[HaBo]
| (In)security allgemein Sicherheit, Anonymität im Netz. Schutz und Maßnahmen. Prävention und Konzepte. Sicherheitsarchitekturen allgemein und auf der Netzwerkebene. |
HTML + Java Script bei Netbios-Sesion im TCPstream
Diskussion: HTML + Java Script bei Netbios-Sesion im TCPstream im Forum (In)security allgemein, in der Kategorie Security Area; Anzeige ich hab einfach mal den TCPstream von meinem PC und einem aus meinem Netzwerk gesniffed und bin auf folgendes ...
 |
05.12.04, 12:09
| #1 (permalink) |
| Registriert seit: 28.02.04  Likes: 0 |  HTML + Java Script bei Netbios-Sesion im TCPstream Anzeige ich hab einfach mal den TCPstream von meinem PC und einem aus meinem Netzwerk gesniffed und bin auf folgendes gestossen. Ich hab mich einfach auf dem PC 2 eingloggt als Admin und hab mir ne datei gesaugt. Sonst sah der Stream nicht sehr interessant aus bis:Beides Win2k Prof pcs Server 196.0.0.2:139 on 14:18:19.038: V{ SMB. @V; @V<!-- Code: * Copyright 1999 Microsoft Corporation. All rights reserved.
-->
<html>
<link rel=stylesheet href="%TEMPLATEDIR%\webview.css" title="Windows">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<base href="%THISDIRPATH%\">
</head>
<!--
<script language="JavaScript" src="%TEMPLATEDIR%\WebView.js">
-->
<script language="JavaScript">
// THIS SCRIPT IS COMMON FOR ALL CUSTOM WEB VIEWS
var L_Prompt_Text = "Markieren Sie ein Objekt, um seine Beschreibung anzuzeigen.";
var L_Empty_Text = "Der Ordner enth lt keine Objekte, die angezeigt werden k nnen.";
var L_Multiple_Text = " Objekte markiert.";
var L_Size_Text = "Gr e: ";
var L_FileSize_Text = "Gesamtdateigr e: ";
var L_Delimiter_Text = ",";
var L_Bytes_Text = " Bytes";
var L_Today_Text = "Heute um";
var L_Yesterday_Text = "Gestern um";
var L_Preview_Text = "Erstellen der Vorschau...";
var L_TotalSize_Text = "Kapazit t: ";
var L_UsedSpace_Text = "Belegt: ";
var L_FreeSpace_Text = "Frei: ";
var L_Attributes_Text = "Attribute";
var L_Codes_Text = "RHSaCE"; // suppress the Archive flag
var L_ReadOnly_Text = "Schreibgesch tzt";
var L_Hidden_Text = "Versteckt";
var L_System_Text = "System";
var L_Archive_Text = "Archiv";
var L_Compressed_Text = "Komprimiert";
var L_Encrypted_Text = "Verschl sselt";
var L_NoAttributes_Text = "(Normal)";
var gAttributeNames = new Array(L_ReadOnly_Text, L_Hidden_Text, L_System_Text, L_Archive_Text, L_Compressed_Text, L_Encrypted_Text);
var gIntroText = "";
var gTimer = 0;
var gWantMedia = true; // cool, but may hinder media file manipulation
var gDoBlends = false && (navigator.cpuClass != "Alpha" && screen.colorDepth > 8);
var gToday;
var gYesterday;
var gFolder;
var gFolderPath = "";
var gFoundAuthor = false;
function FormatDetail(label, data) {
var s;
if (label.length + data.length > 32)
s = "<p>" + label + ":<br>" + data;
else
s = "<p>" + label + ": " + data;
return s;
}
function SanatizeString(data) {
var re = /\</g;
var s = data.replace( re, "<");
re = />/g;
s = s.replace( re, ">");
return s;
}
function ShowInfo() {
// updates the left info panel when you select icons
var item;
var name;
var data;
var text;
var title;
var size = 0;
var i;
if (gDoBlends) {
Panel.filters.blendTrans.Stop();
Panel.filters.blendTrans.Apply();
}
// kill any preview
Preview.innerHTML = "";
Preview.style.display = "none";
Thumbnail.style.height = 120;
Thumbnail.style.display = "none";
data = FileList.SelectedItems().Count;
if (data == 0)
text = NoneSelected();
else if (data > 1)
text = ManySelected(data);
else {
item = FileList.SelectedItems().Item(0);
// name
name = FileList.Folder.GetDetailsOf(item, 0);
if (!name)
name = item.Name;
text = "<b>" + SanatizeString(name) + "</b>";
if (false && IsFileLocked(FileList.Folder.GetDetailsOf(item, 4)))
text += " <img id=Locked src='res://webview.dll/Locked.gif'>";
// type
data = FileList.Folder.GetDetailsOf(item, 2);
if (data)
text += "<br>" + data;
// date
text += HandleDate(item);
// size
text += HandleSize(item);
// extra details?
