|
Vulnerability Development
mailing list archives
Re: .com
From: "Enrique A. Sanchez Montellano" <enrique.sanchez () defcom com>
Date: Wed, 03 Oct 2001 13:23:54 +0200
you can rename a .exe to anything catch is ... it has to be piped
trought cmd.exe, but then ... forcedos is present aint it fun?
and yes in the paranoic mode of putting IIS guess what .. they always
forget to take out that one, so forcedos is there and you can just pipe
stuff in there =)
Enrique
dullien () gmx de wrote:
Hey Pauli,
somehow we're replicating our work ;)
PO> dunno if this has already occurred in people's mind but
PO> as there is the nice similarity between the ancient .com
PO> executable file extension and the tld .com ignorant
PO> clients could be fooled by sending executables that
PO> are named after popular .com www-sites. clear enough?-)
Yes, and most funnily: You don't need to actually have a .com file
in there - The operating system checks for the MZ/ZM signature,
and then hands the file over to the .EXE handler if present. Therefore
you can just rename any .EXE file .com and it will properly execute.
Cheers,
Thomas
 By Date 
By Thread
Current thread:
- .com Pauli Ojanperä (Oct 02)
- Re: .com Nexus (Oct 02)
- Re: .com dullien (Oct 02)
- Re: .com Enrique A. Sanchez Montellano (Oct 03)
|
Intro
