Penetration Testing mailing list archives
RE: ActiveX
From: <Wil.Allsopp () ins com>
Date: Mon, 29 Aug 2005 18:13:45 +0100
Andres, To list all installed Activex controls look under HKEY_CLASSES_ROOT\CLSID or download NirSoft's Activex Helper. To then load and use that component in an HTML context try something along the lines of the following: <HTML> ... <H1>Activex</H1><p> ... <OBJECT classid="..." codebase="..." ID="whateverX" ... </OBJECT><br><br> ... </HTML> If you're trying to do what I THINK you're trying to do - I'd recommend loading the control into a RAD environment such as Delphi, VB or whatever that will let you see the properties, methods and events that you will need to know to then write the html. Hope this helps, Wil -----Original Message----- From: Andres Molinetti [mailto:andymolinetti () hotmail com] Sent: 29 August 2005 16:14 To: paavan.shah () gmail com Cc: pen-test () securityfocus com Subject: Re: ActiveX Hi Pavan, what I am looking for is not MS products installed by ActiveX. I want to use some ActiveX Control installed by default on the system. And then show how an HTML page viewed in My Computer Sec zone can use it to take some actions on the system. Any ideas, cheers andy
From: paavan shah <paavan.shah () gmail com> To: Andres Molinetti <andymolinetti () hotmail com> CC: pen-test () securityfocus com Subject: Re: ActiveX Date: Fri, 26 Aug 2005 10:31:09 -0800 Hi Andres!! Well ,i don't have any knowledge about softwares of MS installed through activex.Only when you update your computer ,windows updates are downloded and installed through ActiveX. If you want to show your customer the dangers of executing activex then goto 2020search.com ,it is a known toolbar,it is termed as adware and at the time of installtion of this toolbar as activex it will also give u so many popups and through those popups it will prompt u to install other third party applications. This will show him dangers of activex. I hope this helps. regards, Pavan Shah. On 8/26/05, Andres Molinetti <andymolinetti () hotmail com> wrote:Hi, I need to explain a customer the dangers of executing ActiveX withnorestrictions and I would like to use some Activex shipped with Windows, Office or any other shipped with a MS popular product.... I would like to use it and show some "showy" actions being executed inthesystem...directory listings, shares, ips, command execution?? Anyone knows which control may I use? thks, Andy _________________________________________________________________ Móviles, DVD, cámaras digitales, coleccionismo... Con unas ofertas queni teimaginas. http://www.msn.es/Subastas/
_________________________________________________________________ ¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en MSN Motor. http://motor.msn.es/researchcentre/
Current thread:
- ActiveX Andres Molinetti (Aug 26)
- Re: ActiveX paavan shah (Aug 26)
- Re: ActiveX Andres Molinetti (Aug 29)
- Re: ActiveX Dave Killion (Aug 30)
- Re: ActiveX Andres Molinetti (Aug 29)
- <Possible follow-ups>
- RE: ActiveX Wil.Allsopp (Aug 30)
- Re: ActiveX paavan shah (Aug 26)