gFoundAuthor = false;
for (i = 4; i < 10; i++) {
title = FileList.Folder.GetDetailsOf(null, i);
if (!title)
break;
data = FileList.Folder.GetDetailsOf(item, i);
if (title == L_Attributes_Text)
text += "<p>" + title + ": " + FormatAttributes(data);
else if (data) {
var safeData = SanatizeString(data);
if (title == "Author") {
gFoundAuthor = true;
text += "<p>" + title + ": <a href='mailto:" + safeData + "'>" + safeData + "</a>";
} else
text += FormatDetail(title, safeData);
}
}
// try to generate a new thumbnail or media preview
if (item.Size)
if (Thumbnail.displayFile(item.Path))
gTimer = window.setTimeout('Preview.innerHTML = "<br>" + L_Preview_Text; Preview.style.display = ""', 1000);
else if (gWantMedia) {
ext = GetFileExtension(item.Path);
if (IsMovieFile(ext))
{
Preview.innerHTML = '<p>' +
'<object ID=MediaPlayer class=Movie classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95">' +
'<param name="ShowDisplay" value=false>'+
'<param name="AutoPlay" value="false">' +
'</object>';
MediaPlayer.EnableContextMenu = false;
MediaPlayer.Open(item.Path);
}
else if (IsSoundFile(ext))
{
Preview.innerHTML = '<p>' +
'<object ID=MediaPlayer class=Sound classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95">' +
'<param name="ShowDisplay" value="false">'+
'<param name="AutoPlay" value="false">' +
'</object>';
MediaPlayer.EnableContextMenu = false;
MediaPlayer.Open(item.Path);
}
if (Preview.innerHTML != "")
Preview.style.display = "";
}
}
// replace Info with the new text
Info.innerHTML = text;
if (gDoBlends)
Panel.filters.blendTrans.Play();
}
function FormatNumber(n) {
var s = "";
var i, j = 0;
for (i = n.length - 1; i >= 0; i--) {
s = n.charAt(i) + s;
if (i && ((++j % 3) == 0))
s = L_Delimiter_Text + s;
}
return s;
}
function HandleSize(item) {
var s = "";
var size = item.Size;
if (size && size < 1000)
s = "<p>" + L_Size_Text + size + L_Bytes_Text;
else {
var data = FileList.Folder.GetDetailsOf(item, 1);
if (data)
s = "<p>" + FileList.Folder.GetDetailsOf(null, 1) + ": " + data;
else if (size)
s = "<p>" + L_Size_Text + FormatNumber(size.toString()) + L_Bytes_Text;
}
return s;
}
function HandleDate(item) {
var s = "";
var data = FileList.Folder.GetDetailsOf(item, 3);
if (data)
s = "<p>" + FileList.Folder.GetDetailsOf(null, 3) + ": " + data;
return s;
}
function FormatAttributes(data) {
var s = "";
var code;
for (i = 0; i < L_Codes_Text.length; i++) {
code = L_Codes_Text.charAt(i);
if (data.indexOf(code) > -1) {
if (s)
s += ", ";
s += gAttributeNames[i];
}
}
if (!s)
s = L_NoAttributes_Text;
return s;
}
function FormatComment(data) {
var s = "";
if (data) {
data = SanatizeString( data );
var start;
var end;
var theLink;
var a = data.split("\n");
var L_Author_Text = "Autor";
// look for a contact
for (var i in a) {
start = a[i].indexOf(L_Author_Text);
if (start < 0)
continue;
if (gFoundAuthor) // already in Details column
a[i] = "";
else {
start += L_Author_Text.length;
end = a[i].length;
theLink = data.substring(start, end);
a[i] = L_Author_Text + "<a href='mailto:" + theLink + "'>" + theLink + "</a>";
}
}
// parse lines for Office files without breaking links below
data = a.join("<br>\n");
// look for embedded links
start = data.indexOf("http://");
if (start < 0)
start = data.indexOf("file://");
if (start < 0)
s += data;
else {
end = data.indexOf(" ", start);
if (end < 0)
end = data.length;
if (start > 0)
s += data.substring(0, start - 1);
