📔
HackTricks - Boitatech
  • HackTricks
  • About the author
  • Getting Started in Hacking
  • Pentesting Methodology
  • External Recon Methodology
    • Github Leaked Secrets
  • Phishing Methodology
    • Clone a Website
    • Detecting Phising
    • Phishing Documents
  • Exfiltration
  • Tunneling and Port Forwarding
  • Brute Force - CheatSheet
  • Search Exploits
  • Shells
    • Shells (Linux, Windows, MSFVenom)
      • MSFVenom - CheatSheet
      • Shells - Windows
      • Shells - Linux
      • Full TTYs
  • Linux/Unix
    • Checklist - Linux Privilege Escalation
    • Linux Privilege Escalation
      • PAM - Pluggable Authentication Modules
      • SELinux
      • Logstash
      • AppArmor
      • Containerd (ctr) Privilege Escalation
      • Docker Breakout
      • electron/CEF/chromium debugger abuse
      • Escaping from Jails
      • Cisco - vmanage
      • D-Bus Enumeration & Command Injection Privilege Escalation
      • Interesting Groups - Linux PE
        • lxd/lxc Group - Privilege escalation
      • ld.so exploit example
      • Linux Capabilities
      • NFS no_root_squash/no_all_squash misconfiguration PE
      • Payloads to execute
      • RunC Privilege Escalation
      • Seccomp
      • Splunk LPE and Persistence
      • SSH Forward Agent exploitation
      • Socket Command Injection
      • Wildcards Spare tricks
    • Useful Linux Commands
      • Bypass Bash Restrictions
    • Linux Environment Variables
  • MacOS
    • MacOS Security & Privilege Escalation
      • Mac OS Architecture
      • MacOS MDM
        • Enrolling Devices in Other Organisations
      • MacOS Protocols
      • MacOS Red Teaming
      • MacOS Serial Number
      • MacOS Apps - Inspecting, debugging and Fuzzing
  • Windows
    • Checklist - Local Windows Privilege Escalation
    • Windows Local Privilege Escalation
      • AppendData/AddSubdirectory permission over service registry
      • Create MSI with WIX
      • DPAPI - Extracting Passwords
      • SeImpersonate from High To System
      • Access Tokens
      • ACLs - DACLs/SACLs/ACEs
      • Dll Hijacking
      • From High Integrity to SYSTEM with Name Pipes
      • Integrity Levels
      • JAWS
      • JuicyPotato
      • Leaked Handle Exploitation
      • MSI Wrapper
      • Named Pipe Client Impersonation
      • PowerUp
      • Privilege Escalation Abusing Tokens
      • Privilege Escalation with Autoruns
      • RottenPotato
      • Seatbelt
      • SeDebug + SeImpersonate copy token
      • Windows C Payloads
    • Active Directory Methodology
      • Abusing Active Directory ACLs/ACEs
      • AD information in printers
      • ASREPRoast
      • BloodHound
      • Constrained Delegation
      • Custom SSP
      • DCShadow
      • DCSync
      • DSRM Credentials
      • Golden Ticket
      • Kerberos Authentication
      • Kerberoast
      • MSSQL Trusted Links
      • Over Pass the Hash/Pass the Key
      • Pass the Ticket
      • Password Spraying
      • Force NTLM Privileged Authentication
      • Privileged Accounts and Token Privileges
      • Resource-based Constrained Delegation
      • Security Descriptors
      • Silver Ticket
      • Skeleton Key
      • Unconstrained Delegation
    • NTLM
      • Places to steal NTLM creds
      • PsExec/Winexec/ScExec
      • SmbExec/ScExec
      • WmicExec
      • AtExec / SchtasksExec
      • WinRM
    • Stealing Credentials
      • Credentials Protections
      • Mimikatz
    • Authentication, Credentials, UAC and EFS
    • Basic CMD for Pentesters
    • Basic PowerShell for Pentesters
      • PowerView
    • AV Bypass
  • Mobile Apps Pentesting
    • Android APK Checklist
    • Android Applications Pentesting
      • Android Applications Basics
      • Android Task Hijacking
      • ADB Commands
      • APK decompilers
      • AVD - Android Virtual Device
      • Burp Suite Configuration for Android
      • content:// protocol
      • Drozer Tutorial
        • Exploiting Content Providers
      • Exploiting a debuggeable applciation
      • Frida Tutorial
        • Frida Tutorial 1
        • Frida Tutorial 2
        • Frida Tutorial 3
        • Objection Tutorial
      • Google CTF 2018 - Shall We Play a Game?
      • Inspeckage Tutorial
      • Intent Injection
      • Make APK Accept CA Certificate
      • Manual DeObfuscation
