Vulnerability Development mailing list archives
Re: .com
From: "Enrique A. Sanchez Montellano" <enrique.sanchez () defcom com>
Date: Wed, 03 Oct 2001 13:23:54 +0200
you can rename a .exe to anything catch is ... it has to be piped trought cmd.exe, but then ... forcedos is present aint it fun?
and yes in the paranoic mode of putting IIS guess what .. they always forget to take out that one, so forcedos is there and you can just pipe stuff in there =)
Enrique dullien () gmx de wrote:
Hey Pauli, somehow we're replicating our work ;) PO> dunno if this has already occurred in people's mind but PO> as there is the nice similarity between the ancient .com PO> executable file extension and the tld .com ignorant PO> clients could be fooled by sending executables that PO> are named after popular .com www-sites. clear enough?-) Yes, and most funnily: You don't need to actually have a .com file in there - The operating system checks for the MZ/ZM signature, and then hands the file over to the .EXE handler if present. Therefore you can just rename any .EXE file .com and it will properly execute. Cheers, Thomas