theLink = data.substring(start, end);
s += theLink.link(theLink);
if (end < data.length)
s += data.substring(end + 1, data.length);
}
}
return s;
}
function HandleComment(item) {
var s = "";
var data = FileList.Folder.GetDetailsOf(item, -1);
if (data && data != item.Name)
s = "<p>" + FormatComment(data);
return s;
}
function GetFileExtension(name) {
var ext = name.substring(name.lastIndexOf(".") + 1, name.length);
return ext.toLowerCase();
}
function IsMovieFile(ext) {
var types = ",asf,avi,m1v,mov,mp2,mpa,mpe,mpeg,mpg,mpv2,qt,asx,";
var temp = ","+ext+",";
return types.indexOf(temp) > -1;
}
function IsSoundFile(ext) {
var types = ",aif,aiff,au,mid,midi,rmi,snd,wav,mp3,m3u,";
var temp = ","+ext+",";
return types.indexOf(temp) > -1;
}
function IsFileLocked(name) {
return (name.indexOf(L_Codes_Text.charAt(0)) > -1);
}
function NoneSelected() {
var s = gIntroText + (FileList.Folder.Items().Count ? L_Prompt_Text : L_Empty_Text);
if (false || gFolderPath.length == 4) { // true allows all subfolders to show the pie chart
drive = gFolderPath.substring(0, 3);
if (Thumbnail.displayFile(drive)) {
if (gFolderPath.length == 4)
s += "<p><br>" + L_TotalSize_Text + Thumbnail.totalSpace + "<p>";
else
s += "<p><br>" + drive.link(drive) + "<p><p>" + L_TotalSize_Text + Thumbnail.totalSpace;
s += "<p><table class=Legend width=12 height=12 border=1 align=left bgcolor=threedface bordercolordark=black bordercolorlight=black><tr><td></td></tr></table> " + L_UsedSpace_Text + Thumbnail.usedSpace;
s += "<p><table class=Legend width=12 height=12 border=1 align=left bgcolor=threedhighlight width=12 height=12 border=1 align=left bordercolordark=black bordercolorlight=black><tr><td></td></tr></table> " + L_FreeSpace_Text + Thumbnail.freeSpace;
Thumbnail.style.height = 60;
Thumbnail.style.display = "";
}
}
return s;
}
function ManySelected(items) {
var s = items + L_Multiple_Text + "<p>";
var size = 0;
if (items <= 100) {
for (var i = 0; i < items; i++)
size += FileList.SelectedItems().Item(i).Size;
if (size)
s += L_FileSize_Text + FormatNumber(size.toString()) + L_Bytes_Text + "<p>";
if (items <= 16)
for (i = 0; i < items; i++)
s += SanatizeString(FileList.SelectedItems().Item(i).Name) + "<br>";
}
return s;
}
// EVENTS
function Resize() {
if (document.body.clientWidth < Panel.style.pixelWidth * 2) {
Panel.style.visibility = "hidden";
FileList.style.pixelLeft = 0;
} else {
Panel.style.visibility = "visible";
FileList.style.pixelLeft = Panel.style.pixelWidth;
}
FileList.style.pixelWidth = document.body.clientWidth - FileList.style.pixelLeft;
FileList.style.pixelHeight = document.body.clientHeight;
}
function ThumbnailReady() {
window.clearTimeout(gTimer);
Preview.innerHTML = "";
Preview.style.display = "none";
if (Thumbnail.haveThumbnail())
Thumbnail.style.display = "";
}
// INITIALIZATION
function Initialize(introText) {
gIntroText = introText;
gFolder = FileList.Folder;
gShowFiles = !gFolder.HaveToShowWebViewBarricade;
gFolderPath = Info.innerHTML;
Thumbnail.style.display = "none";
Info.innerHTML = NoneSelected();
// fix styles
var L_SystemFont1_Text = "MS Sans Serif";
var L_SystemFont2_Text = "MS Shell Dlg";
var L_SystemFont_Text = "Tahoma, Verdana";
var tr = document.body.createTextRange();
if (navigator.cpuClass != "Alpha") {
tr.collapse();
var actualFont = tr.queryCommandValue("FontName");
if (actualFont == L_SystemFont1_Text || actualFont == L_SystemFont2_Text)
