Accessing control panel applets via control.exe and rundll32 or just directly calling the .cpl, like ncpa.cpl to access network settings is not new.
I find myself often referring to a friend’s blog over here: https://www.attackdebris.com/?p=143
Where he breaks out some of the other tools that are always handy on a breakout job, the amount of times that the dsquery line has come in handy on everything from breakouts to redteam engagements is insane.
What is new however is me losing my damn notes file on them, thankfully it seems Microsoft has published their own notes so for those of us with rubbish memories…
Here you go: https://support.microsoft.com/en-us/help/192806/how-to-run-control-panel-tools-by-typing-a-command
Key bit: “rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl”.
Oh and another golden oldie while we’re at it, introducing Godmode a feature that’s existed for bloody yonks…
- Create a folder
- name it: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
- Open it.
See shortcuts to every control panel option your account should have access to.