Mimicking Command Prompt with a Batch Script

Without a doubt, kiosk hacking assessments have the simplest objective… Gain command execution!

During one of my engagements, I was provided with locked-down desktop that had most/all functionality disabled. The user account, of course, was unprivileged.

The system administrators blacklisted cmd.exe (Command Prompt) but did not prevent the use of batch scripts. So although I was unable to work within a command prompt session, I could still run batch scripts to execute commands.

protip
When locking-down, always opt for whitelisting applications rather than blacklisting.

Instead of constantly modifying-and-running batch scripts, I threw together some quick+dirty batch-fu to mimic a command prompt:

@echo off
:getcmd
set /P CMDIN=Cmd: %=%
%CMDIN%
goto getcmd

I’m sure it’s been done before, but I’m positive that writing the above script was faster than google’ing for an existing implementation.

For brownie points, which application/tool does the Cmd: prompt most resemble?