John Lamansky

According to this article from PCWorld, Google can be used to provide information for hacking attacks.

An example the article mentioned is the ability to use Google to determine the server structure of a large network. If you type in site:nasa, apparantly you get a list of the servers on NASA’s internal network, which could possibly be used to discover entry points for attacking the server systems. The same goes for site:google, site:yahoo, and similar queries.

This wasn’t mentioned directly in the article, but the article gave me the idea: typing something like “warning mysql site:nasa.gov” into Google can allow a searcher to find MySQL error messages on the NASA website. This could allow a hacker to obtain information about the database structure.

I found a way to create a special file that looks exactly like a JPEG file, but when double-clicked, opens a Windows Explorer window.

These are the steps; as far as I know, it only works in Windows XP.

1. Open a new Notepad document.
2. Copy and paste the following into Notepad:
   
[Shell]
Command=2
IconFile=%SystemRoot%\system32\shimgvw.dll,3
[Taskbar]
Command=Explorer


3. Click File > Save, choose a location, then type “<file name>.jpg.scf” (where <file name> is the name of the file)
4. Close Notepad and open the folder where you saved the file. Notice that the “.scf” extension is completely hidden (whether extensions are enabled or not) and it looks exactly like a JPEG file. Double-click on the file and tada! Windows Explorer opens.

As far as I know, you can only use the SCF extension to:

1. Open Windows Explorer.
2. Show the desktop.
3. Show the Windows 98 “Channel Bar.”

I doubt Microsoft would be dumb enough to allow an SCF file to open any ol’ program (like fdisk.exe) due to the fact that the SCF extension is hidden.

Of course, there is really no practical application for this (for malicious purposes or otherwise). It’s just kind of fun to see how you can take advantage of the SCF extension.