Hello,
I recently figured out how to potentially execute code on someone else's machine through discord and I figured I would semi share here since you guys are chill: So first off discord has this nice feature in which the user can send URI based links, once clicked you can interact with the victims PC. So here is a simple example of a non malicous URI which im sure most of us have seen:
Код:
Скопировать в буфер обмена
<mailto://emailhere@gmail.com>
Once you paste this link into discord
it will say something like this, so this is interesting mainly because we now know that URI schemes are possible through discord. If I hit yep
then we get the simple mail window. So now what makes this better is that you can essentially take people offline by taking a windows DOS exploit and mixing it with this feature:
Код:
Скопировать в буфер обмена
<ms-cxh-full://0>
Once you click this URI scheme it will give the victim a black screen of death. However discord isn't 100% incompetent
If you attempt to use the file:// uri scheme what happens is discord sanitizes it so you can't actually use it. So while doing research on this I found that discord has there on uri scheme
(discord://anythinghere)
This will essentially launch a new discord session, so I've been playing around with this and was semi curious what would be some good malicious uses's I've also learned of a possible way to disguise URLS as other URLS so it will show up as something else and am trying to pair the two.
resource on sanitization: https://www.vdoo.com/blog/exploiting-custom-protocol-handlers-in-windows
URI Schemes: https://en.wikipedia.org/wiki/List_of_URI_schemes
Potential Use: https://www.greyhathacker.net/?p=42
I recently figured out how to potentially execute code on someone else's machine through discord and I figured I would semi share here since you guys are chill: So first off discord has this nice feature in which the user can send URI based links, once clicked you can interact with the victims PC. So here is a simple example of a non malicous URI which im sure most of us have seen:
Код:
Скопировать в буфер обмена
<mailto://emailhere@gmail.com>
Once you paste this link into discord
it will say something like this, so this is interesting mainly because we now know that URI schemes are possible through discord. If I hit yep
then we get the simple mail window. So now what makes this better is that you can essentially take people offline by taking a windows DOS exploit and mixing it with this feature:
Код:
Скопировать в буфер обмена
<ms-cxh-full://0>
Once you click this URI scheme it will give the victim a black screen of death. However discord isn't 100% incompetent
If you attempt to use the file:// uri scheme what happens is discord sanitizes it so you can't actually use it. So while doing research on this I found that discord has there on uri scheme
(discord://anythinghere)
This will essentially launch a new discord session, so I've been playing around with this and was semi curious what would be some good malicious uses's I've also learned of a possible way to disguise URLS as other URLS so it will show up as something else and am trying to pair the two.
resource on sanitization: https://www.vdoo.com/blog/exploiting-custom-protocol-handlers-in-windows
URI Schemes: https://en.wikipedia.org/wiki/List_of_URI_schemes
Potential Use: https://www.greyhathacker.net/?p=42