I came across a small hack, which claims it enables smb:// on windows.
The complaint was that things like <a href="\\computername\path\file.ext">text</a> weren’t working.
While true that you can use file:///// in your url’s, the user wanted to use smb:// so that it’s cross-platform.
The hack goes as follows:
1) Create this Reg file, save and execute it:
REGEDIT4
[HKEY_CLASSES_ROOT\smb]
@="URL:smb Protocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\smb\shell]
[HKEY_CLASSES_ROOT\smb\shell\open]
[HKEY_CLASSES_ROOT\smb\shell\open\command]
@="\"C:\\smb.bat\" \"%1\""
And then create the smb.bat file in your C-folder, containing this:
@echo off
cd C:\
set url=%~dpnx1
explorer \%url:~7%
exit
My question: how safe is this, and any other thoughts on the matter? Besides the file:///// thing I mean.
To me, it looks damn dangerous because it allows any website to place “\\RESOURCENAME” URLs, which will work regardless of context, and
smb.batwill be called if you click such a link. I don’t entirely understand the batch syntax (the ~ part especially) but it seems to me it’s possible to pass any kind of argument toexplorer.exe.There’s probably no immediate danger because it’s very unlikely an outside attacker would guess you have this set up. Still, safe it’s not.