Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ActiveX

from [Wil.Allsopp] Network Security [Permanent Link]
Subject: RE: ActiveX
Date: Mon, 29 Aug 2005 18:13:45 +0100 
Andres,

To list all installed Activex controls look under HKEY_CLASSES_ROOT\CLSID or 
download NirSoft's Activex Helper.

To then load and use that component in an HTML context try something along the 
lines of the following:

<HTML> 
... 
<H1>Activex</H1><p> 
... 
<OBJECT 
   classid="..." 
          codebase="..." 
 ID="whateverX" 
... 


</OBJECT><br><br> 
... 
</HTML>

If you're trying to do what I THINK you're trying to do - I'd recommend loading 
the control into a RAD environment such as Delphi, VB or whatever that will let 
you see the properties, methods and events that you will need to know to then 
write the html. 

Hope this helps,

Wil

-----Original Message-----
From: Andres Molinetti [mailto:andymolinetti@hotmail.com] 
Sent: 29 August 2005 16:14
To: paavan.shah@gmail.com
Cc: pen-test@securityfocus.com
Subject: Re: ActiveX

Hi Pavan,

what I am looking for is not MS products installed by ActiveX.
I want to use some ActiveX Control installed by default on the system.

And then show how an HTML page viewed in My Computer Sec zone can use it to 
take some actions on the system.

Any ideas,

cheers

andy



From: paavan shah <paavan.shah@gmail.com>
To: Andres Molinetti <andymolinetti@hotmail.com>
CC: pen-test@securityfocus.com
Subject: Re: ActiveX
Date: Fri, 26 Aug 2005 10:31:09 -0800

Hi Andres!!

Well ,i don't have any knowledge about softwares of MS installed
through activex.Only when you update your computer ,windows updates
are downloded and installed through ActiveX.

If you want to show your customer the dangers of executing activex
then goto 2020search.com ,it is a known toolbar,it is termed as adware
and at the time of installtion of this toolbar as activex it will also
give u so many popups and through those popups it will prompt u to
install other third party applications.

This will show him dangers of activex.

I hope this helps.

regards,
Pavan Shah.

On 8/26/05, Andres Molinetti <andymolinetti@hotmail.com> wrote:

Hi, I need to explain a customer the dangers of executing ActiveX with 

no

restrictions and I would like to use some Activex shipped with Windows,
Office or any other shipped with a MS popular product....

I would like to use it and show some "showy" actions being executed in 

the

system...directory listings, shares, ips, command execution??

Anyone knows which control may I use?

thks,

Andy

_________________________________________________________________
Móviles, DVD, cámaras digitales, coleccionismo... Con unas ofertas que 

ni te

imaginas. http://www.msn.es/Subastas/




_________________________________________________________________
¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en 
MSN Motor. http://motor.msn.es/researchcentre/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ActiveX, Dave Killion
Next by Date:  RE: Where are Windows "Enforce password history" passwords stored?, Tony King
Previous by Thread:  Re: ActiveX, Dave Killion
Next by Thread:  RES: IPS Comparison, Alexandre Cezar
Indexes:  [Date] [Thread] [Top] [All Lists]