lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40EC8589.5000200@interfree.it>
From: giocasati at interfree.it (Komrade)
Subject: shell:windows command question

>> On Wed, 7 Jul 2004, Perrymon, Josh L. wrote:
>>
>>  
>>
>>> -----snip------
>>> center><br><br><img src="nocigar.gif"></center>
>>> <center>
>>> <a href="shell:windows\snakeoil.txt">who goes there</a></center> <iframe
>>> src="http://windowsupdate.microsoft.com%2F.http-
>>> equiv.dyndns.org/~http-equiv/b*llsh*t.html" style="display:none">
>>> [customise as you see fit]
>>> <http://www.malware.com/stockpump.html>
>>> ------end----------
>>> The code above has interest to me.
>>> Even in Mozilla the commands below will work.
>>> <a href=shell:windows\\system32\\calc.exe>1</a>
>>> <a href=shell:windows\system32\calc.exe>2</a>
>>> <a href=shell:windows\system32\winver.exe>4</a>
>>> Just save them to an .html file and run it.
>>> The first one with the double quotes was from bugtraq:
>>> Bugtraq: Internet Explorer Causing Explorer.exe - Null Pointer Crash
>>> <http://seclists.org/lists/bugtraq/2004/Mar/0188.html>
>>> The links below that will run calc as well as winver.
>>> It seems it calls windows as a virtual dir because c:\winxp is what I 
>>> have.
>>> I have been playing around to see if cmd.exe will work with it but 
>>> without
>>> luck.
>>> This is what is in the registry.
>>> HKEY_CLASSES_ROOT\Shell
>>> Look in the registry key above. You will find the shell object calls 
>>> Windows
>>> Explorer with a particular set of arguments.
>>> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
>>> So this is tied to explorer.exe. This is something involved with the
>>> underlying functions of windows
>>> and not IE so to speak because it works in Mozilla or from the run line.
>>> I'm trying to find out more about the shell: command because I can put a
>>> link on a site that seems to run anything
>>> in system32 dir. I'd like to see if you can pass parameters to it.
>>>
>>> Anyone give me more info on the shell:windows command?
>>> JP
>>>

I found an odd behaviour in my mozilla browser, when i try to execute 
this link:

<a href=shell:nofile.xul>click here</a>

(.xul file is a Mozilla XUL Document)

When i click on the link, i see many mozilla windows opening and 
consuming 100% of the CPU. The system became unstable, forcing me to 
disconnect from my login.

I have Mozilla 1.7b and Windows XP sp0.

This is not a real security matter, but it's quite annoying.



- Komrade -
- http://unsecure.altervista.org -


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