azbil

Japanese

English

about azbil

  azbil is a new symbol of the Yamatake Group.

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact

I

 

 

IEen

Outline:

IE'en remotely controls Internet Explorer using DCOM.


Microsoft stated, "The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. "DCOM is installed on most Windows machines by default and runs without noticed by the users.If one knew the account name and the password of a remote machine, one can remotely control the software component on it using DCOM. For example, Internet Explorer is one of the software components that can be controlled. IE'en remotely controls Internet Explorer using DCOM.


Summary of IE'en Functionalities:

  • Remotely connects to or activates Internet Explorer
  • Captures data sent and received using Internet Explorer
  • Even on SSL encrypted websites (e.g. Hotmail), IE'en can capture user ID and password in plain text.
  • Change the web page on the remote IE window.
  • Make the remote IE window visible / invisible.

Usage:

  1. Start ieen_s.exe using accounts with administrator privileges.
  2. Input the IP address of the remote machine into the "Remote IP" field.
  3. If the remote machine and the local machine are in the same Windows domain environments, select the domain name from the "Domain" field.
  4. Input the username and the  password of the user currently logged in at the remote machine into the "Username" and "Password" field.
  5. Press the "OK" button to connect to the remote machine.
  6. If IE'en successfully connect to the remote machine, a new window will pop up.From the Window list, select one IE window which you intend to monitor. Then data sent to or received from IE will be displayed.
  7. To see more detailed transaction records. Double Click on one of the QUERY STRING/POST DATA/COOKIES/CONTENTS field.
  8. To change the web page on the remote IE window, type the desired URL into the "URL" field, and then press the "Go" button.
  9. To monitor another IE window, press the "Disconnect" button and then select another IE from the "Window" list.
  10. To create a new window on the remote machine, press the "New Window" button.
  11. To make the remote IE window visible / invisible, press "Visible (Invisible)" button.
  12. To monitor another remote machine, select "Exit" from the "File" menu and then start from step #2 again with a different remote IP.

Note:

IE'en works only on Pentium compatible machines. IE'en has only been tested on Windows 2000 Professional (local & remote) and Windows NT SP5 later (Remote). There must be a local user logged on at the remote machine, and if no IE window is opened, new window cannot be created by pressing the "New Window" button. Operations on Windows machines other than the ones stated above may not work properly.


By Soap (Jun. 2002)


Download here


Presentation:

Black Hat Windows 2003


For your information:

New IE spy progie exploits DCOM (The Register)


 

 



SecurityFriday TM

Copyright(C) SecurityFriday Co., Ltd. All rights reserved.