Vulnerability Development mailing list archives

Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

From: kain () EGOTRIP DK (Knud Erik Højgaard)
Date: Sat, 15 Apr 2000 04:49:37 +0200


more than 3(three) exclamation marks is a sign of insanity. 

so is lousy english. 

removing wscript and cscript links is not a solution. nor is open source.
the whole purpose(IMHO) with these languages is being able to do anything.
open source on this will improve nothing. its like exchanging a command.com
with an 'improved' one, where users cant type del and mkdir etc.
...uuuh..how would you run a server checking all the attachments being sent
? just search for 'malicious' strings ? people made computers. people will
always find a loophole. the things you suggest are impossible. imagine
searching for certain strings in all attachments..uiie..maybe on your 5
user network it would work...AFAIK the place i work have about 900
people...mailing _all_ the time..what kind of server would you use ? or
would you disallow all attachments ? nice solution... search for certain
strings in certain filetypes. untill someone discovers a new neat trick.
..where in windows is the its:// protocol(chm(compiled html) - for reading
help files etc) described? nowhere. how many more of these 'secret' things
are around? noone knows. so your solution is crap. 

thats all...

beer rocks. sun sucks! 

Knud Erik HÃ¸jgaard
l33t h3lpd3sk 4$$munch

At 14:26 11-05-00 -0600, you wrote:

 I have users that are not willing to remove their wscript and cscript
links.:-(

I would like to see any time a *.vbs try to run a pgp checksum is sent to
a PKI or LDAP server to be authenticated.  Any program that fails will be
send to the sysadmin.  This should be easy because most users do not write
there own vb scripts.

I can see two or three ways of doing this.

1.) Simple rename wscript.exe to wscript.obj
  The write a program to be wscript.exe replacement that sends for
authentication.  The send the ole to the wscript.obj.

2.) Has MS open up the source code to wscript and cscript so we can
rewrite are own.

3.) If MS add this themselves.  <---  I do not thing this will happen
because they said it's not our problem, NOT A BUG it is a feature.

 I also would like this to be expandable to all binary!!!!!  If we are
going to stop all virus and worms this is the best way I can think or.



Enjoy,

Richard Rager

Current thread:

Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Knud Erik Højgaard (Apr 14)
- <Possible follow-ups>
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Harmer, Mike (May 12)
  - regarding phrack49's stack smashing tutorial Christian Hammers (May 13)
    - Re: regarding phrack49's stack smashing tutorial Precious Roy (May 13)
    - Re: regarding phrack49's stack smashing tutorial Bluefish (May 13)
    - QPOP2.5* exploit ?? Ryan Sweat (May 14)
    - Re: QPOP2.5* exploit ?? H D Moore (May 14)
    - Re: QPOP2.5* exploit ?? jms (May 13)
    - Napster Fix optik (May 14)
    - Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
    - Re: QPOP2.5* exploit ?? jms (May 14)

(Thread continues...)