0<\/div>\n<\/div>\n<\/div>\n

Apparently hackers have graduated from Notepad<\/a> and are now using PowerShell.<\/p>\n

My colleague was pleasantly surprised that this screen shot is reasonably accurate! The first line allows all scripts to run, and the second line runs a script that from the output appears to be updating firewall rules.<\/p>\n

The “Exploit installed” is just showing off.<\/p>\n

Previously<\/b>: There’s this documentary which showed how to trace email via inspection of headers<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

According to television.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[103],"class_list":["post-105575","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-non-computer"],"acf":[],"blog_post_summary":"

According to television.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=105575"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105575\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=105575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=105575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=105575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}