Through much trial and error, I've found an obscure but reliable way to send any attachment through an email system that normally prohibits DLL, CMD, VBS, etc... files. Even zipping the files or renaming files usually isn't enough to trick the filter into letting the file through. Sending emails through gmail and corporate systems, the attachment can cause the email to be partially or fully rejected. With a solid need to send .CMD and .CAB files (with a DLL inside the CAB) through a corporate email system, I figured this out:
- Create original.zip, NOT password protected.
- Rename original.zip to something else original.zip.
RemoveThisExtension. - Zip the original.zip.
RemoveThisExtension file with a password. - Send the original.zip.
RemoveThisExtension.zip file to someone. - Tell recipient the password to unzip the outer file and that they should remove the ".RemoveThisExtension" portion of the inner file.
I think password'ed zip files still provide the directory without needing the password. So "double embed + password " doesn't let the email scanner see past the one non-zip extension'ed file. Here's a shocker, I suspect that the file doesn't even have to be renamed! I didn't have time to try zipping the zip (while adding the password).
No comments:
Post a Comment