Hidden function in Proxomitron
In Memoriam Scott R. Lemon
Petit image
by None of your business,
(slightly edited by fravia+)
Re-edited at the beginning of November 2006
Courtesy of Fravia's searchlores
Knowledge is knowledge's reward!
There is a crack, a crack in everything
That's how the light gets in
(x)Beginner ( )Intermediate ( )Advanced ( )Expert
You should understand it with a half brain
Finding and finding out a "hidden" function
in Proxomitron, by using basic knowledge
Written by None of Your Business


Well, the thing I am talking about needs a very basic knowledge, and the need to publish it makes me sad. I simply can't believe that I am the only person from the billions of computer-users who found this because I'm aware of my own abilities. If everybody is more stupid or less interested than me it is a lot worse world than I thought. And I had no high opinions in the first place. Also I'm not sure if I have any right to publish it, while the author - Scott - never did it. I'm watching the knowledge scene for nearly ten years now, and I feel it even worse than a windmill fight. You think you are spreading knowledge, but the tiny rays of light falling to the huge black holes of ignorance. "I don't know an I don't care...". Most of you guys don't even need this knowledge. It needs work to use it. Run before the command line tools grabs you! Fucking lazy bunch! Go fetch a 20MB mass downloader and be happy with it...
I'm well pissed off, so it is quite possibly a long impressum with a very short "essay". But I owe F+ as much as to pass him the decision - if he still want to use this little work in his (yes our) windmill fight, then so be it.
Also -if I may note -the things written here could properly be called 'hacks', some parts maybe cracks, therefore I am maybe a hacker or a cracker (or maybe not). It is all about circumventing your own disabilities by finding ways to realize your own wishes.

I declare here that in the following derivative work, I kept myself to the spirit of the original program, and the wishes of Scott R. Lemon - so absolutely no bison was harmed in the process.

Tools Required
Fileviewer/editor (optional, try Hiew or F3 in any OFM)
Sed (well worth to learn)
Brain (absolutely neccessary)
Willpower (absolutely necessary)

Of course, you may choose any other tools you like.

Program History
Proxomitron is THE ONLY SINGLE PROGRAM which could motivate a decent person decide to keep a MS operetta system running. We need 4.4 or 4.5 for this research.

First step - Search

It always pays out, even with a minimal preliminary knowledge, if you try to explore anything around you. In our case it mostly means files on computers. With a crap like Microsoft's OS-es, you can only guess a file's content by looking at its extension - that is what these OS themselves do (instead of checking the header, for example, like any decently programmed thing would do). Rename any of your mp3 to text, and look what happens (try the same -if you never did-, with some Linux live-distro, to see the difference). It's good to have a decent filemanager and also good - if not much deeper - that you regularly use its file-viewing functions.
Try this function on the Proxomitron executable. Of course you are already familiar with Proxomitron's matching commands, because you have gone through the helpfile. Let's see if in the binary there is any string similar to the ones of those commands.
Look inside the file, and search -for example- for "ALERT". There is one hit, and BINGO!
Around it you can see ALL the commands.

Well, if you look around then you perhaps figure that you actually got more commands than the one known. There is a word you can't find in the docs - "EXEC". According to its context it must be another command - an undocumented one!

Second step - Research

Let's figure out what this function would be doing. Pick some common programming language (C, PHP, Python, Tcl...), and search its docs. You will soon find out that in those contexts exec() is how you may call arbitrary programs to help out your own. Like in PHP: if you wan't to create multiple/nested directory structure ("directory" - read in newspeak for the young ones "folder"), you need to write your own lot of code.
PHP's default function only create one at a time (AFAIK not the newer ones). BUT with exec, you can call the directory-creating function/program of the host OS, and you only need to pass it its own parameters - PHP outsources the job.

Quick Summary

So - there is an undocumented function in Proxomitron, able to run arbitrary programs by matching a filter! Well if this works, then obviously there is an ocean of new possibilities to sail on. Seekers Ahoy!

