Using Internet Explorer to run malicious code? I've never heard about such thing.

"Malware forced to run Internet Explorer" I think is more accurate

I have a feeling the errors in Windows 11 and possibly now Windows 10 , may be in part due to Microsoft now retiring the IE Desktop application. It still, sort of, runs but only in a very stripped down way known as "IE Mode" which opens in Edge - so the chances are there are no accessible COM objects now.

"Internet Explorer forced to run malware" is like saying "spyware forced to run malware"

Reminds me of malware a couple of years ago for a red team engagement that would spawn IE as a background process as a means of communicating with our C&C server.

This reminded me of a "hack" we figured out in high school in the mid to late 90s. In windows 95 The security on the lab systems would lock down certain programs. They were gone from the start menu, and if you navigated to them directly, and tried to run them, nothing would happen. However, we could use MS Paint. In paint, file, open, navigate to the game's .exe and bingo, you could play solitaire.

When I first saw this I wondered about S-mode but I mean that would make loading/installing your own executable non-trivial too so I suspect a malicious actor would try to disable that first, if that's even possible remotely.

Cool great video, stuff I would never thought about, but John, how come you never put the websites you visit in the description...

"ahh I got some weird stuff in that directory. That's kinda sketch" "ANYWAY" LMFAOO subbed.

"I was playing with some moth balls...i dunno can you say that???" - John Hammond

I don't think Guardio is really *that* helpful, but I like the fact that they paid you and I can hear your pleasant voice.

I just have a question. Can this be used to invoke a malicious exe without triggering windows defender ?

"It's a feature, not a bug" :D

like always, great content

I really appreciate your content and great ability to explain material, I think my skills at beginner and struggle with reading studies slow due to my challenges and searching for advanced skills training to level up my skills, I am frustrated with my slow learning curve ,if you would please make advance content

4:44 - right it works this way because it's technically an extension of windows explorer. which is partly why it's trash. it's the Konquerer(for the youngsters it was the original file manager that doubled as a web browser of the KDE desktop environment under linux/BSD) of the Windows Desktop. dumb little things like this is why it's getting retired. I don't think it'll get completely removed from Win10, because IE is still so tightly baked into the file explorer. Pretty sure they rewrote explorer without the IE integration for 11, but I could be wrong on that.

Woke up too see a upload from hammond today will be a good day

I listen to a podcast called Darknet Diaries. I’m sure you must’ve come across a few scenarios you could discuss but would love to hear you on one of these podcasts

Hey John when the next Windows Kernel exploitation video? Really like them

Thank you for your video I enjoyed your presentation and how you show with code also thank you for sponsoring the item you do very helpful

4:20 Not only that but when lets say you try to open google in IE edge pops up instead, one more indicator that MS SW is basically malware.....

Does changing %SYSTEMROOT% require elevated permissions?

it could not find any of the names in the hex editor

"wow i have some random stuff in that directory, that's kinda sketch" lmao

IE is finally useful for me !

Remember when IE could just embed the contents of C:\ as an on a web page?

0:40 When a redteamer want to flex some skills.... 😂😂😂

Last video you talked about guardio and now this one is sponsored by guardio 😅✌️

7:40 you can overwrite sethc.exe (sticky keys) and that also gives u advantage to run it with 5x shift like normal sticky keys

Similar to environment variable (order) hijacking on Linux, but exploiting a software that is there on default install. Great gift from Windows ! Windows > Linux!!1

I've been using the updated version of Internet explorer for a while. Is it not safe to use? I think the update is called Microsoft edge.

04:04 - And this is because they wanted FAT12-compatible names, yes.

Hey John I dug deeper into this using Sysinternals' Process Monitor tool. It looks like Windows 11 requires the %SYSTEMROOT%\Registration folder and the absence causes this error. Copying it over resolves it but then you get another weird problem where the original rstrui app won't run and even requests elevation (?!?). However if you copy over the last file it is failing to load (c:\windows\System32\en-US strui.exe.mui) then it loads and runs properly in Windows 11. Of course that file doesn't apply if you're replacing the app with a different one; you will need to use a tool like Process Monitor to investigate failed file loads yourself (I set Result filter to is PATH NOT FOUND (or alternatively is not SUCCESS but that resulted in a bunch of junk messages) and Path filter to begins with my temporary folder path). One other thing I had to do was pass the shell: url directly to windows and not through IExplore for it to work; if I try using the original form with iexplore nothing happens after fixing the Registration issue. So: start shell:::3f6bc534-dfa1-4ab4-ae54-ef25a74e0107} This is just a case of setting up a test environment and leaving too many files out... just the DLL files from the single folder is not enough! Windows is more complex than that. I'm surprised Windows 10 shell objects work with that minimal setup. It is possible this error is due to more components are relying on the environment variable than in Windows 10, though that would be odd, as Microsoft's recommended best practice is to NOT use them as a reference for paths but to use SHGetKnownFolderPath API, IIRC. But clearly overriding the variable is working, so MS is using it here. This is because the paths for shell objects are stored in the registry, so there are no options except to use environment variables in the paths. You can open up HKEY_CLASSES_ROOT\CLSID\{3f6bc534-dfa1-4ab4-ae54-ef25a74e0107} yourself and take a peek at the definition for this shell object to see it does indeed use SYSTEMROOT. It's a very simple object that just runs the rstrui.exe app when invoked. If you're familiar with file type data in the registry the format is nearly identical. It's also worth noting IExplore has nothing to do with this. You can omit it entirely and just pass the shell: url directly to Windows for the same effect. In fact it reveals the original error was just given the title of the command line you were trying to launch... it was not coming from IE but from Windows. Though oddly enough if I add it back into my start command on Windows 11 rstrui won't launch. I think I'm done investigating this for now though.

