PARTS:
Part 30
Part 31
Part 32
Part 33
Part 34
Part 35
Part 36
Part 37
Part 38
Part 39
Part 40
Part 41
Part 42
Part 43
Part 44
Part 45
Part 46
Part 47
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 669 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

The filename (tgctlins.dll) is in the registry and these
things are typically packaged into .cab files, so the first result searching for tgctlins.cab
gave me http://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab. To test
whether this works, I??™ll build some HTML telling Internet Explorer to download the control
from that URL and install it. I??™ll then load that HTML on a machine that doesn??™t have
the control installed yet. That is all done with one simple change to the tag,
specifying a CODEBASE value pointing to the URL. Here??™s the new HTML:


http://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab >



Figure 15-2 SupportSoft GetHostname example
When I open that onmy test machine, I??™m presented with the IE7 security goldbar to
click through and then the security warning shown in Figure 15-3.
If I can convince the user to click the Install button, IE will download the CAB from
the Adelphia site, install the DLL locally, and reload the page.


Pages:
657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681
The Art of Agile Development (page 56) Absalom's Hair (page 73) Absolute Surrender and Other Addresses (page 6)