ActiveX is one big security failure that goes so deep .. that Microsoft CANT fix it. Their solution "Well don't use it"

... eeeh!

I'm currently larning java in hihgschool. I think I am probabm;y the best in the class lol. Anyways, my goal is to custom firmware my PS3. I'll custom firmware anyone elses PS3 for $50 :)

How can you make the script to get executed without having the user to press anything in the website?

ActiveX Backdoor :D

Nice. Is it patched or does this still work?

@TheRhodan still works. :P

Nice.

tim is gay name. u r gay. sir, please an hero and stop fagging.

@MasterOfgms good sir, I challenge you to a duel of honor.

@wtfnord i fucking accept with HASTE like a MOTHER FUCKING G BITCH

ill rape you with my front rim nigga. talkin bout my bike nigga

No, java and java script are not very similar. Creators of java script have chosen this name because java was a cool thing at the time.

@mrh3h As a java programmer, I can tell you that the syntax is highly similar.

Man that's kinda freaking me out!

christ, What's the worst thing a hacker can do with command prompt. (yes I am completely oblivious when it comes to technology)

@Mudd0000 literally anything that you can do on a computer can be done from command prompt.

protip: If you can't do something from command prompt, use "echo [line of code]>[script filename]" and it will create a new script file with the contents of what you echoed (you can do multiple lines with the "&" operator). - then simply use cscript /nologo ot execute the script.

Very interesting, personally, I never allow ActiveX to run anything from a website that I dont know of

This hack is ingenious in its simplicity. If you are able to gain control over the command line then you effectively own the user's computer. One time my laptop was stolen. I made a program in python that acted as a small server which allowed me to access the terminal and issue commands. I made it as a side project when I was studying networking in school. It was set to load with all the other daemons. As soon as he came online, I was able to...uh... "repartition" everything for my new friend.

I AM NOT FORGETTING TO COMMENT AND RATE.

Also this was the first time I was on your site despite being around since you first mentioned it.

@emper7 Thanks for taking the time to check it out. :-)

@wtfnord How to shot web always amused me.

While you're here, two questions: Do you still play WoW, and also is America's Own Orwellian Society still up on Lordhathor's channel?

@emper7 Glad you liked it :P

I don't really play wow anymore - I sometimes get on as a 25th if my friend's guild needs a healer for a raid or something but that's rare.

the orwellian video -should- still be up on lordhathor, yes. :-)

@wtfnord Look into HTML Applications (*.hta files). WScript.Shell and Scripting.FileSystemObject are actually extremely useful ActiveXObjects. Most lightweight programs/scripts I write for windows make use of them. Unfortunately, as you pointed out, they can be easily used with malicious intent. For that reason and many others, I'd strongly urge anyone else reading this not to use Internet Explorer for exploring the internets.

@AtheistDave89 100% agreed. I forgot to mention that this exploit does not work in most non-IE browsers such as Chrome or (I think?) Firefox.

@wtfnord I am fairly certain that only IE supports the WSH and FSO controls. Microsoft implemented them in their JScript (not javascript), WScript, and VBScript scripting languages. (It's so unlike them to ignore standards and make up their own.) Firefox and Chrome won't handle them natively without some extra modification. I doubt any other browser would handle them either. For the record, I use Chrome.