      • React Native Application
      • Reversing Native Libraries
      • Smali - Decompiling/[Modifying]/Compiling
      • Spoofing your location in Play Store
      • Webview Attacks
    • iOS Pentesting Checklist
    • iOS Pentesting
      • Basic iOS Testing Operations
      • Burp Suite Configuration for iOS
      • Extracting Entitlements From Compiled Application
      • Frida Configuration in iOS
      • iOS App Extensions
      • iOS Basics
      • iOS Custom URI Handlers / Deeplinks / Custom Schemes
      • iOS Hooking With Objection
      • iOS Protocol Handlers
      • iOS Serialisation and Encoding
      • iOS Testing Environment
      • iOS UIActivity Sharing
      • iOS Universal Links
      • iOS UIPasteboard
      • iOS WebViews
  • Pentesting
    • Pentesting Network
      • Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks
      • Spoofing SSDP and UPnP Devices with EvilSSDP
      • Wifi Attacks
        • Evil Twin EAP-TLS
      • Pentesting IPv6
      • Nmap Summary (ESP)
      • Network Protocols Explained (ESP)
      • IDS and IPS Evasion
      • DHCPv6
    • Pentesting JDWP - Java Debug Wire Protocol
    • Pentesting Printers
      • Accounting bypass
      • Buffer Overflows
      • Credentials Disclosure / Brute-Force
      • Cross-Site Printing
      • Document Processing
      • Factory Defaults
      • File system access
      • Firmware updates
      • Memory Access
      • Physical Damage
      • Software packages
      • Transmission channel
      • Print job manipulation
      • Print Job Retention
      • Scanner and Fax
    • Pentesting SAP
    • Pentesting Kubernetes
      • Enumeration from a Pod
      • Hardening Roles/ClusterRoles
      • Pentesting Kubernetes from the outside
    • 7/tcp/udp - Pentesting Echo
    • 21 - Pentesting FTP
      • FTP Bounce attack - Scan
      • FTP Bounce - Download 2ºFTP file
    • 22 - Pentesting SSH/SFTP
    • 23 - Pentesting Telnet
    • 25,465,587 - Pentesting SMTP/s
      • SMTP - Commands
    • 43 - Pentesting WHOIS
    • 53 - Pentesting DNS
    • 69/UDP TFTP/Bittorrent-tracker
    • 79 - Pentesting Finger
    • 80,443 - Pentesting Web Methodology
      • 403 & 401 Bypasses
      • AEM - Adobe Experience Cloud
      • Apache
      • Artifactory Hacking guide
      • Buckets
        • Firebase Database
        • AWS-S3
      • CGI
      • Code Review Tools
      • Drupal
      • Flask
      • Git
      • Golang
      • GraphQL
      • H2 - Java SQL database
      • IIS - Internet Information Services
      • JBOSS
      • Jenkins
      • JIRA
      • Joomla
      • JSP
      • Laravel
      • Moodle
      • Nginx
      • PHP Tricks (SPA)
        • PHP - Useful Functions & disable_functions/open_basedir bypass
          • disable_functions bypass - php-fpm/FastCGI
          • disable_functions bypass - dl function
          • disable_functions bypass - PHP 7.0-7.4 (*nix only)
          • disable_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit
          • disable_functions - PHP 5.x Shellshock Exploit
          • disable_functions - PHP 5.2.4 ionCube extension Exploit
          • disable_functions bypass - PHP <= 5.2.9 on windows
          • disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL
          • disable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit
          • disable_functions bypass - PHP Perl Extension Safe_mode Bypass Exploit
          • disable_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass
          • disable_functions bypass - PHP 5.2 - FOpen Exploit
          • disable_functions bypass - via mem
          • disable_functions bypass - mod_cgi
          • disable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec
      • Python
      • Special HTTP headers
      • Spring Actuators
      • Symphony
      • Tomcat
      • Uncovering CloudFlare
      • VMWare (ESX, VCenter...)
      • Web API Pentesting
      • WebDav
      • werkzeug
      • Wordpress
      • XSS to RCE Electron Desktop Apps
    • 88tcp/udp - Pentesting Kerberos
      • Harvesting tickets from Windows
      • Harvesting tickets from Linux
    • 110,995 - Pentesting POP
    • 111/TCP/UDP - Pentesting Portmapper
    • 113 - Pentesting Ident
    • 123/udp - Pentesting NTP
    • 135, 593 - Pentesting MSRPC
    • 137,138,139 - Pentesting NetBios
    • 139,445 - Pentesting SMB
