lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030721040413.40116.qmail@web15312.mail.bjs.yahoo.com>
From: liudieyuinchina at yahoo.com.cn (Liu Die Yu)
Subject: bypassing - under the name of IEXPLORER.EXE

BHO can help bypass firewall on Win Station if MSIE is
allowed to access the internet.

BHO stands for "Browser Helper Object". in one
sentence:
you can make IEXPLORER call your dll whenever an
event(OnDocumentComplete, OnBeforeNavigate, etc)
happens and IEXPLORER will expose everything
available("window.document.body", "Url", "Status",
download progress,etc ) to your DLL.

this is a great way to send information to the
internet under the name of IEXPLORER:
when IEXPLORER is started, our BHO opens a new MSIE
window via script ("window.open").
that new IE window will also be controled by our BHO -
we hide this new window.
then the hidden window can be used to send information
out - simply use an HTML form.

how can firewalls like zonealarm figure out whether
the form is submitted by script or not?

of course, this trick can also be used to get commands
from trojan planter.

to learn more about BHO:
http://www.safecenter.net/liudieyu/BhoForWall/BhoForWall-MyPage.htm
(there are:
a BHO sample that pops up a window whenever MSIE is
started and show all happening events(source code
included).
domex-A1: it's a bho application. it changes the html
code of an HTML page( to enable the user to make notes
in his browser. )
other links about BHO)


----------
all mentioned resources can be found at http://umbrella.mx.tc

_________________________________________________________
Do You Yahoo!? 
国内电邮用户反垃圾调查拉开帷幕
http://cn.rd.yahoo.com/mail_cn/tag/?http://cn.tech.yahoo.com/zhuanti/laji/index.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