| ▲ | electroly 6 hours ago | |||||||||||||
I believe it is. Just tested it. You can make the link "C:\windows\system32\cmd.exe" and clicking it will launch the Command Prompt. I noticed you can't make it "C:\windows\system32\cmd.exe /c some-nefarious-thing"; it doesn't like the space. Exploiting may require you to ship both the malicious EXE and the MD, then trick the user into clicking the link inside the MD. But then you could have just tricked them into directly clicking the EXE. | ||||||||||||||
| ▲ | gruez 6 hours ago | parent | next [-] | |||||||||||||
>Exploiting may require you to ship both the malicious EXE and the MD, then trick the user into clicking the link inside the MD. But then you could have just tricked them into directly clicking the EXE. 1. You can use UNC paths to access remote servers via SMB 2. Even if it's local, it's still more useful than you make it out to be. For instance, suppose you downloaded a .zip file of some github project. The .zip file contains virus.exe buried in some subfolder, and there's a README.md at the root. You open the README.md and see a link (eg. "this project requires [some-other-project](subfolder\virus.exe)". You click on that and virus.exe gets executed. | ||||||||||||||
| ||||||||||||||
| ▲ | thwarted 4 hours ago | parent | prev [-] | |||||||||||||
What if the space is url encoded %20 ? | ||||||||||||||
| ||||||||||||||