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
      • SNMP RCE
    • 194,6667,6660-7000 - Pentesting IRC
    • 264 - Pentesting Check Point FireWall-1
    • 389, 636, 3268, 3269 - Pentesting LDAP
    • 500/udp - Pentesting IPsec/IKE VPN
    • 502 - Pentesting Modbus
    • 512 - Pentesting Rexec
    • 513 - Pentesting Rlogin
    • 514 - Pentesting Rsh
    • 515 - Pentesting Line Printer Daemon (LPD)
    • 548 - Pentesting Apple Filing Protocol (AFP)
    • 554,8554 - Pentesting RTSP
    • 623/UDP/TCP - IPMI
    • 631 - Internet Printing Protocol(IPP)
    • 873 - Pentesting Rsync
    • 1026 - Pentesting Rusersd
    • 1080 - Pentesting Socks
    • 1098/1099/1050 - Pentesting Java RMI - RMI-IIOP
    • 1433 - Pentesting MSSQL - Microsoft SQL Server
    • 1521,1522-1529 - Pentesting Oracle TNS Listener
      • Oracle Pentesting requirements installation
      • TNS Poison
      • Remote stealth pass brute force
      • Oracle RCE & more
    • 1723 - Pentesting PPTP
    • 1883 - Pentesting MQTT (Mosquitto)
    • 2049 - Pentesting NFS Service
    • 2301,2381 - Pentesting Compaq/HP Insight Manager
    • 2375, 2376 Pentesting Docker
    • 3128 - Pentesting Squid
    • 3260 - Pentesting ISCSI
    • 3299 - Pentesting SAPRouter
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 3632 - Pentesting distcc
    • 3690 - Pentesting Subversion (svn server)
    • 4369 - Pentesting Erlang Port Mapper Daemon (epmd)
    • 5000 - Pentesting Docker Registry
    • 5353/UDP Multicast DNS (mDNS)
    • 5432,5433 - Pentesting Postgresql
    • 5601 - Pentesting Kibana
    • 5671,5672 - Pentesting AMQP
    • 5800,5801,5900,5901 - Pentesting VNC
    • 5984,6984 - Pentesting CouchDB
    • 5985,5986 - Pentesting WinRM
    • 6000 - Pentesting X11
    • 6379 - Pentesting Redis
    • 8009 - Pentesting Apache JServ Protocol (AJP)
    • 8089 - Splunkd
    • 9000 - Pentesting FastCGI
    • 9001 - Pentesting HSQLDB
    • 9042/9160 - Pentesting Cassandra
    • 9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
    • 9200 - Pentesting Elasticsearch
    • 10000 - Pentesting Network Data Management Protocol (ndmp)
    • 11211 - Pentesting Memcache
    • 15672 - Pentesting RabbitMQ Management
    • 27017,27018 - Pentesting MongoDB
    • 44818/UDP/TCP - Pentesting EthernetIP
    • 47808/udp - Pentesting BACNet
    • 50030,50060,50070,50075,50090 - Pentesting Hadoop
  • Pentesting Web
    • Web Vulnerabilities Methodology
    • Reflecting Techniques - PoCs and Polygloths CheatSheet
      • Web Vulns List
    • 2FA/OTP Bypass
    • Abusing hop-by-hop headers
    • Bypass Payment Process
    • Captcha Bypass
    • Cache Poisoning and Cache Deception
    • Clickjacking
    • Client Side Template Injection (CSTI)
    • Command Injection
    • Content Security Policy (CSP) Bypass
    • Cookies Hacking
    • CORS - Misconfigurations & Bypass
    • CRLF (%0D%0A) Injection
    • Cross-site WebSocket hijacking (CSWSH)
    • CSRF (Cross Site Request Forgery)
    • Dangling Markup - HTML scriptless injection
    • Deserialization
      • NodeJS - __proto__ & prototype Pollution
      • Java JSF ViewState (.faces) Deserialization
      • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
      • Basic Java Deserialization (ObjectInputStream, readObject)
      • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
      • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
      • Exploiting __VIEWSTATE knowing the secrets
      • Exploiting __VIEWSTATE without knowing the secrets
    • Domain/Subdomain takeover
    • Email Header Injection
    • File Inclusion/Path traversal
      • phar:// deserialization
    • File Upload
      • PDF Upload - XXE and CORS bypass
    • Formula Injection
    • HTTP Request Smuggling / HTTP Desync Attack
    • H2C Smuggling
    • IDOR
    • JWT Vulnerabilities (Json Web Tokens)
    • NoSQL injection
    • LDAP Injection
    • Login Bypass
      • Login bypass List
    • OAuth to Account takeover
    • Open Redirect
    • Parameter Pollution
    • PostMessage Vulnerabilities
    • Race Condition
    • Rate Limit Bypass
    • Registration Vulnerabilities
    • Regular expression Denial of Service - ReDoS
    • Reset/Forgotten Password Bypass
    • SAML Attacks
      • SAML Basics
    • Server Side Inclusion/Edge Side Inclusion Injection
    • SQL Injection
