This time on the show , breaking into command prompts using Microsoft Paint! Navigate Windows like a power user with Launchy. FTP from anywhere, manually control wireless connections in BackTrack Linux and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

Breaking into command prompts using Microsoft Paint!

Let’s face it, a lot of public Windows machines aren’t locked down properly. This trick, sent in by 0perator, goes to show how trivial it can be to obtain a shell using the notorious MsPaint tool. Begin by opening Paint and starting a new image with the dimensions of 1 px tall and 6 px wide. Then from left to right paint one pixel at a time with these custom RGB values:

  • 10,0,0
  • 13,10,13
  • 100,109,99
  • 120,101,46
  • 0,0,101
  • 0,0,0

Now save the image as a 24-bit bmp file. Rename the extension .bat, open and enjoy the shell.

To see what’s really going on here open the file in a hex editor. My favorite on Windows is HxD Hex Editor. It’s freeware. Of course it’s worth mentioning that any machine secured properly with group policies isn’t going to be susceptible to this attack, but you’d be surprised how many aren’t.

Navigate Windows like a pro with Launchy

A lot of power users- like Darren- don’t really use the start menu or well… their mouse. They just want to be able to put in a couple of keystrokes and immediately get to the program they need to use.

There’s this nice, simple utility called Launchy that does just what Darren needs. Launchy is a free cross-platform utility designed to help you forget about your start menu, the icons on your desktop, and even your file manager. It indexes the programs in your start menu and can launch your documents, project files, folders, and bookmarks with just a few keystrokes!

Launchy can be found at, where you can download, donate, and check out skins and how-tos, The skins on their website kind of remind me of the days of Winamp skins, so I’m just sticking to the simple black one.

The download is available for Windows up to 7, Mac, Linux, as well as a portable version.

After downloading Launchy, open the main window and type in a program name or something you want to find, and press enter. It should automatically open that program within a few seconds. If you find that doesn’t work, click on the settings button and choose the catalog tab. Click the plus button and add your program files folder.

A few keystrokes to know: Alt + Space opens and closes the Launchy window. Typing something in then hitting tab with start a command line entry. For example, type in chrome, then hit tab, then type in the hak5 website.

You can look at your history of searches by press down when the window is blank. Press shift + delete to delete a highlighted program in that list.

To add functionality for other file types other than programs, go to the Catalog tab under settings, choose your destination or create a new one, then click + to add a different file type, type in *.mp3 or *.jpg…, and choose rescan Catalog.

Along with the healthy does of easy GUI is a handful of plugins for your mere enjoyment. The Launchy website features many plugins to make the utility easier to use and more useful- including a built in calculator, a website browser, and a program killer for background programs.

I think this is a tool for those users who need something to help them speed up their daily processes just a bit by giving them that freedom to not have to use the mouse. Also, the portable version would be really handy for IT support who don’t necessarily know where programs are on each computer they work on. Booting up this tool and searching for a program is as easy as making sweet tea. Mmmm. Delicious.

FTP from anywhere, manually control wireless connections in BackTrack Linux

Alex submitted this tip at He writes

Need to access a file on an FTP server, but you’re on a machine where you can’t install programs, or you don’t have your all singing all dancing flash drive full of portables? Well by using the full address with the “”FTP://”” at the beginning you can access it using Firefox, Chrome, IE and even the Windows File explorer!

Thanks! I’d also like to add that the syntax for FTP URLs goes ftp://username:password@localhost:21/directory

Props to Alex for submitting this and getting some free Hak5 swag! Submit your 4-bit tips at

Mark writes:

love your show
how to disable tcp-ip, dhcp and other stuff in BT and other linux distro
that you don’t accidentally connect to ap

Check out the config files in /etc/network, specifically /etc/network/interfaces

Also don’t use network manager or Wicd, instead connect manually from the terminal. For example in my case for a WPA network I’ll first scan, then create a passphrase file, then connect:

iwlist wlan0 scan | grep 'ESSID\|Encryption\|WPA'
wpa_passphrase ssid password
wpa_supplicant -B -Dwext -i wlan0 -c ssid"

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at If you have any questions or suggestions please feel free to contact us at

There are two things IT professionals and their clients have in common, they want the job done right and they want it done fast. That’s why I highly recommend Go To Assist Express by Citrix to anyone in I.T. It puts clients at ease with its simple and secure remote support and puts you in position to do what you do best – Access, Diagnose and Resolve. Try Go To Assist Express FREE for 30 days. Visit to see how you can deliver LIVE tech support to anyone, anywhere with Go To Assist Express. That’s for a FREE trial.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think Got a great idea? It all starts with a great domain.

Computer disasters eventually happen to everyone – (your computer crashes, gets infected with a virus, you drop it, theft, fire, etc.) but if you get Carbonite Online Backup before your disaster then NO NEED TO WORRY because your files will be backed up – automatically and safely offsite – and it’s really easy to get them back. Plus, you get anytime, anywhere access to your backed up files from any computer – or on your smartphone or iPad with a free Carbonite app! With Carbonite, unlimited backup for your PC or Mac is just $59 a year. That’s less than $5 a month. But when you use the offer code “hak5” to start your Free 15-day Trial you’ll get Two Months Free if you decide to buy. All the details are at and remember to use the offer code “hak5” to get Two Months Free with purchase.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • reggie 4 years ago

    I can’t get the killy plugin for launchy, and the developers are using fricken fourth world servers I’ve never heard of to host their plugins

  • Hey! Excellent show again. Respect!

    That was one hell of an übergeeky way to create a batch file by using Paint.

    However, wouldn’t be creating a text file with extension .bat and putting cmd.exe in it be more or less the same thing? (call it acquire shell access using notepad :-))

  • Dennis 4 years ago

    That paint trick is “cool”, but how is it any different from opening notepad and making a batch file that opens cmd.exe?!

  • Seuros 4 years ago

    You don’t have to add :21 in ftp://login:password@localhost

  • redxine 4 years ago

    I’ve been able to get into a windows shell on a “Locked” XP machine (nothing displayed on the desktop, no file browsing period, no cmd.exe, etc.) by opening notepad, creating the usual @echo off; and saving it as a bat. You can run it by opening the notepad file dialogue, finding the file you just saved, right click > run, enjoy!

  • rtdev42 4 years ago

    I tried Launchy for awhile. But I found the I could do mostly what I needed with the Win7 Start Search box. Also tried SlickRun, but went back to the Win7 Start Search box.

    A program I often use is AutoHotkey ( With it you can Launch programs, create scripts, send key strokes, mouse positions and more.

    Love the Show!!!

    ~|~ _|- \ / ~|~ _ _|_,_ | _|-
    | |`L|_\|_ | ()L||` | (/_(_||||()|L|_\|_

  • Windows 7 (and god forbids Vista) power users will know that Launchy is pretty much useless with the new start menu:

    – WinKey to open the start menu
    – Type the first letters of the program name
    – Enter

    That’s it!

  • kevin 4 years ago

    Is anyone know how does paint trick work?

  • YESSS… this is great tricks
    and work for me..
    Thanks for sharing :)

  • Thanks for your marvelous posting! I quite enmjoyed reading it,
    you can be a great author. I will make sure
    to boopkmark your blo and definitely will come back someday.
    I want to encourage that you continue your great posts, have a nic evening!

  • But you can never be the best at everything. They have a distinct search in conditions of style and shades, such as Camo types.
    An undistinguished low-budget Western, Buffalo Gun (1961) which he had made for the obscure Globe in 1958 and
    which was released in 1961, was his last picture.

  • I have learn a few just right stuff here.
    Definitely value bookmarking for revisiting.
    I wonder how so much effort you set to make such a
    excellent informative website.

  • I do not know whether it’s just me or if everyone else experiencing issues with your site.
    It seems like some of tthe written teext within your posts are
    running off the screen. Can someone else please provide feedback and let mee knbow
    if this is happening to them too? This could be a problem with my
    web brower because I’ve had this haappen before. Appreciate it

  • Vous êtes vous déjà demander remark les hackers pouvais pirater des Compte

  • I’m very pleased to find this website. I wanted to thank
    you for your time due to this fantastic read!! I definitely really liked every little bit of it and I have you saved as a favorite to see new stuff on your web site.

  • This article is really a pleasant one it helps new net people, who
    are wishing in favor of blogging.

  • Hey There. I discovered your weblog the usage of msn. That is an extremely well written article.

    I will make sure to bookmark it and come back to learn extra of your useful info.
    Thank you for the post. I’ll definitely return.

  • In its earlier beginnings, this technology was just open to computers and laptops.

    This is where the network administrator arranges
    your password strength after which gives it to the appropriate individuals to use.
    And just so that it is Christmas-themed, it’s better yet
    if you’ve found yourself the red version.

  • Fact is, once you know how to get an instant rush of traffic consistently, you’ll begin to see cash being generated consistently into your website too.

  • Eduardo is the name people use to call him and he loves information technology.
    Production and planning is the things i do. Montana has been my living
    place however, now I’m considering other brands.

    What me and my family love is cycling nevertheless i haven’t launched
    a dime by using it. I’ve been working in my website for a now.
    Check it out here: pandora bracelet outlet

  • It’s going to be end of mine day, except before finish I am reading this enormous paragraph to increase my

  • Currently it sounds like WordPress is the preferred blogging platform out there right now.

    (from what I’ve read) Is that what you’re using on your blog?

  • Invest in a great app that allows you to upload files and data onto your apple iphone like a standard storage device.