document.body.style.fontFamily = L_SystemFont_Text;
} else
document.body.style.fontFamily = L_SystemFont_Text;
// init relative dates
gToday = new Date();
gToday = gToday.toLocaleString();
gToday = gToday.substring(0, gToday.indexOf(' '));
gYesterday = new Date(Date.parse(gToday) - (1000 * 60 * 60 * 24));
gYesterday = gYesterday.toLocaleString();
gYesterday = gYesterday.substring(0, gYesterday.indexOf(' '));
// call our Resize() function whenever the window gets resized
window.onresize = Resize;
}
function OnWebviewLinkEnter( aLink )
{
if( aLink.title )
{
window.status = aLink.title;
}
else
{
window.status = "";
}
return true;
}
function OnWebviewLinkExit()
{
window.status = "";
return false;
}
</script>
<script language="JavaScript">
var L_Intro_Text = "Dieser Ordner enth lt Dateien, die f r die ordnungsgem e Ausf hrung des Systems erforderlich sind. Der Inhalt sollte nicht ver ndert werden.<p>Um Programme zu verwalten, ffnen Sie in der Systemsteuerung den Ordner <a href='JavaScript:onClick=Manage()' name='WVLink'>Software</a>.<br><br>";
var L_Barricade_Text = "Um den Inhalt des Ordners anzuzeigen, klicken Sie auf <a id=ShowFiles href='' onClick='ShowFiles(); FileList.Folder.DismissedWebViewBarricade(); FileList.focus(); return false;' name='WVLink'>Dateien anzeigen</a>";
var gShowFiles = false;
function ResizeBarricade() {
if (gShowFiles)
Resize();
else {
if (document.body.clientWidth < Panel.style.pixelWidth + 314) {
Brand.style.top = 0;
Brand.style.left = 0;
Brand.style.width = document.body.clientWidth >= 0 ? document.body.clientWidth : 0;
Brand.style.height = document.body.clientHeight >= 0 ? document.body.clientHeight : 0;
Brand.innerHTML = "<p>" + L_Intro_Text + L_Barricade_Text;
} else {
Brand.style.top = 0;
Brand.style.left = Panel.style.pixelWidth;
Brand.style.width = document.body.clientWidth - Panel.style.pixelWidth;
Brand.style.height = document.body.clientHeight;
Brand.innerHTML = "";
Panel.style.visibility = "visible";
}
Brand.style.display = "";
}
}
function Manage() {
FileList.Folder.Application.ControlPanelItem("appwiz.cpl");
}
function ShowFiles() {
gShowFiles = true;
Info.innerHTML = L_Intro_Text + L_Prompt_Text;
window.setTimeout("Resize()", 0);
FileList.style.display = "";
Brand.style.display = "none";
}
function Load() {
Initialize(L_Intro_Text);
Info.innerHTML = L_Intro_Text + L_Barricade_Text;
window.onresize = ResizeBarricade;
ResizeBarricade();
if (gShowFiles)
{
ShowFiles();
}
}
</script>
<script language="JavaScript" for="Thumbnail" event="OnThumbnailReady">
ThumbnailReady();
</script>
<script language="JavaScript" for="FileList" event="SelectionChanged">
if (!gShowFiles && (FileList.SelectedItems().Count > 0))
{
ShowFiles();
}
if (gShowFiles)
{
window.clearTimeout(gTimer);
gTimer = window.setTimeout("ShowInfo()", gDoBlends ? 500 : 0); // need actual double-click time
}
</script>
<script language="JavaScript">
function OnVerbInvoked()
{
if (Preview.innerHTML != "")
{
MediaPlayer.Stop();
}
}
</script>
<script language="JavaScript" for="FileList" event="VerbInvoked">
// If the user immediately double-clicks the file, we would get
// a selection changed event immediately followed by the VerbInvoked
// event and we would not have had enough time to create the MediaPlayer
// in the SelectionChanged event handler. So, we delay handling this
// event a little bit
window.setTimeout("OnVerbInvoked()", 500);