      • MSSQL Injection
      • Oracle injection
      • PostgreSQL injection
        • dblink/lo_import data exfiltration
        • PL/pgSQL Password Bruteforce
        • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
        • Big Binary Files Upload (PostgreSQL)
        • RCE with PostgreSQL Extensions
      • MySQL injection
        • Mysql SSRF
      • SQLMap - Cheetsheat
        • Second Order Injection - SQLMap
    • SSRF (Server Side Request Forgery)
    • SSTI (Server Side Template Injection)
      • EL - Expression Language
    • Reverse Tab Nabbing
    • Unicode Normalization vulnerability
    • Web Tool - WFuzz
    • XPATH injection
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
    • XXE - XEE - XML External Entity
    • XSS (Cross Site Scripting)
      • PDF Injection
      • DOM XSS
      • Server Side XSS (Dynamic PDF)
      • XSS Tools
    • XSSI (Cross-Site Script Inclusion)
    • XS-Search
  • Forensics
    • Basic Forensic Methodology
      • Baseline Monitoring
      • Anti-Forensic Techniques
      • Docker Forensics
      • Image Adquisition & Mount
      • Linux Forensics
      • Malware Analysis
      • Memory dump analysis
        • Volatility - CheatSheet
      • Partitions/File Systems/Carving
        • EXT
        • File/Data Carving & Recovery Tools
        • NTFS
      • Pcap Inspection
        • DNSCat pcap analysis
        • USB Keystrokes
        • Wifi Pcap Analysis
        • Wireshark tricks
      • Specific Software/File-Type Tricks
        • .pyc
        • Browser Artifacts
        • Desofuscation vbs (cscript.exe)
        • Local Cloud Storage
        • Office file analysis
        • PDF File analysis
        • PNG tricks
        • Video and Audio file analysis
        • ZIPs tricks
      • Windows Artifacts
        • Windows Processes
        • Interesting Windows Registry Keys
  • A.I. Exploiting
    • BRA.I.NSMASHER Presentation
      • Basic Bruteforcer
      • Basic Captcha Breaker
      • BIM Bruteforcer
      • Hybrid Malware Classifier Part 1
  • Blockchain
    • Blockchain & Crypto Currencies
  • Courses and Certifications Reviews
    • INE Courses and eLearnSecurity Certifications Reviews
  • Cloud Security
    • Cloud security review
    • AWS Security
  • Physical attacks
    • Physical Attacks
    • Escaping from KIOSKs
      • Show file extensions
  • Reversing
    • Reversing Tools & Basic Methods
      • Angr
        • Angr - Examples
      • Z3 - Satisfiability Modulo Theories (SMT)
      • Cheat Engine
      • Blobrunner
    • Common API used in Malware
    • Cryptographic/Compression Algorithms
      • Unpacking binaries
    • Word Macros
  • Exploiting
    • Linux Exploiting (Basic) (SPA)
      • Format Strings Template
      • ROP - call sys_execve
      • ROP - Leaking LIBC address
        • ROP - Leaking LIBC template
      • Bypassing Canary & PIE
      • Ret2Lib
      • Fusion
    • Exploiting Tools
      • PwnTools
    • Windows Exploiting (Basic Guide - OSCP lvl)
  • Cryptography
    • Certificates
    • Cipher Block Chaining CBC-MAC
    • Crypto CTFs Tricks
    • Electronic Code Book (ECB)
    • Hash Length Extension Attack
    • Padding Oracle
    • RC4 - Encrypt&Decrypt
  • BACKDOORS
    • Merlin
    • Empire
    • Salseo
    • ICMPsh
  • Stego
    • Stego Tricks
    • Esoteric languages
  • MISC
    • Basic Python
      • venv
      • Bypass Python sandboxes
      • Magic Methods
      • Web Requests
      • Bruteforce hash (few chars)
    • Other Big References
  • TODO
    • More Tools
    • MISC
    • Pentesting DNS
  • Burp Suite
  • Other Web Tricks
  • Interesting HTTP
  • Emails Vulnerabilities
  • Android Forensics
  • TR-069
  • 6881/udp - Pentesting BitTorrent
  • CTF Write-ups
    • challenge-0521.intigriti.io
    • Try Hack Me
      • hc0n Christmas CTF - 2019
      • Pickle Rick
  • 1911 - Pentesting fox
  • Online Platforms with API
  • Stealing Sensitive Information Disclosure from a Web
  • Post Exploitation
Powered by GitBook
On this page
  • Check for possible actions inside the GUI application
  • Command Execution
  • Windows
  • Bypassing path restrictions
  • Download Your Binaries
  • Accessing filesystem from the browser
  • ShortCuts
  • Swipes
  • Internet Explorer Tricks
  • Browsers tricks
  • iPad
  • Gestures and bottoms
  • Shortcuts
  • References

