Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Nó là an toàn để giả định rằng các chương trình C liên kết tĩnh là liên kết chống lại các thư viện C tĩnh. để Đầu tiên, những kẻ tấn công sao chép DLL tấn công của họ vào thư mục mà công cụ này sẽ được chạy. Hãy nhớ rằng những kẻ tấn công đã được cấpđược mã hoá để làm | Chapter 15 Client-Side Browser Exploits 375 the object from a script. This control s ProgID is SPRT.Install.1. The .1 at the end is a kind of version number that can be omitted if there is only one SPRT.Install registered on the system. TIP ActiveX controls are sometimes implemented with DLLs as you see here. However more often the file extension of the object code is .ocx. An OCX can be treated just like a DLL for our purposes. There s one last trick you need to know before attempting to instantiate this control to see if we can RebootMachine or RunCmd . If you create HTML and run it locally it will load in the Local Machine zone. Remember from earlier that the rules governing the Local Machine zone are different from the rules in the Internet zone where attackers live. We could build this ActiveX control test in the LMZ but if we were to find the control to be vulnerable and report that vulnerability to the vendor they would want to know whether it can be reproduced in the more restrictive Internet zone. So we have two options. First we could do all our testing on a web server that is in the Internet zone. Or second we can just tell IE to load this page in the Internet zone even though it really lives on the local machine. The trick to push a page load into a more restrictive zone is called Mark of the Web MOTW . It only goes one direction. You can t place the Mark of the Web on a page in the Internet zone telling IE to load it in the Local Machine zone but you can go the other way You can read more about the Mark of the Web by following the link in the Reference section later. For now just type exactly what I have in the first line of the following HTML anytime you want to force a page to load in the Internet zone PART IV -- saved from url 0014 about internet -- html body object id a classid clsid 01010200-5e80-11d8-9e86-0007e96c65ae object script function testing var b a.GetHostname alert b script input type button onClick testing value Test SupportSoft body .