lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A54506325BF6C74ABFBB7434F71661CF0173B828@dnzakex1.datacom.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: Microsoft hides certain types of files from your eyes + some filename parsing bug

The CLSID one doesn't work at all under XP SP2 Beta RC2.  The CLSID is
registered on my machine as an HTA.  File extension is show regardless
of whether you have view file extensions turned on or off.
 
Cheers
 
Stu


________________________________

	From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Good One
	Sent: Thursday, 8 July 2004 11:37 a.m.
	To: full-disclosure@...ts.netsys.com
	Subject: [Full-Disclosure] Microsoft hides certain types of
files from your eyes + some filename parsing bug
	
	
	Microsoft HIDES certain types of files from your eyes:
	 
	This one is old unpatched "behaviour" ...
	 
	If you will create in windows explorer file :
	 
	test.txt 
	with content :
	 
	<script>
	a=new ActiveXObject("WSCript.Shell");
	a.run("CMD.EXE");
	alert("Hello, I'm Silly Billy !");
	</script>
	 
	It will be executed if you will add CLSID to it's name and user
double clicks it :
	 
	test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
	 
	Note: 
	CLSID will remain hidden (explorer will not show it up in any
means)
	File name for user will remain : test.txt
	 
	This adds numerous possibilities for viruses to fool end user
into safe content.
	 
	 
	another filename parsing bug (system even cannot access it) :
	By some technics windows still allows to write file on harddisk
with funny name like :
	 
	test [good one :] .avi
	 
	End user will expierence certain difficulties to remove it
afterwards from system.
	 
	It's name will change to "test [good one", it will have no
extension, will show up 0 bytes etc, etc...
	 
	 
	Of course .url and .lnk are hidden as well, being "shortcuts" in
m$ way. The contents of those files are up to you ... :-) 
	 
	For example : file "test.url" with this content will open your
browser with alert.
	 
	[DEFAULT]
	BASEURL=javascript:alert('hello mama !')
	[InternetShortcut]
	URL=javascript:alert('hello mama !')
	Modified=00027F010505010100
	 
	 
	m$ is good for gaming, not for serious work..
	 
	 
	- SomeMan.
	 

	
________________________________

	ALL-NEW Yahoo! Messenger
<http://uk.rd.yahoo.com/evt=21626/*http://uk.messenger.yahoo.com>  -
sooooo many all-new ways to express yourself 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040708/8c9813e4/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