Elitist Jerks
Register
Blogs
Forums


Go Back   Elitist Jerks » Public Discussion
Reload this Page Key Loggers

Reply
Page 5 of 5 « First < 3 4 5
 
LinkBack Thread Tools
Old 09/17/06, 12:27 PM   #101
Barrakketh
Glass Joe
 
Orc Warlock
 
Eldre'Thalas
Originally Posted by Lagomorph
Under what conditions/environments would that VBScript then execute and run?
The only condition is that you're using Internet Explorer. I was off a bit when I said that Adodb.Stream wasn't supposed to be used. It can be used (by design, as Microsoft said), and when coupled with an Internet Explorer vulnerability it can be used to execute scripts from the local zone (which is trusted).

There was a similar vulnerability two years ago called Download.ject. It hijacked IIS and behaved much the same. From the Wikipedia article:
Download.ject appended a fragment of JavaScript to all web pages from the compromised servers. When any page on such a server was viewed with Internet Explorer (IE) for Windows, the JavaScript would run, retrieve a copy of one of various backdoor and key logging programs from a Russian server and install it on the user's machine, using two holes in IE — one with a patch available, but the other without. These vulnerabilities were present in all versions of IE for Windows except the version included in Windows XP Service Pack 2 [1], which was only in beta testing at the time.

Offline
Reply With Quote
Old 09/17/06, 2:05 PM   #102
Exewut
Soda Popinski
 
Exewut's Avatar
 
Orc Warrior
 
Al'Akir (EU)
Originally Posted by Barrakketh
Originally Posted by Lagomorph
Under what conditions/environments would that VBScript then execute and run?
The only condition is that you're using Internet Explorer. I was off a bit when I said that Adodb.Stream wasn't supposed to be used. It can be used (by design, as Microsoft said), and when coupled with an Internet Explorer vulnerability it can be used to execute scripts from the local zone (which is trusted).
I still have IE on my pc but I never use it, will the script get activated or not?
Or do I need to open the link with IE to actually download the script?

Offline
Reply With Quote
Old 09/17/06, 2:21 PM   #103
Barrakketh
Glass Joe
 
Orc Warlock
 
Eldre'Thalas
Originally Posted by Exewut
I still have IE on my pc but I never use it, will the script get activated or not?
Or do I need to open the link with IE to actually download the script?
You have to visit the link with IE. Firefox and Opera don't support ActiveX.

Offline
Reply With Quote
Old 09/17/06, 2:40 PM   #104
Lagomorph
Piston Honda
 
Lagomorph's Avatar
 
Night Elf Priest
 
Elune
Originally Posted by Barrakketh
Originally Posted by Exewut
I still have IE on my pc but I never use it, will the script get activated or not?
Or do I need to open the link with IE to actually download the script?
You have to visit the link with IE. Firefox and Opera don't support ActiveX.
Wait, so ActiveX and VBscript are equivalent?

The way I read that: you could use java/javascript (which I understand to be sandboxed languages, and therefore relatively safe from attacks not involving user intervention) to change the code on the page into a VBscript and then the parser would execute that script.

So I suppose my queston becomes twofold:
Are VBScript and ActiveX equivalent?
Does Firefox/Opera execute VBscript by default?

Offline
Reply With Quote
Old 09/17/06, 4:23 PM   #105
 Shalas
Bald Bull
 
Shalas's Avatar
 
Tauren Druid
 
Mal'Ganis
Only IE supports VBScript. VBScript is not the same thing as ActiveX.

Offline
Reply With Quote
Old 09/17/06, 5:21 PM   #106
Revenj
Piston Honda
 
Revenj's Avatar
 
Undead Priest
 
Emeriss (EU)
Originally Posted by Exewut
Originally Posted by Barrakketh
Originally Posted by Lagomorph
Under what conditions/environments would that VBScript then execute and run?
The only condition is that you're using Internet Explorer. I was off a bit when I said that Adodb.Stream wasn't supposed to be used. It can be used (by design, as Microsoft said), and when coupled with an Internet Explorer vulnerability it can be used to execute scripts from the local zone (which is trusted).
I still have IE on my pc but I never use it, will the script get activated or not?
Or do I need to open the link with IE to actually download the script?
You'd be surprised how many problems this simple fix will solve:

Rename IEXPLORE.exe to something else.

Offline
Reply With Quote
Old 09/17/06, 6:18 PM   #107
Barrakketh
Glass Joe
 
Orc Warlock
 
Eldre'Thalas
Originally Posted by Lagomorph
Originally Posted by Barrakketh
Originally Posted by Exewut
I still have IE on my pc but I never use it, will the script get activated or not?
Or do I need to open the link with IE to actually download the script?
You have to visit the link with IE. Firefox and Opera don't support ActiveX.
Wait, so ActiveX and VBscript are equivalent?
No. Both are Microsoft technologies. ActiveX is the way plugins are implemented in IE, VBScript is just another scripting language (VB stands for Visual Basic) that only Internet Explorer uses.
The way I read that: you could use java/javascript
Not Java. Javascript and Java are completely different animals.
which I understand to be sandboxed languages
Java is sandboxed, Javascript isn't.
to change the code on the page into a VBscript and then the parser would execute that script.
It doesn't matter whether the extra code is VBScript or Javascript. The code creates new objects in the page via the DOM (Document Object Model), uses those objects to download a file and write to disk. The problem is that they are able to create and run an application on the local machine. There is no good reason why a web browser needs a scripted ability to launch arbitrary programs.
So I suppose my queston becomes twofold:
Are VBScript and ActiveX equivalent?
As stated above, no.
Does Firefox/Opera execute VBscript by default?
Firefox/Opera don't support VBScript.

Offline
Reply With Quote
Enjin
HeroPing

Contact Us   Privacy Policy