finding the registered URL protocols

转载 2007年09月27日 21:51:00
****************************************************************************************
URIFind is a small tool for finding all of the registered URL protocols in your system,
it is useful for reviewing security vulnerabilities about URL protocols, do you remember
the recent Firefox's "FirefoxURL" command injection vulnerability?:)

Example for using:

URIFind.exe > output.txt

The output file may like follows:

[callto]
rundll32.exe msconf.dll,CallToProtocolHandler %l

[file]

[FirefoxURL]
C:/PROGRA~1/MOZILL~1/FIREFOX.EXE -requestPending -osint -url "%1"

[ftp]
"C:/Program Files/Internet Explorer/iexplore.exe" %1

...

Find 21 URL Protocols

by cocoruder(frankruder_at_hotmail.com), 2007.09
****************************************************************************************/

#include
#include

void main(void)
{
HKEY hKey,hKeyQ,hKeyCmd;
DWORD cbName = MAX_PATH;
TCHAR achKey[MAX_PATH];
DWORD cSubKeys;
FILETIME ftime;
DWORD cbData = MAX_PATH;
DWORD j = 0;
DWORD tp,tp1=0,retVal;
BYTE rData[MAX_PATH],tmpBuff[MAX_PATH];
char szRecvCmdData[1024];
DWORD cbRecvCmdData;

RegOpenKeyEx(HKEY_CLASSES_ROOT, "", 0, KEY_READ, &hKey);

RegQueryInfoKey(
hKey, // key handle
NULL, // buffer for class name
NULL, // size of class string
NULL, // reserved
&cSubKeys, // number of subkeys
NULL, // longest subkey size
NULL, // longest class string
NULL, // number of values for this key
NULL, // longest value name
NULL, // longest value data
NULL, // security descriptor
NULL // last write time
);

DWORD dwAllProtocols=0;
for (j = 0; j
{
cbName=MAX_PATH;
achKey[0] = '/0';

memset(achKey,0,sizeof(achKey));

RegEnumKeyEx(hKey,
j,
achKey,
&cbName,
NULL,
NULL,
NULL,
&ftime);

if (achKey[0]==0x00)
{
continue;
}

RegOpenKeyEx(HKEY_CLASSES_ROOT, achKey, 0, KEY_QUERY_VALUE, &hKeyQ );

cbData = MAX_PATH;
memset(rData,0,sizeof(rData));
retVal=RegQueryValueEx(hKeyQ,"URL Protocol",NULL,&tp,rData,&cbData );
if (retVal == ERROR_SUCCESS)
{
sprintf((char *)tmpBuff,"%s//shell//open//command",achKey);

//get the command line
RegOpenKeyEx(HKEY_CLASSES_ROOT, (char *)tmpBuff, 0, KEY_QUERY_VALUE, &hKeyCmd);
memset(szRecvCmdData,0,sizeof(szRecvCmdData));
cbRecvCmdData=sizeof(szRecvCmdData);
retVal=RegQueryValueEx(hKeyCmd,NULL,NULL,&tp1,(unsigned char *)szRecvCmdData,&cbRecvCmdData);

printf("[%s]/n%s/n/n",achKey,szRecvCmdData);

dwAllProtocols++;

RegCloseKey(hKeyCmd);
}

RegCloseKey(hKeyQ);

}

RegCloseKey(hKey);

printf("/nFind %d URL Protocols",dwAllProtocols);

}  

相关文章推荐

dMC-R16.1-Ref-Registered.exe

  • 2017年03月14日 14:31
  • 31.34MB
  • 下载

Dbflow:Model object: xxxx is not registered with a Database. Did you forge an annotation?

错误代码: 错误描述,在三星、小米手机上运行没问题,在华为手机上抛出这个异常。 网上查询没有找到原因。 官网上提示说没有在application初始化的情况会抛出这个异常,但是初始化以...

AlphaControls_2011_v7.31Registered(Delphi XE)

  • 2011年02月15日 21:12
  • 4.61MB
  • 下载

mount clntudp_create : RPC Program not registered

mount clntudp_create : RPC Program not registered 解决方法: 1. 检查nfs与portmap都正常启动了 2. 运行 # rpc.mount...
  • kevdmx
  • kevdmx
  • 2011年11月02日 10:08
  • 554

S2SH The web application[] registered the JDBC driver [com.mysql.jdbc.Driver] bur failed to unreqist

bug 截图 Caught exception while loading file struts-default.xml - [unknown location]       at com....

VMProtect_Ultimate_V2.09_Registered

  • 2017年11月22日 08:30
  • 7.06MB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:finding the registered URL protocols
举报原因:
原因补充:

(最多只允许输入30个字)