-
Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
Activex help
- Thread starter djrock
- Start date
- Status
- Joined
- Jan 20, 2002
- Messages
- 433
A cab file contains one or more compressed files (it's like a zip file). When you say "activex cab file", do you mean a cab file that contains activex files?
In the Windows Explorer, you should be able to double click on a cab file and see the contents. If the files are activex files, then they will indeed look like "gobbledygook" because they are binary executables.
Just what is it that you're trying/expecting to do?
In the Windows Explorer, you should be able to double click on a cab file and see the contents. If the files are activex files, then they will indeed look like "gobbledygook" because they are binary executables.
Just what is it that you're trying/expecting to do?
I am trying to see if the activex is doing the authentication and if so is it easy to bypass.
I am helping a friend out whos in the security trade. He has not done a lot of setting dvrs to be accessed from the web. While helping him I have noticed some flaws eg java script checking the username and password field is not blank. This is fine except it gives you the link to the html page to view the images except it brings up username or password not correct.
Now I am trying to work out if its doing client side authentication (checking the username and password) using the activex.
Thankyou
djrock
I am helping a friend out whos in the security trade. He has not done a lot of setting dvrs to be accessed from the web. While helping him I have noticed some flaws eg java script checking the username and password field is not blank. This is fine except it gives you the link to the html page to view the images except it brings up username or password not correct.
Now I am trying to work out if its doing client side authentication (checking the username and password) using the activex.
Thankyou
djrock
- Joined
- Jan 20, 2002
- Messages
- 433
There isn't any good way to determine just what the ActiveX control is doing.
I've already gotten in trouble once today with CookieGal for helping out with a question related to bypassing security, so there's not much more I can say here. The reason given by the TechGuys is that there is no way to determine if a request to bypass security is legitimate. Your request is essentially "how can i determine if there's a way to bypass security" and you should be able to see why this poses a problem.
I've already gotten in trouble once today with CookieGal for helping out with a question related to bypassing security, so there's not much more I can say here. The reason given by the TechGuys is that there is no way to determine if a request to bypass security is legitimate. Your request is essentially "how can i determine if there's a way to bypass security" and you should be able to see why this poses a problem.
I just realised that I could be someone wanting to break in to something I don’t have permission to. So I agree.
OK If the activex is doing the authentication, which would mean its client side scripting how easy would it be to bypass. 1 being easy to 10 being extremely hard.
OK If the activex is doing the authentication, which would mean its client side scripting how easy would it be to bypass. 1 being easy to 10 being extremely hard.
- Joined
- Jan 20, 2002
- Messages
- 433
If a bank has a safe door made of 10 inch thick steel, how easy is it to break in? Well, getting through the steel would be difficult but there's not enough information here about the bank to answer the real question.
Peforming a security assessment is hard to do without access to the web site and the ActiveX control. I suggest that you find a security professional (or a good hacker ;-) for a realistic assessment.
Peforming a security assessment is hard to do without access to the web site and the ActiveX control. I suggest that you find a security professional (or a good hacker ;-) for a realistic assessment.
If you can decompile the file that handles the login check, change the part for the login so it does not matter what’s entered its always correct.
Recompile it and replace the unmodified activex cab installed in Internet Explorer with one with the modified file.
Would that work??
I have decompiled one of the dll’s and there is a part that mentions login. Which confirms it a bit more it does handle the login. I have made programs before in c++, java, .net but never done any sort of decompiling. I concentrate on the hardware side of computing.
If you don't install the activex the login does not work. You just get stuck at the login page.
I think I will phone the company who makes the dvr and see what they have to say. But I want to know myself because they might know that and not be 100% truthful about it.
I know that client side scripting really should not be used for checking login details since it can be bypassed very easy.
I can pm you the activex cab file if you want to look at the files with-in?
Thankyou
djrock
Recompile it and replace the unmodified activex cab installed in Internet Explorer with one with the modified file.
Would that work??
I have decompiled one of the dll’s and there is a part that mentions login. Which confirms it a bit more it does handle the login. I have made programs before in c++, java, .net but never done any sort of decompiling. I concentrate on the hardware side of computing.
If you don't install the activex the login does not work. You just get stuck at the login page.
I think I will phone the company who makes the dvr and see what they have to say. But I want to know myself because they might know that and not be 100% truthful about it.
I know that client side scripting really should not be used for checking login details since it can be bypassed very easy.
I can pm you the activex cab file if you want to look at the files with-in?
Thankyou
djrock
- Joined
- Jan 20, 2002
- Messages
- 433
Sorry but I'll pass. This conversation is falling into the area of "Category I Offenses" (Circumventing Copy Protection) for TechGuys : http://www.techguy.org/rules.html
Hello, But I am not trying to Circumventing Copy Protection. When I said “I can pm you the activex cab file if you want to look at the files with-in?”
I did not expect you to hack the file(s) for me or tell me how to. All I wanted you to do if you wanted to, is to look at them and give me an idea if it was easy or hard to bypass.
e.g Easy
Download program x find part 4 change line 6
Very Hard
A good bit of experience in working with decompiled code.
CCTV cams can be used for all sorts of stuff. From keeping an eye on your property to watching the kids are ok when in the swimming pool. You don’t want the dvr’s security to be easily bypassed!! Especially if its used to keep an eye on your kids. There’s a lot of sick people about!!
If I 100% knew the login check is done on the client side in the activex and depending on your knowledge how easy it was to bypass. I can go back to the company and say I know its client side and with x knowledge can be bypassed. This is not good enough!!!
Thankyou
djrock
I did not expect you to hack the file(s) for me or tell me how to. All I wanted you to do if you wanted to, is to look at them and give me an idea if it was easy or hard to bypass.
e.g Easy
Download program x find part 4 change line 6
Very Hard
A good bit of experience in working with decompiled code.
CCTV cams can be used for all sorts of stuff. From keeping an eye on your property to watching the kids are ok when in the swimming pool. You don’t want the dvr’s security to be easily bypassed!! Especially if its used to keep an eye on your kids. There’s a lot of sick people about!!
If I 100% knew the login check is done on the client side in the activex and depending on your knowledge how easy it was to bypass. I can go back to the company and say I know its client side and with x knowledge can be bypassed. This is not good enough!!!
Thankyou
djrock
- Status
Users Who Are Viewing This Thread (Users: 0, Guests: 1)
As Seen On
Welcome to Tech Support Guy!
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
Join over 807,865 other people just like you!