Was this helpful?

  1. Physical attacks

Escaping from KIOSKs

Check for possible actions inside the GUI application

Common Dialogs are those options of saving a file, opening a file, selecting a font, a color... Most of them will offer a full Explorer functionality. This means that you will be able to access Explorer functionalities if you can access these options:

  • Close/Close as

  • Open/Open with

  • Print

  • Export/Import

  • Search

  • Scan

You should check if you can:

  • Modify or create new files

  • Create symbolic links

  • Get access to restricted areas

  • Execute other apps

Command Execution

Maybe using a Open with option you can open/execute some kind of shell.

Windows

*NIX __

Windows

Bypassing path restrictions

  • Environment variables: There are a lot of environment variables that are pointing to some path

  • Other protocols: about:, data:, ftp:, file:, mailto:, news:, res:, telnet:, view-source:

  • Symbolic links

  • Shortcuts: CTRL+N (open new session), CTRL+R (Execute Commands), CTRL+SHIFT+ESC (Task Manager), Windows+E (open explorer), CTRL-B, CTRL-I (Favourites), CTRL-H (History), CTRL-L, CTRL-O (File/Open Dialog), CTRL-P (Print Dialog), CTRL-S (Save As)

    • Hidden Administrative menu: CTRL-ALT-F8, CTRL-ESC-F9

  • Shell URIs: shell:Administrative Tools, shell:DocumentsLibrary, shell:Librariesshell:UserProfiles, shell:Personal, shell:SearchHomeFolder, shell:Systemshell:NetworkPlacesFolder, shell:SendTo, shell:UsersProfiles, shell:Common Administrative Tools, shell:MyComputerFolder, shell:InternetFolder

  • UNC paths: Paths to connect to shared folders. You should try to connect to the C$ of the local machine ("\127.0.0.1\c$\Windows\System32")

    • More UNC paths:

