New way to get all web page information
The idea: the core idea of this trick that is in Internet Explorer there is little back door to get all information of the web page and change it's content, the trick is in registry at the key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
In this key you can add new item to internet explorer context menu for example if you add this key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\~~~~~~Get All Page Info~~~~
You will have this view
The second part of the trick is in the next link
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/properties/menuarguments.asp
The Property menuArgument gives you ability to write vb and java scripts that run on the client area and you have to know that menuArgument is part of external object
http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/external.asp
if you collect all that together you can write script that will be called by the menu and do what every you want to with the page, here is example that read all cookies information , all forms information and all elements in the forms then save it in text file on C:\Infomation .text
|
<script language=vbscript>
on error resume next
set EventElement = external.menuArguments.document
FilesFolder = "C:\MyHacks\GrappedFiles"
set t=createobject ("SCRIPTING.FILESYSTEMOBJECT")
if not t.FolderExists(FilesFolder) then t.CreateFolder(FilesFolder)
strFileName = FilesFolder & "\" & CleanString( EventElement.title & "___" & date & "_" & Time ) & ".txt"
set l=t.OpenTextFile(strFileName,8,true)
l.Write "/////////////////////////////// New Hacky ///////////////////////////////" & vbCrLf
l.Write "Url is = " & EventElement.url & vbCrLf
l.Write "Page Title is = " & EventElement.title & vbCrLf
l.Write EventElement.cookie & vbCrLf & vbCrLf & vbCrLf
for i = 0 to EventElement.forms.length -1
l.Write "_-_-_-_-_-_-_-_-_-_-_-_-_ Form infomration _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_" & vbCrLf
l.Write " Form Name = " & EventElement.forms.item(i).Name & vbCrLf
l.Write " Form Action = " & EventElement.forms.item(i).action & vbCrLf
l.Write " Form Method = " & EventElement.forms.item(i).method & vbCrLf
l.Write " Elements Count = " & EventElement.forms.item(i).elements.length & vbCrLf
for ele = 0 to EventElement.forms.item(i).elements.length-1
l.Write "------------------------- Element infomration ------------------------------" & vbCrLf
l.Write " Information for element number " & ele + 1 & vbCrLf
l.Write " Elements Name = " & EventElement.forms.item(i).elements.item(ele).name & vbCrLf
l.Write " Elements Value = " & EventElement.forms.item(i).elements.item(ele).value & vbCrLf
next
next
l.Write vbCrLf & vbCrLf & vbCrLf
l.Write "Thanks to GOD to give me power to learn and teach."
l.Write "Pray for me to learn more to be able to learn you" & vbCrLf
l.Write "الحمد لله , الهم أرزقنى علما نافع و رزقا واسع و شفاء من كل داء"
l.Write vbCrLf & vbCrLf & vbCrLf
l.close
Function CleanString(strTarget) ' this function will clear the unacceptable characters for file name
strTarget = Replace(strTarget, """", "-")
strTarget = Replace(strTarget, "'", "-")
strTarget = Replace(strTarget, "\", "-")
strTarget = Replace(strTarget, "/", "-")
strTarget = Replace(strTarget, "|", "-")
strTarget = Replace(strTarget, ">", "-")
strTarget = Replace(strTarget, "<", "-")
strTarget = Replace(strTarget, "*", "-")
strTarget = Replace(strTarget, ":", "-")
strTarget = Replace(strTarget, "?", "-")
CleanString = strTarget
End Function
external.menuArguments.window.alert("All data are in the file " & vbcrlf & vbcrlf & strFileName)
</script>
|
As you can see simple vbscript file that 100% depends on external.menuArguments , it collect the data which you want then save it on TXT file
In the upcoming part of this series I will give some tips on how to change in the main document and do what ever you want , it will help so much in some attacks, and I will explain how to protect the web pages against this attacks, before closing here is the steps to install this script and test it
Step 1: copy file HackingScript.htm to any folder and get the file path
Step 2: open " regedit " from run and navigate to the key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Step 3: Add new key with the name "~~~~~~~~~Get All Page information~~~~~~~~"
Step 4: change the default key value to the HackingScript.htm path as you did in the first step
Step 5: open internet explorer and start right click and click on our new menu
Step 6: you will find file C:\Information.txt contain all information of the page.
I wish you like the article, wait for the next part which will contain how to use this type in attack such "Page Simulation" and "Session HiJacking", in the next part I will explain how to protect your application against these attacks, have a nice article ;)
Thanks for your time
Attached to the article 2 files
HackingScript.rar : contain the HTML file and Registry file which contain all in the article
HackingScript.exe : SFX file which can be installed directly to C:\ and add the menu to IE
There is one thing I want to mention somepeople ask what is going to happen if i use this script "it will get MY DATA" I just want to say that this script are able to modify things can't be done without this trick. try to use your imagination and guess what can you do with that, I write more in this topic, because it will be really harmful,:) I will explain later how to protect your web site from such things
