Hijacking Common Windows Shortcuts with Powershell

Earlier today I ran across this blog post on hijacking windows .lnk file so  I decided to build out and test a full POC for it using Windows 8.1. 


To reproduce this just copy these 7 lines into powershell and  ctrl+c now runs calc.exe instead of copying your text:

For extra jerkiness this will shutdown a windows machine when ctrl+c is pressed:

Using this technique you could easily natively remap common commands like ctrl+c , ctrl+v, ctrl-alt-delete to do anything the logged in user can do.  You could also copy these links into the common desktop (C:\Users\Public\Desktop\) to make anyone who logs into the machine have these mappings.

Here is a full video of the POC:

Site Footer