</script>
<script language="JavaScript" for="WVLink" event="onmouseover">
return OnWebviewLinkEnter( this );
</script>
<script language="JavaScript" for="WVLink" event="onfocus">
return OnWebviewLinkEnter( this );
</script>
<script language="JavaScript" for="WVLink" event="onmouseout">
return OnWebviewLinkExit();
</script>
<script language="JavaScript" for="WVLink" event="onblur">
return OnWebviewLinkExit();
</script>
<body scroll=no onload=Load()>
<div id=Panel style="background: white URL(file://%TEMPLATEDIR%/wvleft.bmp) no-repeat">
<div id=Corner>
<object id=FolderIcon classid="clsid:844F4806-E8A8-11d2-9652-00C04FC30871" tabIndex=-1>
<param name="scale" value=100>
</object>
<br>
<div id=FolderName>
%THISDIRNAME%
</div>
</div>
<img id=LogoLine src="%TEMPLATEDIR%\wvline.gif">
<div id=Details>
<span id=Info>
%THISDIRPATH%
</span>
<div id=Preview style="display: none">
</div>
<br>
<object id=Thumbnail classid="clsid:71650000-E8A8-11d2-9652-00C04FC30871" tabIndex=-1>
</object>
<label id=ThumbnailLabel for="Thumbnail" style="display: none">
</label>
</div>
</div>
<object id=FileList classid="clsid:1820FED0-473E-11D0-A96C-00C04FD705A2" style="position:absolute; width:1px; height:1px;" tabIndex=1>
</object>
<!-- this is a Windows graphic that covers up the files -->
<div id=Brand style="background: white URL(file://%TEMPLATEDIR%\wvlogo.gif) no-repeat right bottom; display: none">
</div>
</body>
</html> lol was haben wir den hier Programmierer Smalltalk? Code: <script language="JavaScript" for="FileList" event="VerbInvoked">
// If the user immediately double-clicks the file, we would get
// a selection changed event immediately followed by the VerbInvoked
// event and we would not have had enough time to create the MediaPlayer
// in the SelectionChanged event handler. So, we delay handling this
// event a little bit window.setTimeout("OnVerbInvoked()", 500);
</script> Code: var gWantMedia = true; // cool, but may hinder media file manipulation  Hey hey ned soviele Antworten auf einmal!  Wo sind die super spezial 31337 IT-|\|3tzw3rk 4dm!n5? |
|  |
|
09.01.05, 06:51
| #2 (permalink) |
| Registriert seit: 01.01.04 Likes: 0 |  Du das is die Vorschau. Wenn du jetzt auf eine Datei Klickst zeigt er ja Links an was das für ne Datei is oder er zeigt z.B. eine Vorschau mit dem Windows Mediaplayer an. Indem moment wo du bei deinem Kumpel irgend eine Datei Angeklickt hast hast du auch beim Sniffen eben deine vorschau Links mitbekommen. Is nix wildes mfg Joel |
|
| |
|
| - Anzeige - | |
|
[HaBo] » Security Area » (In)security allgemein » HTML + Java Script bei Netbios-Sesion im TCPstream
| Themen-Optionen | |
| Ansicht | |
Linear-Darstellung
| |
Ähnliche Themen | ||||
| Thema | Autor | Forum | Antworten | Letzter Beitrag |
| java script | BigEarl | (Web-) Design und webbasierte Sprachen | 3 | 24.02.07 21:04 |
| VBS: (Script-)Pfad der HTML-Datei ermitteln | Revenant | Code Kitchen | 0 | 29.04.06 13:41 |
| Java Script | THRALL | Code Kitchen | 2 | 10.06.05 09:20 |
| Gibt es ein HTml Upload script | BlackHack | (Web-) Design und webbasierte Sprachen | 5 | 22.05.05 18:20 |
| Java-Script | |V|r.Fa4 | (Web-) Design und webbasierte Sprachen | 4 | 26.12.04 11:15 |
Alle Zeitangaben in WEZ +2. Es ist jetzt 05:31 Uhr.
vBulletin® v3.8.7, Copyright ©2000-2012, vBulletin Solutions, Inc.
vBulletin® v3.8.7, Copyright ©2000-2012, vBulletin Solutions, Inc.
