| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: liudieyuinchina at yahoo.com.cn (Liu Die Yu)
Subject: bypassing - under the name of IEXPLORER.EXE
BHO can help bypass firewall on Win Station if MSIE is
allowed to access the internet.
BHO stands for "Browser Helper Object". in one
sentence:
you can make IEXPLORER call your dll whenever an
event(OnDocumentComplete, OnBeforeNavigate, etc)
happens and IEXPLORER will expose everything
available("window.document.body", "Url", "Status",
download progress,etc ) to your DLL.
this is a great way to send information to the
internet under the name of IEXPLORER:
when IEXPLORER is started, our BHO opens a new MSIE
window via script ("window.open").
that new IE window will also be controled by our BHO -
we hide this new window.
then the hidden window can be used to send information
out - simply use an HTML form.
how can firewalls like zonealarm figure out whether
the form is submitted by script or not?
of course, this trick can also be used to get commands
from trojan planter.
to learn more about BHO:
http://www.safecenter.net/liudieyu/BhoForWall/BhoForWall-MyPage.htm
(there are:
a BHO sample that pops up a window whenever MSIE is
started and show all happening events(source code
included).
domex-A1: it's a bho application. it changes the html
code of an HTML page( to enable the user to make notes
in his browser. )
other links about BHO)
----------
all mentioned resources can be found at http://umbrella.mx.tc
_________________________________________________________
Do You Yahoo!?
国内电邮用户反垃圾调查拉开帷幕
http://cn.rd.yahoo.com/mail_cn/tag/?http://cn.tech.yahoo.com/zhuanti/laji/index.html
Powered by blists - more mailing lists