Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
<html><head><title>Example WinSafer Html script</title></head><body><h1>Example WinSafer Html script</h1>
<script language="vbscript">
msgbox("Hello friend, please press 'Yes' when Internet Explorer asks you a question!")
</script>
<table bgcolor="#cccc99" border=3><tr><th>Script output is below:</th></tr><tr><td bgcolor="#eeeeaa"><script language="vbscript">
Option Explicit
const filename1 = "c:\boot.ini"const filename2 = "e:\secret.txt"const foldername1 = "e:\spam"
document.write("Howdy. I am a malicious script.<br>")document.write("<hr>")call ReadTheFile(filename1)document.write("<hr>")call ReadTheFile(filename2)document.write("<hr>")
rem call DisplaySpecialFoldersrem document.write("<hr>")rem call ReadTheRegistryrem document.write("<hr>")
call DeleteFiles(foldername1)
sub ReadTheRegistry On error resume next dim wscr, rr set wscr = CreateObject("WScript.Shell") set rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EmailName") document.write("Read the registry: " & rr)end sub
Sub ReadTheFile(filename) On error resume next dim fso, fileinput, linetext Set fso = CreateObject("Scripting.FileSystemObject") Err.Clear set fileinput = fso.OpenTextFile(filename,1) if (Err.Number <> 0) then document.write("I failed to open the file <B>" & filename & "</B> for reading: " & Err.Description & "<br>") else linetext = fileinput.ReadAll fileinput.Close document.write("I just read the file <B>" & filename & "</B> and it contained:<br><pre>" & linetext & "</pre><br>") End ifEnd Sub
Sub DeleteFiles(foldername) On error resume next dim fso, Folder, Files, File, filecount Set fso = CreateObject("Scripting.FileSystemObject") document.write("<ul>") document.write("<li>Going to delete all files from " & foldername) Err.Clear set Folder = fso.GetFolder(foldername) if (Err.Number <> 0) then document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description) else set files = Folder.Files if (Err.Number <> 0) then document.write("<li>Failed to access <B>" & foldername & "</b>: " & Err.Description) else filecount = Files.Count if Err.Number <> 0 then document.write("<li>Failed to access folder: " & Err.Description) else document.write("<li>There are " & CStr(filecount) & " files within <b>" & foldername & "</b>") for each File in Files Err.Clear document.write("<li>" & File.Path) if (Err.Number <> 0) then document.write("<li>Failed to delete files: " & Err.Description) else Err.Clear FSO.DeleteFile(File.Path) if (Err.Number <> 0) then document.write(": failed to delete, " & Err.Description) else document.write(": <B>successfully deleted!!</B>") end if end if Next end if end if end if document.write("</ul>")end sub
sub DisplaySpecialFolders On error resume next
dim fso, dirwin, dirsystem, dirtemp Set fso = CreateObject("Scripting.FileSystemObject") Set dirwin = fso.GetSpecialFolder(0) Set dirsystem = fso.GetSpecialFolder(1) Set dirtemp = fso.GetSpecialFolder(2)
document.write("Your Windows directory is: " & dirwin & "<br>") document.write("Your System directory is: " & dirsystem & "<br>") document.write("Your Temporary directory is: " & dirtemp & "<br>")
rem Interestingly enough, when running in an untrusted level, rem the vbscript fails to be able to determine the user's rem personal temporary directory.
end sub
</script></td></tr></table>
</body></html>
|
