I'm not talking about browser exploits. I am talking about real applications used in real companies such as Ijji and Nexon .
Basically, from your websites you can click on the “Start the game” button, which will launch the executable file located at c: \ ijji \ english or c \ nexon [gamename] respectively. These applications are real desktop applications, which means that they can use the file system, direct3d, and the OS [as other applications run]. Applications can also be launched via the command line [as opposed to going to the game’s host site].
I realized that this would be possible if the application created an ActiveX object to cause the creation of a new process. However, websites can run applications from multiple browsers except Internet Explorer, including chrome, which, as far as I know, does not implement ActiveX.
Obviously, people developing these applications use their own tools to do this.
From looking at the list of services, as well as the current list of running applications, I have no indication that they are launching something like "gameLaunchingServer.exe", which listens on some obscure port for an incoming connection [for access using iframe - HTTP Protocol] and responds by running the application ...
I'm at a dead end, and it’s kind of stuck in my head. Obviously, they do not use any random browser exploit, otherwise people are at http: // www. [InsertMaliciousWebsiteHere] .com could take the opportunity to already install random shit. Despite this, it looks pretty cool, and I would like to know how it works.
Just curious, hehe.
source
share