I sometimes work in an environment that has reasonably tight security requirements. One of those requirements as that a device’s MAC Address / Hardware Address be entered into a table on the router before it can be assigned an IP address.
I recently showed up on site with a brand new in box Surface Pro 9, but I had no idea how to get the MAC Address of the device because I could not log in and open a command prompt. Or so I thought.
I got to the wifi screen telling me to create a connection, then pressed “Control+Alt+Escape” which brings up Task Manager. Although it did not appear on my screen, I suspected it was running behind the overlay locked to the forefront of my screen. I pressed “Alt+Tab” and was able to confirm my suspicion. I then used the keyboard combination of “Alt+F” to open the file menu, pressed Enter knowing that “Run” was highlighted, typed “cmd” and pressed enter to open a Command Prompt window. All of this was happening behind the “Let’s Connect You to a Network” screen, but as veteran of the keyboard era of Windows, all of this was second nature to me.
From there I was able to run the familiar ipconfig /all command, then, with the help of my phone’s camera, I could take a photo of the output of the command prompt and see the MAC Address that I was looking for.
This was convenient enough, but the thought of just being connected to wifi without ever logging in to the machine and then being able to take advantage of this “defaultuser0” account to open a terminal, and then utilize wget to download and execute potential malware before the computer has ever even been set up… fascinating. I’m sure this isn’t “breaking news” to anyone, infact the feature is probably left in, intentionally, for cases just like my original issue! But it does force me to take pause and think of what I can do with this.