Remote Desktop vulnerability of WIN8 system using QQ Pinyin pure version to realize the right to raise

Preface

Found this loophole, the author is in the computer room class. I want to use 3389 Remote Desktop to control the dormitory computer, because the redo system forgot its own IP address, so conveniently scanned the IP segment open 3389-Port computer.

Unexpectedly will conveniently scan to a WIN8 system, and this system also installed QQ Input Method WIN8 pure version.

At that time I think of the high school when the best Wubi loophole, and then test a moment, did not think that after 7, 8 years later, today, the so-called very safe WIN8 system has such a large loophole. This is the right process to be adjusted.

Process

First confirm that the QQ Pinyin input method is installed

Ctrl + Empty style out tray, find this option

Open IE browser smoothly

The things that need to be explained here, IE browser and WIN8 security really is to improve very much.

Enter D:\ file://d in the Address bar: None of these commands can open the folder

This thought as long as casually upload a bat batch processing, write the command to use, and then use IE download down to open the run can,

Did not expect a variety of prompts system requirements to verify your user password, etc., can not download at all, see the conventional way is really not workable

Microsoft is still fixing these vulnerabilities, but after many attempts by the author, it turns out that a loophole has not yet been filled.

That's the File menu.-Save As option, save the Web page file as the Folder dialog box opens

This time feeling is close to victory, but after half a class more attempts, the author can never have a substantial breakthrough

As shown, the Folder tab has been limited to several mnt, TXT, and other formats

I can even use Notepad and other programs to open the command to edit, but the key place has always been limited by Microsoft

Whether you save as a bat or open another program, you cannot display it or open it normally.

And even if you save it to bat, in the current limited mnt, TXT and other files can be viewed in case you can't see the generated file

In a lot of attempts to even open folder sharing, and can not take effect

Visible WIN8 or a significant increase in security

This time, I think of the middle school struggle those days and nights, think of the solution

Yes, it's a shortcut loophole.

You can actually create a shortcut directly when you can't see an executable file like any exe, including Net.exe this critical claim program

Assign parameters directly to this shortcut to run. Create a shortcut, and then change the destination to the net file in the system directory with the parameters of the space attached

Create User Helper

To add a user to an administrative group, get the highest permissions

All right, here's the exciting time.

OK, landing success, with a lesson time on it.

This time only tested QQ Pinyin Input method, other input method if you can directly call IE, use the same method can also directly invoke the right, I hope Microsoft to fix this loophole as soon as possible.