RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
I just checked the .NET Configuration tool and it seems that internet zone applications have the right to connect back to the site where the file originated from. So, for instance a file located at www.example.org/blah.exe should be able to connect to www.example.org/upload.php and send data back. I'll probably whip something up to test it later on anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Simpson Sent: Tuesday, June 07, 2005 11:42 AM To: hlds@list.valvesoftware.com Subject: RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications Does the default Internet security settings actually allow for the opening of sockets? Just checking the .net SDK says that you need SocketPermission to open a Socket, and WebPermission to make a HTTP request, and I'm not sure either of those are granted under the Internet permission set. Actually, just checking the .net configuration tool, I don't think either of those are granted by default, but I haven't tested it. It's a bit hard to phish someone's details if there's no way to actually send them to the phisher. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
Does the default Internet security settings actually allow for the opening of sockets? Just checking the .net SDK says that you need SocketPermission to open a Socket, and WebPermission to make a HTTP request, and I'm not sure either of those are granted under the Internet permission set. Actually, just checking the .net configuration tool, I don't think either of those are granted by default, but I haven't tested it. It's a bit hard to phish someone's details if there's no way to actually send them to the phisher. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Hardy Sent: 07 June 2005 14:31 To: hlds@list.valvesoftware.com Subject: RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications Yep, seems like you don't have it installed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PiTaGoRaS Sent: Tuesday, June 07, 2005 8:05 AM To: hlds@list.valvesoftware.com Subject: RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications Hmm If I remember correctly I installed .NET the last time I cleaned my box, but I'm not sure now. It's not available to uninstall on "add and remove programs", so maybe not. I do not see nothing extrange on that page: The following IP address can be given to other people so that they can connect to your home server that is running on a dynamic IP address. The IP address can change from time to time or even when you reboot your machine, so you might need to come back to this page in order to get the current IP address. IP Address = 80.58.*.* Browser = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
Yep, seems like you don't have it installed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PiTaGoRaS Sent: Tuesday, June 07, 2005 8:05 AM To: hlds@list.valvesoftware.com Subject: RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications Hmm If I remember correctly I installed .NET the last time I cleaned my box, but I'm not sure now. It's not available to uninstall on "add and remove programs", so maybe not. I do not see nothing extrange on that page: The following IP address can be given to other people so that they can connect to your home server that is running on a dynamic IP address. The IP address can change from time to time or even when you reboot your machine, so you might need to come back to this page in order to get the current IP address. IP Address = 80.58.*.* Browser = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
Hmm If I remember correctly I installed .NET the last time I cleaned my box, but I'm not sure now. It's not available to uninstall on "add and remove programs", so maybe not. I do not see nothing extrange on that page: The following IP address can be given to other people so that they can connect to your home server that is running on a dynamic IP address. The IP address can change from time to time or even when you reboot your machine, so you might need to come back to this page in order to get the current IP address. IP Address = 80.58.*.* Browser = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) -- PiTaGoRaS On Tue, 7 Jun 2005 07:25:01 -0500, Brandon Hardy wrote: > Do you have the .NET 1.1 framework installed? An easy way to check > is to go to http://www.ventrilo.com/myip.php using IE. If you see > something that says something along the lines of ".NET CLR > 1.1.4322" then you would have it installed. I'm using a clean > install of windows with default settings and it launched for me, > several others have tried it as well and it has launched. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of PiTaGoRaS > Sent: Tuesday, June 07, 2005 5:50 AM To: hlds@list.valvesoftware.com > Subject: Re: [hlds] HL/HL2 HTML Motd Allows Execution of .NET > Applications > > Well, I've tried now and an IE download dialog appears asking me if > I want to open "test.exe", so maybe you do have your internet > security perms too low :? > > P.S. I'm using Windows XP SP2. > > -- > PiTaGoRaS > > > On Mon, 6 Jun 2005 20:56:35 -0500, Brandon Hardy wrote: >> 64.92.174.226:27015 > > > ___ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > ___ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
Do you have the .NET 1.1 framework installed? An easy way to check is to go to http://www.ventrilo.com/myip.php using IE. If you see something that says something along the lines of ".NET CLR 1.1.4322" then you would have it installed. I'm using a clean install of windows with default settings and it launched for me, several others have tried it as well and it has launched. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PiTaGoRaS Sent: Tuesday, June 07, 2005 5:50 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications Well, I've tried now and an IE download dialog appears asking me if I want to open "test.exe", so maybe you do have your internet security perms too low :? P.S. I'm using Windows XP SP2. -- PiTaGoRaS On Mon, 6 Jun 2005 20:56:35 -0500, Brandon Hardy wrote: > 64.92.174.226:27015 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
Well, I've tried now and an IE download dialog appears asking me if I want to open "test.exe", so maybe you do have your internet security perms too low :? P.S. I'm using Windows XP SP2. -- PiTaGoRaS On Mon, 6 Jun 2005 20:56:35 -0500, Brandon Hardy wrote: > 64.92.174.226:27015 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] HL/HL2 HTML Motd Allows Execution of .NET Applications
This is a concerning sideproduct of embedding IE, alhtough I would be just as worried about ma_cexec_all and console code, as it's probably just as easy to find exploits there and execute them that way. On another more important note though -- is there any way to restrict remote command execution? Gamers are rapidly becoming more popular targets for Zombie armies as they often have powerful machines and fast internet connections, we should all be vigilant. On 6/7/05, Brandon Hardy <[EMAIL PROTECTED]> wrote: > This is a multi-part message in MIME format. > -- > [ Picked text/plain from multipart/alternative ] > There's happens to be a "feature" in IE that allows .NET application to > launch from the browser without any user intervention, since HL uses the > Internet Explorer control to render HTML it is affected by this as well. > Applications that are launched using this method are run within a secure > sandbox to prevent access to the system, and other security risks. The > biggest problem that I can imagine is that someone could possibly create an > application that looks identical to the steam login screen and use it as a > way of phishing accounts. > > > > I have temporarily set up a server at 64.92.174.226:27015 to demonstrate > this. If you connect and have .NET 1.1 installed the application located at > http://64.92.174.226/hl/test.exe (which is totally harmless) should launch. > > -- > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
