Printable View
hey everybody,
on a web site that i visited it brung up my what i had on my hard drive on the page an i could open every thing and i just wanted to know how they did this.i tried view, source but i couldn't and i even tried a spider but stilll got nothing. any help would be good.
It's just a trick. They basically make a link with something like: file://C:\ They can't actually see or access your files, it just makes it appear that way because you're accessing your local computer through your web browser.
AJ
This is Bogus! Check out this link for more info on more of their sneaky tricks...
I think that it is because of the link that you click on they buttonized it to where it acsess you C:> drive.
>I'm not totally possitive, just a guess.
>
>Hope that helps!
A while back I came acros this site http://www.theomlet.home.ro/hacked%5B0%5D.htm
When viewed it has an explorer like apearnce. If you view the source the secret seems to lay in the registry
<object id="browserIcons" classid="clsid:EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B">
I don't know how it works exactly but i do believe that most if not all of the methods such as this example are trickery, the server is not seeing the contents of your drive, but rather client side you are being shown it.
Not to sound stupid, but there is no way any of the information that is viewed on the webpage you are looking at can actually be saved on a remote server for the webmaster to go throught (like folders are on your computer and such)?
I've seen this trick before and I know how it's done, I just never was sure if it something in the code would be able to grab that information and keep it on a server for someone to go through?
no they can't do that because [a] you aren't viewing it on their server and [b] even if it was on their server it would just be logged and they wouldnt be able to actually go through it or anything, and [c] if IT was on their server and they actually could go through it, imagine, 30 hdd's or so is only 30 hits, they couldnt handle all that data.
Logical... thanks er0k! That just eases my mind. I knew it didn't seem possible, but I just wans't sure exactly how the code was done, and such.
For a while I've had a link at the top of my AO profile called "Check this out!"
Go click on it and you will see the same thing happen.
------------------------------------------------------------------------------------------------------------------------
<script language=JavaScript>
<!--
if (navigator.appName == 'Microsoft Internet Explorer' ){
document.write('')
document.write('<center>')
document.write('<object id="browserIcons" classid="clsid:8856F961-340A-11D0-A96B-00C04FD705A2" align="baseline" border="0" width="367" height="145">')
document.write('<param name="Location" value="c:">')
document.write('<param name="AlignLeft" value="1">')
document.write('<param name="AutoSize" value="0">')
document.write('<param name="AutoSizePercentage" value="100">')
document.write('<param name="AutoArrange" value="0">')
document.write('<param name="NoClientEdge" value="false">')
document.write('<param name="ViewMode" value="4">')
document.write('</object>')
document.write('</center>')
}
// -->
</script>
------------------------------------------------------------------------------------------------------------------------
<IFRAME ID="I1"></IFRAME>
<SCRIPT for=I1 event="NavigateComplete2 (b) ">
alert("here is your file:\n"+b.document.body.innertext);
</SCRIPT>
<SCRIPT>
I1.navigate("file://c:/");
set Timeout ('I1.navigate("file://c:/") ' ,1000);
</SCRIPT>
------------------------------------------------------------------------------------------------------------------------
<iframe src="C:\"></iframe>
------------------------------------------------------------------------------------------------------------------------
Things were fine, and as some senior members told, that is not possible to view all the contents of the harddrive, I mean it because, at thew maximum, it can be logged, i.e. the out lie info will be logged that too, if the data is totally on the server, but since it is just our peerrsonal computer, there s no such chance, ofcourse there may be, that too with a sensitive programming efforts, but this type of activities is mainly aimed to just cause agitation in the minds of people as something happening in their system with out their knowl;edge or thir data is captured by some one, just to create andcash out this feelings in the minds of people they cause and do all these things.
That' it
wait a sec here... this question coming from the almighty school hacker? the one that took control of the schools e-mail, and web server???
gotta be kidding me.. face it tool, yer a script kiddy that wants to be taken seriously. and it ain't happenin here.
dear goon,
so many corrections so little time well i may as well get on with some of them here
1) it was churba who was boasting about being the "almighty school hacker" as you put it.
2)although you may think that you are god's gift to the world i on the other hand do not think that i know everything.
3) acting tuff by belittling a 15 year old doesn't impress anyone so get over it.
4) to be a script kiddie i believe that you have to ask stupid questions like
"wait a sec here... this question coming from the almighty school hacker? the one that took control of the schools e-mail, and web server???"
and as this is a perfectly valid question the actuall "script kiddie is you now i know that this may be hard to accept seeing as you think that you're teh best thing since jesus but i thought that someone had to point it out to you sooner or later
if you find this to difficlut to read i suggest that you go and get your mommie to read it out to you and explain all of the insults
robo3245:
This is off topic from the thread. However, I feel it warrants mention. Could you _PLEASE_, if not for yourself then for the rest of us, proofread your posts. I realize I'm not the greatest speaker/writter and I can usually deal with mosts posts, but yours are attrocious. The lack of punctuation/misplaced punctuation, the horrible grammar and the spelling mistakes get really annoying. If you want to sound somewhat intelligent it would be in your own best interest to proofread your posts...
Thanks.
thats just for fun to see if g00n would pick up on it and now you've gone and ruined my fun