How to Escape from a BrowserStack VM and Become an Administrator
Obtain a patched cmd.exe file to get around policy restrictions., Open up the patched cmd.exe file you've just downloaded., Congrats, you now have access to a command prompt!, Wait for an explorer window to open., Keep the notepad open and go back...
Step-by-Step Guide
-
Step 1: Obtain a patched cmd.exe file to get around policy restrictions.
You may either patch it yourself (beyond the scope of this article), or you can download a prepatched one within the virtual machine such as this one.
This patched cmd.exe does not follow policies to disable cmd, so it can be used in this case. -
Step 2: Open up the patched cmd.exe file you've just downloaded.
You might have to click "Run" on the security dialogue box. , But now, you want to obtain Administrator.
How can you do that? A flaw in BrowserStack lets you do just that.
Type the following simple command into the command prompt "explorer C:\Windows"
You'll want to find the file descriptively named "Untitled" or "Untitled.txt".
Double click on the file to open it in Notepad. , Open the System32 folder, and find cmd.exe inside it.
You can start typing "cmd" on your keyboard while inside the window and it should help you locate it. , Then select "Run as...". ,, Select and copy the long and complicated "machine_key" value (The stuff in between the quotes, not including the quotes).
This is the randomised administrator password, which you now have. , The command prompt that appears will be the new admin shell.
You may now do whatever you please with admin privileges! , Type "taskmgr" (without quotes) in the admin command prompt and hit enter.
Inside it, one by one select "explorer.exe"
and anything else you might want to end.
Go up to File > New Task, type "explorer"
and you'll be greeted with a full windows XP / 2003R2 operating system. -
Step 3: Congrats
-
Step 4: you now have access to a command prompt!
-
Step 5: Wait for an explorer window to open.
-
Step 6: Keep the notepad open and go back to your explorer window.
-
Step 7: Single click (don't double-click) cmd.exe and select File from the dropdown menu along the top of the window.
-
Step 8: In the dialogue box
-
Step 9: select "The following user..."
-
Step 10: but leave the username as Administrator in.
-
Step 11: Go back to notepad.
-
Step 12: Paste the value you just copied into the password field of the Run as prompt.
-
Step 13: (Optional) Clean up the desktop and enable the administrator windows shell.
Detailed Guide
You may either patch it yourself (beyond the scope of this article), or you can download a prepatched one within the virtual machine such as this one.
This patched cmd.exe does not follow policies to disable cmd, so it can be used in this case.
You might have to click "Run" on the security dialogue box. , But now, you want to obtain Administrator.
How can you do that? A flaw in BrowserStack lets you do just that.
Type the following simple command into the command prompt "explorer C:\Windows"
You'll want to find the file descriptively named "Untitled" or "Untitled.txt".
Double click on the file to open it in Notepad. , Open the System32 folder, and find cmd.exe inside it.
You can start typing "cmd" on your keyboard while inside the window and it should help you locate it. , Then select "Run as...". ,, Select and copy the long and complicated "machine_key" value (The stuff in between the quotes, not including the quotes).
This is the randomised administrator password, which you now have. , The command prompt that appears will be the new admin shell.
You may now do whatever you please with admin privileges! , Type "taskmgr" (without quotes) in the admin command prompt and hit enter.
Inside it, one by one select "explorer.exe"
and anything else you might want to end.
Go up to File > New Task, type "explorer"
and you'll be greeted with a full windows XP / 2003R2 operating system.
About the Author
Julie Ford
Committed to making hobbies accessible and understandable for everyone.
Rate This Guide
How helpful was this guide? Click to rate: