Last year it was remote, now it's local

I did a lighting talk at BruCON on Monday 19 Sept 2011, this is the talk

Click here to view my actually quick 5 min talk

The Trick
While at a customer presentation, I need to show how using the 'debug' command so I can hide files to smuggle data out of a customer site. But the biggest problem is that I need to access the command prompt on a machine that has been heavily restricted. So I found a nice little trick, I did some research on Google but couldn't find anyone mentioning this before.

There are ways to block this if needs be, but it wont be pretty. Also, there is a registry mod that will remove 'Use the web service to find the correct program' but there doesn't seem to be one to 'Select a program from a list of installed programs'. If there is one I like to know :)

One more thing, this seems to only work with command.com if you select other programs the file is still attempted to be open but the program errors as it's not the correct file format, which is expected and understandable.

I hope you found this useful or got something out of it, thanks again!.
Wicked Clown