Download ActiveX.stream from
http://labs.isecpartners.com/HackingExposedWeb20/activex.stream.htm. Depending
on the browser??™s ActiveX security settings, discussed later in this chapter, you may
receive a few warnings before the page will execute. We specifically chose an object that
is not marked safe for scripting so it cannot be invoked unless the browser has enabled
objects not marked safe. If you are using a lab machine, select Yes to execute the ActiveX
page. ActiveX.stream will then perform a few dangerous activities on the system and
browser, which are discussed in the following sections.
Chapter 8: ActiveX Security 211
Executing ActiveX Scripts
The first thing ActiveX.stream will do is create a file on the user??™s operating system using
VB script with the Scripting.FileSystemObject, as shown between the sections in the preceding code. The VB script creates a file called
HackingXposed20.txt in the computer??™s C: drive. The file is a simple text file with the
contents Tastes Like Burning. The file format or content is not important; rather, the fact
that the Active X control allowed you to execute a script is the important thing. The script
allowed you to do the following:
??? Access the operating system
??? Create a ?¬? le on the ?¬? le system
??? Possibly overwrite existing ?¬? les on the operating system
The idea of creating a simple text file may seem harmless enough, but that it can
write a file on the C: drive, it is a dangerous thing.
Pages:
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378