finding the registered URL protocols

****************************************************************************************
URIFind is a small tool for finding all of the registered URL protocols in your system,
it is useful for reviewing security vulnerabilities about URL protocols, do you remember
the recent Firefox's "FirefoxURL" command injection vulnerability?:)

Example for using:

URIFind.exe > output.txt

The output file may like follows:

[callto]
rundll32.exe msconf.dll,CallToProtocolHandler %l

[file]

[FirefoxURL]
C:/PROGRA~1/MOZILL~1/FIREFOX.EXE -requestPending -osint -url "%1"

[ftp]
"C:/Program Files/Internet Explorer/iexplore.exe" %1

...

Find 21 URL Protocols

by cocoruder(frankruder_at_hotmail.com), 2007.09
****************************************************************************************/

#include
#include

void main(void)
{
HKEY hKey,hKeyQ,hKeyCmd;
DWORD cbName = MAX_PATH;
TCHAR achKey[MAX_PATH];
DWORD cSubKeys;
FILETIME ftime;
DWORD cbData = MAX_PATH;
DWORD j = 0;
DWORD tp,tp1=0,retVal;
BYTE rData[MAX_PATH],tmpBuff[MAX_PATH];
char szRecvCmdData[1024];
DWORD cbRecvCmdData;

RegOpenKeyEx(HKEY_CLASSES_ROOT, "", 0, KEY_READ, &hKey);

RegQueryInfoKey(
hKey, // key handle
NULL, // buffer for class name
NULL, // size of class string
NULL, // reserved
&cSubKeys, // number of subkeys
NULL, // longest subkey size
NULL, // longest class string
NULL, // number of values for this key
NULL, // longest value name
NULL, // longest value data
NULL, // security descriptor
NULL // last write time
);

DWORD dwAllProtocols=0;
for (j = 0; j
{
cbName=MAX_PATH;
achKey[0] = '/0';

memset(achKey,0,sizeof(achKey));

RegEnumKeyEx(hKey,
j,
achKey,
&cbName,
NULL,
NULL,
NULL,
&ftime);

if (achKey[0]==0x00)
{
continue;
}

RegOpenKeyEx(HKEY_CLASSES_ROOT, achKey, 0, KEY_QUERY_VALUE, &hKeyQ );

cbData = MAX_PATH;
memset(rData,0,sizeof(rData));
retVal=RegQueryValueEx(hKeyQ,"URL Protocol",NULL,&tp,rData,&cbData );
if (retVal == ERROR_SUCCESS)
{
sprintf((char *)tmpBuff,"%s//shell//open//command",achKey);

//get the command line
RegOpenKeyEx(HKEY_CLASSES_ROOT, (char *)tmpBuff, 0, KEY_QUERY_VALUE, &hKeyCmd);
memset(szRecvCmdData,0,sizeof(szRecvCmdData));
cbRecvCmdData=sizeof(szRecvCmdData);
retVal=RegQueryValueEx(hKeyCmd,NULL,NULL,&tp1,(unsigned char *)szRecvCmdData,&cbRecvCmdData);

printf("[%s]/n%s/n/n",achKey,szRecvCmdData);

dwAllProtocols++;

RegCloseKey(hKeyCmd);
}

RegCloseKey(hKeyQ);

}

RegCloseKey(hKey);

printf("/nFind %d URL Protocols",dwAllProtocols);

}  
阅读更多
上一篇信息安全的职业生涯
下一篇PE文件之旅
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