c:\con\con -Reply -Reply
rafaelzap2 at netzero.net
Wed Jul 5 23:41:46 PDT 2000
Hi Nicol. :)
Nicol Verheem wrote:
> Hi Ralph
> >>> Ralph Shumaker <rafaelzap2 at netzero.net> 3/July/2000
> >> It does not take out my Netscape (contrary to a previous
> >> poster) because netscape does the string parsing itself;
> >>IE hands it to the OS. That'll teach 'em.
> > I think I was that previous poster. I am running Netscape
> > 4.5 on M$ w95b and clicking on file://c/con/con does
> > INDEED take my system immediately to BSOD without
> > hesitation.
> Hmmm, using Netscape 4.71, pointing to a apache server on
> a linux box :
> Not Found
> The requested URL /c:\con\con was not found on this server.
Unclear is whether or not your Netscape 4.71 was on the same machine
as the apache server (Linux) or on whendoze 9x. I assume the
below-mentioned "IE machines" were indeed windy 9x machines.
> The same page took out quite a few IE machines. The HTML
> is :
> <A HREF=c:\con\con>click here</A>
> Maybe it's because I used a link, and you an IMG tag ?
Nope. I just typed each of the characters "f", "i", "l", "e", ":",
and so on to get "file://c/con/con" and when Netscape (4.5 on w95 in
my case) sees it, it underlines it and turns it blue and treats it
as a live link. You can do the same thing with http:// and ftp:/
and possibly more. Click on http://www.kernel-panic.org and you
will go to the kplug website.
> >> Getting a URL http://www.domain.com/con/con will take
> >> out a Win9x server running IIS as well. Cool hey ?
> > What do you mean? Do you mean that if someone at the
> > IIS console clicks on that link it will take them down? Or
> > do you mean that you can send your browser to
> > http://www.anyM$windoze9xserver.org/con/con
> > and crash it? Whoa! That would be cool. Hmmm.
> Both. But keep it mind it's only 9x boxes that's affected.
> Not NT. So you won't have THAT much fun, since the
> majority of IIS servers run on NT. Darn. I recon it still a
> worthwhile persuit for some script kiddy; work your way thru
> 126.96.36.199 to 254.254.254.254, if a http server identifies itself as
> IIS, ask for ip_address/con/con. Repeat as necessary :-p
That would be SOOOO cool! I mean, cruel! ;)
Of course you would have to be careful if you get to 127.x.x.x which
will kill your own machine if you happen to be careless enough to
run such a script from a IIS server on a whendoze 9x machine.
(Also, I reckon you are from the midwest. Either that or perhaps
you are just on a "recon" mission. ;)
> Have fun
Hmmm. Maybe I will, ... <InDeepResonatingVoice> Voohoohahaha.
mailto:rafaelzap2 at netzero.com mailto:rafaelzap at juno.com
mailto:rafaelzap at freewwweb.com
Microsoft -- "How many times do you want to crash today?"
The second millennium A.D. ends in
0 years, 5 months, 26 days, 0 hours, 37 minutes, and 37 seconds.
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
More information about the KPLUG-List