This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
Earlier today I needed to shell out to a command prompt from a locked-down desktop PC. With only a limited set of icons and no access to the Run dialog from the Start Menu, I asked a colleague if he knew any back doors in the client build. He showed me this neat method for shelling out to pretty much anything you like from within an Office application:
- Open Microsoft Word, Excel, Outlook or another application that supports Microsoft Visual Basic for Applications (VBA).
- Select Macro, then Visual Basic Editor from the Tools menu (or type Alt-F11).
- Select Module from the Insert menu and enter the following code in the Module window:
Sub Main()Dim x
x = Shell("cmd.exe")
End Sub - Select Run Sub/User Form from the Run menu (or type F5) and a new instance of cmd.exe will be launched.
The security implications of this could be severe, but as an administrator it’s a useful trick to know.