Category Archives: Windows

Unlocked Windows Tools

Posted on by 0 comment

I was reading about the iKAT tools; I came across their set of binaries that don’t obey GP. These are awesome and if you couple them with the base64 file encoding proxy I wrote a while ago. With this you should be able to get full cmd access on just about any environment where you have internet access. the tools included in the iKAT package are:
cmd.exe
command.com
control.exe
cscript.exe
explorer.exe
ipconfig.exe
osk.exe
rasphone.exe
regedit.exe
runonce.exe
sc.exe
taskman.exe
taskmgr.exe
wscript.exe
And the complete zip is mirrored here.

Compressing GUIDs

Posted on by 0 comment

GUIDs are the Globally unique Identifiers used by windows to install and identify software; they are used in the registry to ensure that keys used that piece of software are unique, a normal guid will look like this {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} but this guid is only one of the ways software will identify it’s self in the registry. You can also have a compressed GUID which you can get from a normal GUID by following this process

The first group of eight hexadecimal digits are placed in reverse order:

ABCDEFGH becomes HGFEDCBA

The same is done with the second group of four hexadecimal digits:

IJKL becomes LKJI

The same is done with the third group of four hexadecimal digits:

MNOP becomes PONM

In the fourth group of four hexadecimal digits, every two digits switch places:

1234 becomes 2143

In the last group of 12 hexadecimal digits, again every two digits switch places:

Lastly remove all {} ans -’s

python function to do this for you

compress_guid=(lambda guid:"".join(map(lambda x: x[::-1],guid[0:3])+map(lambda x:''.join([x[i:(i+2):][::-1]for i in range(0,len(x),2)]),guid[4:])))

compressed GUIDs occur in various places in the registry common ones being
HKEY_LOCAL_MACHINESOFTWAREClassesInstallerProducts
and somewhere under
HKEY_CLASSES_ROOT