Testing some different protocols...

[img]http://tinyurl.com/28esr3[/img] [img]http://tinyurl.com/28tf8k[/img] [img]http://tinyurl.com/2ho8yu[/img] [img]http://tinyurl.com/24fzsf[/img]

[img]http://tinyurl.com/28m5hs[/img] [img]http://tinyurl.com/2e98qn[/img]

Been done before, still annoying

my computer is slow as hell and you made it crash opening outlook along with the other progs i already had open :angry: end3r

end3r wrote: my computer is slow as hell and you made it crash opening outlook along with the other progs i already had open :angry: end3r

lmao!! well done you have found out how to crash end3rs computer along with everyone here who has a old pc

:S nothing opened for me…

mozzer wrote: Been done before, still annoying

I know that it's been done with irc protocol and telnet protocol before, just wanted to try out a few more :p

I'm intrigued.

I figured out the 'enter user and pass to login' pop up that went around a few weeks ago. Someone just used the image tag to link to an image that was forbidden on some server.

But this is using some outlook protocol and a bunch of other shit i can't figure out. i went to the tinyurl address, but nothing is there. it just fires the protocal upon arrival with no source… i was expecting some javascript window.location="outlook:action" but huh…

anybody want to pm a hint on this one? :D

DigitalFire wrote: I'm intrigued.

I figured out the 'enter user and pass to login' pop up that went around a few weeks ago. Someone just used the image tag to link to an image that was forbidden on some server.

But this is using some outlook protocol and a bunch of other shit i can't figure out. i went to the tinyurl address, but nothing is there. it just fires the protocal upon arrival with no source… i was expecting some javascript window.location="outlook:action" but huh…

anybody want to pm a hint on this one? :D

Idk but I don't think javascript can be in any way injected like that…

Nah he used things like:

nntp://uber0n/ for email

aim:goim w/e for aim

telnet://whatever:port through tinyurl etc etc. Anything that can be launched this way has to have the ability to be just typed in the browser to have launched, for example type telnet://hellboundhackers.org:80 in the browser bar, it launches the app. :ninja:

end3r wrote: my computer is slow as hell and you made it crash opening outlook along with the other progs i already had open :angry: end3r

how on earth did you post that if this page crashes your browser?

Idk but I don't think javascript can be in any way injected like that…

Nah he used things like:

nntp://uber0n/ for email

aim:goim w/e for aim

telnet://whatever:port through tinyurl etc etc. Anything that can be launched this way has to have the ability to be just typed in the browser to have launched, for example type telnet://hellboundhackers.org:80 in the browser bar, it launches the app. :ninja:

true.

but alright tinyurl is redirecting some source from some page to our browsers. i want to figure out what that is. because the source of the images is not "nntp:uber0n" its a tinyurl. so somehow the protocol is attached to the tinyurl or something. this is what i can't figure out.

All these are http://tinyurl.com links embedded into images.

Image 1.) http://tinyurl.com/28esr3 - news://uber0n

Image 2.) http://tinyurl.com/28tf8k - nntp://uber0n

Image 3.) http://tinyurl.com/2ho8yu - snews://uber0n

Image 4.) http://tinyurl.com/24fzsf - Dead Link

Image 5.) http://tinyurl.com/28m5hs - telnet://uber0n

Image 6.) http://tinyurl.com/2e98qn - Dead Link

Hope that helps :happy:

Hope that helps

It's like the blind leading the deaf.

[img]http://tinyurl.com/8bmtxa[/img]

Veniz00 wrote: [img]http://tinyurl.com/8bmtxa[/img]

http://www.securityfocus.com/bid/32997

HBH is not the place to test out new exploits. Do this shit on your own PC, thanks.

Thankfully URI abuse has been done, patched, and mostly over with. With the amount of dynamic crap you can do with a page, however, certain ones (mailto) might not ever be dead.