UNC

UNC

UNC

%ALLUSERSPROFILE%

%APPDATA%

%CommonProgramFiles%

%COMMONPROGRAMFILES(x86)%

%COMPUTERNAME%

%COMSPEC%

%HOMEDRIVE%

%HOMEPATH%

%LOCALAPPDATA%

%LOGONSERVER%

%PATH%

%PATHEXT%

%ProgramData%

%ProgramFiles%

%ProgramFiles(x86)%

%PROMPT%

%PSModulePath%

%Public%

%SYSTEMDRIVE%

%SYSTEMROOT%

%TEMP%

%TMP%

%USERDOMAIN%

%USERNAME%

%USERPROFILE%

%WINDIR%

Download Your Binaries

Accessing filesystem from the browser

PATH

PATH

PATH

PATH

File:/C:/windows

File:/C:/windows/

File:/C:/windows\

File:/C:\windows

File:/C:\windows\

File:/C:\windows/

File://C:/windows

File://C:/windows/

File://C:/windows\

File://C:\windows

File://C:\windows/

File://C:\windows\

C:/windows

C:/windows/

C:/windows\

C:\windows

C:\windows\

C:\windows/

%WINDIR%

%TMP%

%TEMP%

%SYSTEMDRIVE%

%SYSTEMROOT%

%APPDATA%

%HOMEDRIVE%

%HOMESHARE

ShortCuts

  • Sticky Keys – Press SHIFT 5 times

  • Mouse Keys – SHIFT+ALT+NUMLOCK

  • High Contrast – SHIFT+ALT+PRINTSCN

  • Toggle Keys – Hold NUMLOCK for 5 seconds

  • Filter Keys – Hold right SHIFT for 12 seconds

  • WINDOWS+F1 – Windows Search

  • WINDOWS+D – Show Desktop

  • WINDOWS+E – Launch Windows Explorer

  • WINDOWS+R – Run

  • WINDOWS+U – Ease of Access Centre

  • WINDOWS+F – Search

  • SHIFT+F10 – Context Menu

  • CTRL+SHIFT+ESC – Task Manager

  • CTRL+ALT+DEL – Splash screen on newer Windows versions

  • F1 – Help F3 – Search

  • F6 – Address Bar

  • F11 – Toggle full screen within Internet Explorer

  • CTRL+H – Internet Explorer History

  • CTRL+T – Internet Explorer – New Tab

  • CTRL+N – Internet Explorer – New Page

  • CTRL+O – Open File

  • CTRL+S – Save CTRL+N – New RDP / Citrix

Swipes

  • Swipe from the left side to the right to see all open Windows, minimizing the KIOSK app and accessing the whole OS directly;

  • Swipe from the right side to the left to open Action Center, minimizing the KIOSK app and accessing the whole OS directly;

  • Swipe in from the top edge to make the title bar visible for an app opened in full screen mode;

  • Swipe up from the bottom to show the taskbar in a full screen app.

Internet Explorer Tricks

'Image Toolbar'

It's a toolbar that appears on the top-left of image when it's clicked. You will be able to Save, Print, Mailto, Open "My Pictures" in Explorer. The Kiosk needs to be using Internet Explorer.

Shell Protocol

Type this URLs to obtain an Explorer view:

  • shell:Administrative Tools

  • shell:DocumentsLibrary

  • shell:Libraries

  • shell:UserProfiles

  • shell:Personal

  • shell:SearchHomeFolder

  • shell:NetworkPlacesFolder

  • shell:SendTo

  • shell:UserProfiles

  • shell:Common Administrative Tools

  • shell:MyComputerFolder

  • shell:InternetFolder

  • Shell:Profile

  • Shell:ProgramFiles

  • Shell:System

  • Shell:ControlPanelFolder

  • Shell:Windows

  • shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D} --> Control Panel

  • shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D} --> My Computer

  • shell:::{{208D2C60-3AEA-1069-A2D7-08002B30309D}} --> My Network Places

  • shell:::{871C5380-42A0-1069-A2EA-08002B30309D} --> Internet Explorer

Browsers tricks

Backup iKat versions:

iPad

Gestures and bottoms

Swipe up with four (or five) fingers / Double-tap Home button

To view the multitask view and change App

Swipe one way or another with four or five fingers

In order to change to the next/last App

Pinch the screen with five fingers / Touch Home button / Swipe up with 1 finger from the bottom of the screen in a quick motion to the up

To access Home

Swipe one finger from the bottom of the screen just 1-2 inches (slow)

The dock will appear

Swipe down from the top of the display with 1 finger

To view your notifications

Swipe down with 1 finger the top-right corner of the screen

To see iPad Pro's control centre

Swipe 1 finger from the left of the screen 1-2 inches

To see Today view

Swipe fast 1 finger from the centre of the screen to the right or left

To change to next/last App

Press and hold the On/Off/Sleep button at the upper-right corner of the iPad + Move the Slide to power off slider all the way to the right,

To power off

Press the On/Off/Sleep button at the upper-right corner of the iPad and the Home button for a few second

To force a hard power off

Press the On/Off/Sleep button at the upper-right corner of the iPad and the Home button quickly

To take a screenshot that will pop up in the lower left of the display. Press both buttons at the same time very briefly as if you hold them a few seconds a hard power off will be performed.