Third Step - proof of concept: codes

By trying out a little this-and-that, and running Filemon in the background, one finds that "$EXEC" works only in the replacing part - so it is still difficult/worthless to exploit it (I guess). See the next code snippet - A Proxomitron filter:

Name = "EXEC direct"
Active = FALSE
Multi = TRUE
URL = "*"
Bounds = "<html>"
Limit = 256
Match = "<html>"
Replace = "<HTML>$EXEC(scandisk.exe)" 

If you wan't to map the behaviour of this function, try EXEC onto a dummy. Like alice - see Filemon's log:

( 00:37:46	Proxomit:FFFBEABF )
FindOpen    C:\WINDOWS\SYSTEM\ALICE.*             NOTFOUND
FindOpen    C:\WINDOWS\ALICE.*                    NOTFOUND
FindOpen    C:\WINDOWS\ALICE.*                    NOTFOUND
Attributes  C:\WINDOWS\SYSTEM\ALICE               NOTFOUND
Attributes  C:\WINDOWS\ALICE                      NOTFOUND
Attributes  C:\WINDOWS\ALICE                      NOTFOUND	
Attributes  C:\WINDOWS\COMMAND\ALICE              NOTFOUND

(You'll see this differently in all different flavours of Windows. There is a lot to learn from it, btw... but I'll let you work on your own a little :-)
So without changing anything (like the path), IF we have an executable somewhere on the places we see in Filemon - Proxomitron will be willing to start it. Of course now all of you are aware and begin to guess how many things something lik ethis can accomplish. Our long-beloved command-line tools can now be integrated to our powerful browsers, through Proxomitron, extending their functions.
You should start wget -or curl- to spider from a given webpage. Or pass to mencoder a "streamed" media, in order to save it in any different format to your HD. Perhaps use this for remote administration, making your own html from pdfs 'on-the-fly'.
IF you are willing, you could build an output formatting frame, and watch all the outputs/logs inside your browser - already html formatted (or if you lazy, you can just put it between 'pre' tags).
Well all these nice exploits need some code, code that has to be written, so? What are you looking for?
Ob duh
I wont even bother explaining you that you should USE YOUR OWN BRAIN to explore this kind of stuff if you intend to use it (I mean your brain) in different manners than the allowed ones.
Also don't forget some common sense - don't harm anybody with the help of this hidden function... because if you do, then maybe on a silent still night I'm coming for you...




Some technical additions

Proxomitron's exec function passes no parameters. So you can't simply pass an url to wget or whatever - it takes the first word (hopefully wget), and runs the program in itself.
Not that this could bother anybody with a half brain :-)
There are at least two solutions to this problem. One of them is patching the binary, after some reversing. The other is to use Proxomitron's ability to write to file(s), and make it generate a batchfile with all with the fancy parameters, then run that one. I picked the second, and made a kinda Proxomitron-Shell. See it for yourself, but remember - programs wich needs further input may be waiting you with an open console (without correct handling - read the batch-faq).
The code is mostly proof-of-concept, I made it with a modified setup - the config-set contains only my filter - it may get messed up if you use a big config file. Also the thing uses frames - check your rules if you merge this filter to your own ones. It starts up with an error - because there is no input in the form, but... ...damn I don't care! Try it, look at it, start working on it, or forget it. If nobody has missed this until now, then maybe nobody in fact needs it.
There is a half-made command-history - youdid read it. Now go and finish it!
Proxomitron Shell
Part of my solution is a sed version - sedmod, just fetch it from the net if needed. If you decide to cripple this undocumented function, you should try

 sedmod "s/EXEC/NULL/g" Proxom~1.exe>Patched.exe
With other versions of sed you can hex-patch also, and you can do it also with Proxomitron itself. If you have dealt with the problem of making Proxomitron filtering a binary, by changing its MIME-type or by renaming it to html, the next filter will just do the thing:
 Name = "Patching Proxomitron's undocumented EXEC to nothing"
 Active = TRUE
 URL = "*Program%20Files/Proxomitron/Proxomitron.htm"
 Limit = 23
 Match = "(([%00])\1EXEC)\2$ALERT(This filter's function is to cripple the undocumented\n
 'EXEC' funcion from Proxomitron 4.4 or 4.5.\n
 It is assumed that you load your file with \p=*Program%20Files/Proxomitron/Proxomitron.htm")"
 Replace = "\1\1\1\1\1"

Well. all right - there is another proof-of-concept code built on this function. A vigenere decipher. Just an example. It is ugly, but it works. Anybody can modify it in order to use something harder, like PGP.
So If you want you can have a PGP-hardened messageboard. Vigenere decipher using Proxomitron

Sedmod - you need it for both codes examples
Command line vigenere, you need it to use the second code example

(By Winston -- Feedback: email:tune_proxomitronIGNOREUPPERCASE____AT____IGNOREUPPERCASEhotmail.com)
way out

Petit image
Back to Proxomitron
(c) III Millennium: [fravia+] , all rights reserved