Comment by onionisafruit
4 years ago
I haven’t thought of net send in years. Circa 2000 I worked at Cisco and added some javascript to my profile in the corporate directory that sent me a net send message with the hostname of the computer that viewed my profile. At that time the hostname usually included the employees username, so I had a nice heads up that somebody was looking me up.
I should have left it at that, but Ingot cheeky and also did a net send back to the origin saying something like “thanks for your interest in onionisafruit”. That got escalated and I was threatened with disciplinary action. It didn’t occur to IT that they shouldn’t allow arbitrary script tags in user profiles. The best response was just to threaten the people who were creative with what they were given.
Curious how you escaped a (browser?) With JS to do "native" net send? Assume it was some activeX?
I don’t remember the details, but based on my skill level I know it wasn’t anything novel. At the time I was learning my first programming language, Perl. IIRC I had a Perl daemon running on my computer that accepted an http request, did a reverse dns on the origin and sent the hostname in a net send message. Some of my coworkers used Sun workstations. I could get notifications from them but obviously couldn’t send them a net send message in response.
The js probably pinged their own server with then did the 'net send'
IE supported vbscript, though I don't know how far back that goes. You can certainly run arbitrary commands from jscript or vbscript using an hta app (or wscript)