// File Browsing Exploit // Tested on Windows 98 running Novell 3.2.0.0 // // By, t0mMaC // AIM: t0mMaC2600 // // // Disclaimer: // This is for experimental purposes only, using this venerability to gain access to nodes, hard drives, // directories, etc which your not suppose to be in is illegal. The writer takes no responsibility // of your actions. Play nice. // This venerability on file browsing will give users access to restricted hard drives, directories, and networked hard drives that admins don't want you in. In this exploit's case the admin blocks users from accessing everything but the users home directory and shared drives, their also unable to type paths using the file protocol. Since the user is not able to use the file protocol in browsers and they can not type paths, this means most other fun directories will be inaccessible. In MS Office the restrictions which apply to file browsers applies to MS Office's file browser, you the user is allowed to type paths, but in Win Pad, Note Pad, or Paint, your able to type paths, you just don't have the power to make modifications to files and directories. By use of this exploit you will be able to manage the files and directories, because it will allow to open them up in a browser. This is the process to beating the annoyance of this poorly secure Operating System. 1. First step you must make sure you have either Word Pad or Note Pad. If they are not available you might not be able to use this exploit, but they may have other programs which allow you to type directories in and make modifications, like in a text or picture editor of some sort. 2. Now with World Pad or Note Pad you should search for all the available nodes and hard drives. This can be done by the use of the "Files of Type Feature" and the "File Name" feature. The "Files of Type" feature specifies on what file type you want to be viewed and in you directory exploration make it so all files types are being viewed. The "File Name" feature allows you to type in custom directory paths. So just start typing things like C:, N:, X:, etc until you find an interesting node, hard drive, whateva you want to call it. Now once something cool or a specific target is located the fun begins. 3. Open Internet Explorer or whatever they use to browse for HTTP and bookmark a web page. 4. Now after the web page has been bookmarked you must find it in your home directory. To find your bookmarks open up one or the other text editors I mentioned or whatever and browse till you find your bookmarks. Most of the time bookmarks are locate in a directory called "Favorites" or "Bookmarks". Find it, open it. 5. Now its time to make the modifications to the bookmark. For this example I will use the C drive. Search for this line first: URL = http://www.whatever.com Once located change it using the file protocol and write the directory's path you want. For example: URL = file:///C:/Windows Once thats change you will see another URL tag and you will insert the same URL as you did above in it's place. This URL will look like this: http://www.whatever.com Change it to: file:///C:/Windows Now once this is done save and quit. 6. Open up your browser, then your bookmark. You'll notice that you just bypassed the the security. This happened because Windows restricts you from typing the file protocol in, but the designers never notice that it can be averted by writing or modifying a bookmark using the file protocol. Now lets have some fun, you can explore go wherever you want. This venerability does allow you to do more, notice you can change properties to files and folders, you can make them visible, but for some reason the invisible files can be seen their just faded. 7. Now if your after specific file you can modify your targeted file(s) by doing this: this is yet another fun part of this exploit. Just copy the path of the file, then open Win Pad or whatever works and then to open window. Then under "File Name" type or paste the full path of the file. Then do as you please to it and save. Note: The one thing you can not do is type the directory in, but is quite easy to navigate your way around, but if you have to use a different hard drive or node you will have to repeat steps 3 to 5. Play it safe and don't damage property.