Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

TXT files are considered to be safe to open as they are plain files. Even most anti-virus solutions feel this way. So, getting TXT files to do bad things has massive impact.

On macOS the default text editor is TextEdit. For TXT files, the default is a RTF format instead of TXT, which allows customization's of the formatting. The author noticed that CSS and HTML were allowed.

macOS attempted to prevent any sort of exfiltration via TXT files. However, denylists are hard to implement properly! Any time there is a denylist instead of an allowlist, you have stumbled on good hunting grounds.

By using an iframedoc element, the TXT file can include local files; this appeared to be the only way to do this.

The next trick was to use dangling markup to exfiltrate the data. This was done by adding a style tag to a remote site with the iframedoc in the middle of it. Once the iframedoc loaded, the data would be sent in a URL (or something like that).