While the file didn’t come with any context as to how the attacker would get it running, I’m now convinced that the user would double click on a. Stepping back, I launched Process Hacker, and tried just loading the page and saying yes at any prompt, and I didn’t get anything interesting to load. Unfortunately, I couldn’t get anything interesting to happen. We’ll put a break point at the line that starts v1 =, and then refresh the page, and this time hit “Allow blocked content”. IE will warn us that the page wants to run script, and we’ll not allow that, yet: Then, to debug it, I opened the file in IE. To get the code to open in IE, I wrapped it in debugger and, and saved it as test.html. I’m sure there is some way to fake an ActiveXObject, but I could not figure one out, so I decided that if I wanted to debug, I should move to IE, where ActiveX is built in.
0 kommentar(er)
