Sign in to follow this  
Followers 0
nick84

CD Rom Drives Opening

14 posts in this topic

I just had both of my CD-Rom drives open up, so immediately, I start up netstat, and get my virus scanner going, fearing the worst that I had a virus. Well at the time it happened I had several web pages open, so I didn’t immediately realise, but I was on a security test site, which had managed to open them both up! Definitely gave me a shock. Here is the code:

<script LANGUAGE="VBScript"><!--Set Eject = CreateObject("WMPlayer.OCX.7" )Set CDdrives = Eject.cdromCollectionif CDdrives.Count >= 1 thendocument.write("<br>Using VB Active Scripting all your CD Rom drive have been opened")For CD = 0 to CDdrives.Count - 1CDdrives.Item(CD).EjectNext End If--></SCRIPT>

Worked on my box running XP professional service pack 1.

0

Share this post


Link to post
Share on other sites

heh, when I saw your post title I figured you where in linux and had just been ownedc.. nice to see thats not so, although I suggest you visit windows update, inatall and reboot as needed.. ;)

0

Share this post


Link to post
Share on other sites

That is hilarious! Is it IE that "executes this client-side script in the local context?"

0

Share this post


Link to post
Share on other sites

Just checked it out some more, it works when you have your security settings for the "internet zone" set to medium (which is the default), if you change that to high, it does not do anything.

Their doesn’t seem to be any patches available for active scripting on windows update - I guess because its considered a feature, not a bug.

EDIT: Just to be clear, I was testing it via placing the code on another server, so it seems that it is meant to be allowed in the "Internet zone".

0

Share this post


Link to post
Share on other sites

I set my zones to custom and have it prompt me for anything. :)

0

Share this post


Link to post
Share on other sites

VBS Scripts don't work on a Mac. Darn.

I'll have to settle for doing it manually. Pressing the CD eject key opens my CD-RW bay. Pressing Option-CD Eject opens my DVD-RW bay. Pressing them in the right rhythm I can open one while the other one closes. It's kinda fun. :lol:

0

Share this post


Link to post
Share on other sites

can you make music?? kinda like playin tunes on a dot matrix printer, but not quite.....

0

Share this post


Link to post
Share on other sites

Funny you should mention music. :lol:

I actually tried playing Beethoven's 5th (DA-DA-DA-DAAAAAHHHHH) when I figured out I could open them that way. Couldn't get them to open fast enought though.

0

Share this post


Link to post
Share on other sites

I used to listen to that (5th symphony) like a long time ago.....I thought it was cool. I still do.

0

Share this post


Link to post
Share on other sites

I think it was the Apple ][e floppy drives that were notoriously loud back in the day because of the monstrous read/write head they had. There was software that would play "Flight of the Valkyries" by moving the drive head back and forth. Since moving the drive head forward or backwards one track was fairly quickly the rendition wasn't so bad... well, considering we're talking about sound coming out of a 5 1/4" floppy drive of course.

0

Share this post


Link to post
Share on other sites

we should have some software that did this with a cd drive, or a floppy, or maybe even a hdd, that would be awesome.

0

Share this post


Link to post
Share on other sites

Hard drive speakers aren't quite what you're looking for but they're cool nonetheless.

I think that with a real DOS box and some assembly language code to control the drive heads directly I think we could get something going.

But I should probably finish the DTMF decoding software first... :)

0

Share this post


Link to post
Share on other sites

This is a common practice in deceptive people. This script though seeming advanced is merely a script telling your computer to do a local command after a check... same can be done remotely with many many php exploits for windows... I demonstrated it to someone in IRC once that was on this board but I cant remember who.. 2 core advice tips... ensure that your browser does not allow for scripting.. unless you know what your doing.. On my 98 box I use to have... nothing more than raw html could be viewed.... without my permission java flash etc would not view unless I gave permission... it was a old plugin im not sure if its valid for new IE.. I will try to search it out. Second advice is if your running a server... and your a windows machine... keep an eye on your php.... biggest mistake people have troubles with when running apache/ php/ and windows all in one... sad but true its one of the largest methods of attacks in old and todays web defacements.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0