Awesome!!!

Nice video 👍

When you CD on windows, what is the % used for. Always been confused on that. Can you also CD directly to the path without that?

Questions: Do you do giveaways of channel branded stickers? I am collecting all the channels I am subscribed to so that I can make a collage and frame it to put on my livingroom wall. If not do you have a store where I can buy it?

can we make this attack via link ?

John how about a video on using "ChatGP" AI to write malware? I just saw a post about that.

hey man can you hepp me with this audio file i have. i am being acousticly harrassed.

A completely Irrelevant question, Anyone knows if John hammond managed to get his Windows Exploit from Offsec? Haven't been following he's videos in a long time.

Thank God IE went unsupported 6 months ago...

So essentially disable Internet Explorer on my Windows server?

Fix it Group

Level of surprise when internet explorer is bad: -50

Waiting for your new video

I use Google Chrome for Windows to download some music, games, software and videos

Hi, mate, are you OK?

good stuffs

John, try calling out this CLSID ::{ED7BA470-8E54-465E-825C-99712043E01C}, BTW which energy drink is your favorite? Have you tried Alanis--Cosmic Stardust?

Windows 7 user here Internet Explorer is still in my computer and Microsoft Stoped supporting it

Huge thanks for guardio For sponsoring this video 😂😂😂😂😂😂😂😂😂 New poem from john

you can run it without using internet explorer, just remove iexplore from the start command, i tried it in my win11 main pc and it opened sys restore

Man just ended his pc

Anyone else getting access denied?

If you haven't already uninstalld IE and cut ties from IE in windows since you should be using Edge now then this won't work.. Won't work for me anyway because IE is dead the only thing this will do is load edge and possibly brosw your local file system. 😛 You can't download things either so off you trot with your shenanigans.

"Internet explorer is the best to use for windows." Me: *uses firefox on linux*

internet explorer more like internet exploiter aM I RIgHt?

in : echo %windir% echo %SYSTEMROOT% _________________________ out : C:\Windows C:\Windows

Hey John, you on break ): ?

Windolsw

i uninstall all games dosent work i re install everyting works btw i use internet explorer 11 and i basicly trust everything saying stuff about malware since my pc has survived 32 malwares at once

So a bash script could be written to execute these commands and download a malware that could steal stored passwords into that custom system32 directory created by the bash script itself. The script could be timed in a manner that allows enough duration for the importion of dll files to the new system32 directory and the execution of malware using the iexplorer. However, undetectable malware could be downloaded and executed using a bash script only without the need for iexplorer.

Does anyone actually use Guardio? Is it worth it?

so hes the guy who runs jurassic park

👍

"stop stop!!.. He's allready dead!!! Z

With this new scandal about TLauncher can you maybe chek how bad is that ?

hi

Thanks god i though i was going crazy looking at my logs

Or just open calc.exe shell:::{74E23A81-AFA8-4bbe-8EC0-B345EAEF5D1C}

I have been getting hacked with this method since august 30+ computers, routers , cameras, all smart home devices from some group from China. They have me connected to a server as a client I cannot disconnect from. They are using winpe, winre, windows resume, efi memory tester and fwbootmgr for persistence. I can’t rewrite the bcdbackup or read it since it is written in another language and a partition of my hard drive will not show up since it is written in an older version of windows fat 16 format that allows the characters to go to 260 places. All of my hard drives, thumb drives, cd drives, efi and nvram have boot backup to keep it persistent. Dlls and other programs blocking all antivirus to show clean. If I do manage to fix a section there is a watchdog that will catch it and instantly reboot the computer. I’m working through recovery command prompt trying to get it all fixed.

🗽♨

mof balls 😅

❤❤❤

Seriously, who is still using internet explorer?

internet explorer mı kaldı lao

hey!

Commented 🥰

I'm interested in ethical hacking 🤗😍

the waffle house has found its newest host.

16 th comment

Comments: 4: ‬

The Waffle house has found its new host.

First. :3

First

do you smoke weed?

please stop using soy facial expressions on the covers

Gawd dmmmtttt back to work I guess 🥲