You can snoop on a Windows computer from a web browser and use the API


Mom, I think someone installed a virus and shut down our computer. We are probably on this botnet. Alabama hackers!

In today’s sequel to our electronic programming series, we’ll take a look at a feature that has been a part of Windows (and not just the desktop) for years, but dare I say it, with the exception of network administrators to whom it is intended, most of the users do not know at all.

Called Windows Device Portal, and as the name suggests, they are basically backdoor to system via LAN and web protocol. Developers have at their disposal HTTP REST API and administrators go directly to the full HTML interface that they load into the browser.

And since we already have Hidden Windows Divine Mode, let’s call Windows Device Portal for the rest of the article. divine backdoor!

Remote computer shutdown from Raspberry Pi using divine back doors:

We activate the divine back door

By default, the doors are closed, but you can enable them in modern settings in the section For developers under the name of Device portal. Once they are up and running, install the operating system on your local IP address and a free TCP port 50080 start the web server.

Enabling Device Portal in Windows 11. Windows 10 settings are the same, but the Settings app has a different interface. Look for developer tools in it

So that the server is not accessible to everyone on the home network, you can also protect it with a username and password, and you will also find instructions on how to protect it with an encrypted HTTPS connection on the website. But for the simplicity of today’s example, unencrypted HTTP and reliance on home network security will suffice.

Web browser

Now, when you retrieve the address of the target machine with the correct TCP port in any web browser and on any computer on the local network, the management web interface of your operating system is displayed. .

Click to enlarge the imageClick to enlarge the image
Web Explorer can explore the folders and files of the logged in user

You have almost everything at your disposal. A preview of running modern apps loads on the Home screen. Application manager and options for remote installation. In the map File browser again you will find access to the root folder of the logged in user you can browse and luckily delete, download and of course me save files from your own device.

Web task manager

Menu Running process This is already a web-based alternative to Task Manager by name, and you can click the cross to remotely kill any process for which you have the appropriate rights. And to have the complete task manager, tab Performance It also displays classic timing charts with CPU, GPU, memory and network usage.

Click to enlarge the image
Live graphics of the system load in the browser.

Hardware, Bluetooth and Wi-Fi Information

Menu Device administrator displays a list of connected devices, tab Bluetooth All keyboards, mice, paired headphones and as a bonus, the scanner of the surrounding BT / BLE boxes will start. Likewise, the map Networking retrieves all network devices, their IP addresses and, if the computer is equipped with Wi-Fi, launches a scan for available networks nearby.

Click to enlarge the image
Connected BT / BLE devices that you can disconnect remotely and a scanner of the surrounding area
Click to enlarge the image
Information about network adapters and surrounding Wi-Fi

Web regedit and screenshots

In the end it does not miss Newspaper reader – basically a web equivalent of the good old regedit – a Windows administrator, which displays the complete list of onscreen GUI elements that the window manager works with. Selecting an item from the list will display its appearance on the right. Thus, the divine backdoor can also control visual events on the screen.

Click to enlarge the imageClick to enlarge the image
System log reader and window manager item list including thumbnails. In this case, the item in the application part of the dock is showing in Windows 11, so I have a preview of the window programs that are running.

Machine control from a PC via HTTP REST API

However, as we said in the introduction, we can also access the Windows Device Portal server through a simple HTTP REST API, which is machine readable JSON format.

So if we want to know the computer name, just send an HTTP GET request:

/ api / os / machine_name

In the next part for subscribers, we’ll show how to work with the API using cURL on Raspberry Pi, PowerShell on Windows, and finally we’ll write a full client in Python, which will shut down the computer with the command.

The rest of the article belongs to premium content

Get unlimited access and Live without advertising through 41 CZK monthly

Source link


About Author

Leave A Reply