azbil

Japanese

English

GO to the azbil Global Site

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact

 

 

IEen

Outline:

IE'en remotely controls Internet Explorer using DCOM.


Microsoft stated, "The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. "DCOM is installed on most Windows machines by default and runs without noticed by the users.If one knew the account name and the password of a remote machine, one can remotely control the software component on it using DCOM. For example, Internet Explorer is one of the software components that can be controlled. IE'en remotely controls Internet Explorer using DCOM.


Summary of IE'en Functionalities:

  • Remotely connects to or activates Internet Explorer
  • Captures data sent and received using Internet Explorer
  • Even on SSL encrypted websites (e.g. Hotmail), IE'en can capture user ID and password in plain text.
  • Change the web page on the remote IE window.
  • Make the remote IE window visible / invisible.

Usage:

  1. Start ieen_s.exe using accounts with administrator privileges.
  2. Input the IP address of the remote machine into the "Remote IP" field.
  3. If the remote machine and the local machine are in the same Windows domain environments, select the domain name from the "Domain" field.
  4. Input the username and the  password of the user currently logged in at the remote machine into the "Username" and "Password" field.
  5. Press the "OK" button to connect to the remote machine.
  6. If IE'en successfully connect to the remote machine, a new window will pop up.From the Window list, select one IE window which you intend to monitor. Then data sent to or received from IE will be displayed.
  7. To see more detailed transaction records. Double Click on one of the QUERY STRING/POST DATA/COOKIES/CONTENTS field.
  8. To change the web page on the remote IE window, type the desired URL into the "URL" field, and then press the "Go" button.
  9. To monitor another IE window, press the "Disconnect" button and then select another IE from the "Window" list.
  10. To create a new window on the remote machine, press the "New Window" button.
  11. To make the remote IE window visible / invisible, press "Visible (Invisible)" button.
  12. To monitor another remote machine, select "Exit" from the "File" menu and then start from step #2 again with a different remote IP.

 

By Soap (Jun. 2002)


 


Presentation:

Black Hat Windows 2003


For your information:

New IE spy progie exploits DCOM (The Register)


 

 



SecurityFriday TM

(C)Azbil SecurityFriday Co., Ltd. All rights reserved.