Shortcuts

You should have an iPad keyboard or a USB keyboard adaptor. Only shortcuts that could help escaping from the application will be shown here.

Key

Name

⌘

Command

⌥

Option (Alt)

⇧

Shift

↩

Return

⇥

Tab

^

Control

←

Left Arrow

→

Right Arrow

↑

Up Arrow

↓

Down Arrow

System shortcuts

These shortcuts are for the visual settings and sound settings, depending on the use of the iPad.

Shortcut

Action

F1

Dim Sscreen

F2

Brighten screen

F7

Back one song

F8

Play/pause

F9

Skip song

F10

Mute

F11

Decrease volume

F12

Increase volume

⌘ Space

Display a list of available languages; to choose one, tap the space bar again.

iPad navigation

Shortcut

Action

⌘H

Go to Home

⌘⇧H (Command-Shift-H)

Go to Home

⌘ (Space)

Open Spotlight

⌘⇥ (Command-Tab)

List last ten used apps

⌘~

Go t the last App

⌘⇧3 (Command-Shift-3)

Screenshot (hovers in bottom left to save or act on it)

⌘⇧4

Screenshot and open it in the editor

Press and hold ⌘

List of shortcuts available for the App

⌘⌥D (Command-Option/Alt-D)

Brings up the dock

^⌥H (Control-Option-H)

Home button

^⌥H H (Control-Option-H-H)

Show multitask bar

^⌥I (Control-Option-i)

Item chooser

Escape

Back button

→ (Right arrow)

Next item

← (Left arrow)

Previous item

↑↓ (Up arrow, Down arrow)

Simultaneously tap selected item

⌥ ↓ (Option-Down arrow)

Scroll down

⌥↑ (Option-Up arrow)

Scroll up

⌥← or ⌥→ (Option-Left arrow or Option-Right arrow)

Scroll left or right

^⌥S (Control-Option-S)

Turn VoiceOver speech on or off

⌘⇧⇥ (Command-Shift-Tab)

Switch to the previous app

⌘⇥ (Command-Tab)

Switch back to the original app

←+→, then Option + ← or Option+→

Navigate through Dock

Safari shortcuts

Shortcut

Action

⌘L (Command-L)

Open Location

⌘T

Open a new tab

⌘W

Close the current tab

⌘R

Refresh the current tab

⌘.

Stop loading the current tab

^⇥

Switch to the next tab

^⇧⇥ (Control-Shift-Tab)

Move to the previous tab

⌘L

Select the text input/URL field to modify it

⌘⇧T (Command-Shift-T)

Open last closed tab (can be used several times)

⌘[

Goes back one page in your browsing history

⌘]

Goes forward one page in your browsing history

⌘⇧R

Activate Reader Mode

Mail shortcuts

Shortcut

Action

⌘L

Open Location

⌘T

Open a new tab

⌘W

Close the current tab

⌘R

Refresh the current tab

⌘.

Stop loading the current tab

⌘⌥F (Command-Option/Alt-F)

Search in your mailbox

References

PreviousPhysical AttacksNextShow file extensions

Last updated 3 years ago

Was this helpful?

For example cmd.exe, command.com, Powershell/Powershell ISE, mmc.exe, at.exe, taskschd.msc... find more binaries that can be used to execute commands (and perform unexpected actions) here:

bash, sh, zsh... More here:

Console: Explorer: Registry editor:

https://lolbas-project.github.io/
https://gtfobins.github.io/
https://sourceforge.net/projects/console/
https://sourceforge.net/projects/explorerplus/files/Explorer%2B%2B/
https://sourceforge.net/projects/uberregedit/
http://swin.es/k/
http://www.ikat.kronicd.net/
https://www.macworld.com/article/2975857/6-only-for-ipad-gestures-you-need-to-know.html
https://www.tomsguide.com/us/ipad-shortcuts,news-18205.html
https://thesweetsetup.com/best-ipad-keyboard-shortcuts/
http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html