Click here to Skip to main content
15,350,244 members
Articles / Web Development / HTML
Article
Posted 30 Jun 2006

Stats

29.5K views
13 bookmarked

Attacks using external.menuArgument

Rate me:
Please Sign up or sign in to vote.
1.29/5 (18 votes)
24 Aug 20065 min read
external.menuArgument is very useful property but it can be used as a tool to help hacker to get quick information about your page and application

New way to get all web page information<o:p>

The idea:  the core idea of this trick that is in Internet Explorer there is little back door to get all information of the web page and change it's content, the trick is in registry  at the key <o:p>

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\<o:p>

 

In this key you can add new item to internet explorer context menu for example if you add this key <o:p>

<o:p> 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\~~~~~~Get All Page Info~~~~

<o:p>

You will have this view 

Sample screenshot

 

The second part of the trick is in the next link <o:p>

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/properties/menuarguments.asp <o:p>

<o:p> 

The Property menuArgument gives you ability to write vb and java scripts that run on the client area and you have to know that menuArgument is part of external object <o:p>

http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/external.asp<o:p>

<o:p> 

if you collect all that together you can write script that will be called by the menu and do what every you want to with the page, here is example that read all cookies information , all forms information and all elements in the forms then save it in text file on C:\Infomation .text<o:p>

<o:p> 

<script language=vbscript>
on error resume next
    set EventElement = external.menuArguments.document
    FilesFolder = "C:\MyHacks\GrappedFiles"
    set t=createobject ("SCRIPTING.FILESYSTEMOBJECT")
    if not t.FolderExists(FilesFolder) then t.CreateFolder(FilesFolder)
    strFileName = FilesFolder & "\" & CleanString( EventElement.title & "___"  & date & "_" & Time ) & ".txt"
    set l=t.OpenTextFile(strFileName,8,true)
   
    l.Write "/////////////////////////////// New Hacky ///////////////////////////////"  & vbCrLf
    l.Write "Url is = " & EventElement.url & vbCrLf
    l.Write "Page Title is = " & EventElement.title & vbCrLf
    l.Write  EventElement.cookie & vbCrLf  & vbCrLf  & vbCrLf

   

for i = 0 to EventElement.forms.length -1
    l.Write "_-_-_-_-_-_-_-_-_-_-_-_-_ Form infomration _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_" & vbCrLf
          l.Write " Form Name = " & EventElement.forms.item(i).Name & vbCrLf
          l.Write " Form Action = " & EventElement.forms.item(i).action & vbCrLf
          l.Write " Form Method = " & EventElement.forms.item(i).method & vbCrLf
          l.Write " Elements Count = " & EventElement.forms.item(i).elements.length & vbCrLf
   for ele = 0 to EventElement.forms.item(i).elements.length-1
          l.Write "------------------------- Element infomration ------------------------------" &  vbCrLf
          l.Write " Information for element number " & ele + 1 & vbCrLf
          l.Write " Elements Name = " & EventElement.forms.item(i).elements.item(ele).name & vbCrLf
          l.Write " Elements Value = " & EventElement.forms.item(i).elements.item(ele).value & vbCrLf
   next
next
          l.Write vbCrLf & vbCrLf  & vbCrLf
          l.Write "Thanks to GOD to give me power to learn and teach."
          l.Write "Pray for me to learn more to be able to learn you" & vbCrLf
          l.Write "الحمد لله , الهم أرزقنى علما نافع و رزقا واسع و شفاء من كل داء"
          l.Write vbCrLf & vbCrLf  & vbCrLf 
    l.close
Function CleanString(strTarget) ' this function will clear the unacceptable characters for file name
 strTarget = Replace(strTarget, """", "-")
 strTarget = Replace(strTarget, "'", "-")
 strTarget = Replace(strTarget, "\", "-")
 strTarget = Replace(strTarget, "/", "-")
 strTarget = Replace(strTarget, "|", "-")
 strTarget = Replace(strTarget, ">", "-")
 strTarget = Replace(strTarget, "<", "-")
 strTarget = Replace(strTarget, "*", "-")
 strTarget = Replace(strTarget, ":", "-")
 strTarget = Replace(strTarget, "?", "-")
 CleanString = strTarget
End Function
external.menuArguments.window.alert("All data are in the file " & vbcrlf & vbcrlf & strFileName)
</script>

<o:p>

<o:p> 

As you can see simple vbscript file that 100% depends on external.menuArguments , it collect the data which you want then save it on TXT file<o:p>

<o:p> 

In the upcoming part of this series I will give some tips on how to change in the main document and do what ever you want , it will help so much in some attacks, and I will explain how to protect the web pages against this attacks, before closing here is the steps to install this script and test it<o:p>

<o:p> 

Step 1: copy file HackingScript.htm to any folder and get the file path<o:p>

Step 2: open " regedit " from run and navigate to the key<o:p>

 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\<o:p>

Step 3: Add new key with the name "~~~~~~~~~Get All Page information~~~~~~~~"<o:p>

Step 4: change the default key value to the HackingScript.htm path as you did in the first step<o:p>

Step 5: open internet explorer and start right click and click on our new menu  <o:p>

Step 6: you will find file C:\Information.txt contain all information of the page.<o:p>

<o:p> 

I wish you like the article, wait for the next part which will contain how to use this type in attack such "Page Simulation" and "Session HiJacking", in the next part I will explain how to protect your application against these attacks, have a nice article ;)<o:p>

<o:p> 

Thanks for your time<o:p>

<o:p> 

<o:p> 

Attached to the article 2 files<o:p>

HackingScript.rar :  contain the HTML file and Registry file which contain all in the article<o:p>

HackingScript.exe : SFX file which can be installed directly to C:\ and add the menu to IE<o:p>

 

There is one thing I want to mention somepeople ask what is going to happen if i use this script "it will get MY DATA" I just want to say that this script are able to modify things can't be done without this trick. try to use your imagination and guess what can you do with that, I write more in this topic, because it will be really harmful,:) I will explain later how to protect your web site from such things

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

AhmedEssamNaiem
Web Developer
Egypt Egypt
Ahmed Essam, Software Developer for Imaginet software ( http://www.imaginet-software.com ), working on developing mobile application, also work for while as web developer, and wrote Arabic book for ASP.NET 2.0 in Arabic for Arabian Developer, you can get the book from

http://www.arabteam2000.com, Moderator at http://www.vc4arab.com

waiting for your comments and votes Smile | :)

Comments and Discussions

 
GeneralMy vote of 1 Pin
perilbrain14-Apr-12 20:06
Memberperilbrain14-Apr-12 20:06 
GeneralMy vote of 3 Pin
ScruffR22-Dec-10 11:04
MemberScruffR22-Dec-10 11:04 
QuestionHas there ever been a followup article? Pin
ScruffR22-Dec-10 11:02
MemberScruffR22-Dec-10 11:02 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.