Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: Morphues Exploit Question Answered

  1. #11
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    A root pwl file?

  2. #12
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    Idk looked fishy to me too... Maybe we got a Linux fan using Windowze

  3. #13
    Member
    Join Date
    Dec 2001
    Posts
    75

    Wow

    didn't know my littel tut on morpheus/kazaa hacking made such a big sceen, well here's my idea, the maker of kazaa (and morpheus) wanted to share all fiel like exe,zip,mp3 so made it to shere all files but didn't think about the *.pwl files and if u just click serch for more by this user u don't see a full list... more or less it's not an exploite jsut a hole, shity programing, good example of windows




    -Guerrilla Se7en

  4. #14

    Re: Morphues Exploit Question Answered

    Originally posted by warp82
    I keep hearing of people asking the question "whats with the morphues/kazaa exploit; it's not really hacking?" Heres where their wrong.
    You call this HACKING???....so called exploit cut and pasted stra8 from the source:



    The Problem:
    ------------
    Morpheus/KaZaA lets its users share their entire hard drive with the world. Letting you
    have access to there M$ money files, cookies that have passwords in them ect...


    Exploiting the flaw:
    You can simply connect to someone in Morpheus or Kazaa and begin downloading a file (I
    suggest searching for “.sys” or “.pwl” to get only ppl with all files shared). Then go to DOS
    and run netstat (newbies type "netstat -n") There IP address will be connecting from port 1214
    so it'll be like this "x.x.x.x:1214". Now, go to http://x.x.x.x:1214 to see a complete
    downloadable list of the files you can download.


    Exploiting the flaw (a harder way, the 1st seems to easy):
    Open your favorite IP scanner (I use SuperScan get it at http://www.foundstone.com) set
    it to all ports from 1214 to 1215 chances are anyone with port 1214 open will be sharing on the
    Morpheus/KaZaA system...





    Closing:
    --------
    This is a good tool to get the IP # of a person sharing child porn also, do with them
    what you will (nuke, nuke, nuke!)... You can contact me on AIM as 'Guerrilla Se7en' or by
    email at guerrillase7en@anarchynow.com : 1st posted at http://www.angelfire.com/linux/antiwindows/

  5. #15
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    Correct me if I'm wrong.. but if this is an "exploit" of the program, then its like saying that being able to FTP to an ftp server and downloading anything in a directory that you have access to, rather than a specific file is a 'exploit'... I mean, for crying out loud, if your going to be saying something that is a specific item in the program is an exploit, then what's next?
    Hell, I mean, you can view all a users files just by right clicking on a file shared by them and choosing Find more from Same - User...

    So how exactly is this an exploit.. I mean, I'll give you that its not the original program interface (although morpheus does include a stripped browser in the program... but that' about as far as you can stretch it....

    All that this stupid 'exploit' will do is stop those kickass users who have almost every song under the sun stored on their computers to stop sharing them.. I gave the 'exploit' a short test, and closing sharing with other users kills the whole exploits idea... you get nothing....

    So why bother saying this is a flaw/exploit.. in my opinion, its an additionally feature, coz users with non-sensitive information can share it and get access to it just about anytime...

    Hell, most of my friends have morpheus sharing their diablo II directory, so they can acccess their character anywhere..

    So, PLEASE!! tell me how this is a exploit... Its killing my sleep deprived and alcohol drown brained....
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  6. #16
    It is not an exploit, unless you call it that because you would be exploiting stupid users.
    The Morpheus program is not just a mp3 sharing program, it allows you to share whatever you want to. If the users are stupid enuff to share important directories, then they deserve to be "exploited".
    btw...The root pwl file isn't as unusual as you might think. There are those of us who have to keep a Win installation around for the wife and kids and keep a "root" account on there to connect to my Linux box while within Winblows.

  7. #17
    Member
    Join Date
    Dec 2001
    Posts
    75

    Unhappy tisk.....

    Why is it evryone thinks a exploit/flaw has to be a program on a *nix box u run? Why can't you accept that some are easy to find like this one, a security flaw just means it has a place with weak security.




    -Guerrilla Se7en

  8. #18

    Re: tisk.....

    Originally posted by guerrillase7en
    Why is it evryone thinks a exploit/flaw has to be a program on a *nix box u run? Why can't you accept that some are easy to find like this one, a security flaw just means it has a place with weak security.
    We don't call it an "exploit" because the program is doing what is was designed to do....share files. Security in this case is the user's responsability...i.e. being careful about which directories you share. SHEESH!

  9. #19
    Member
    Join Date
    Dec 2001
    Posts
    75

    Exclamation grrr........

    so running easy exploits on webservers that do what there supose to do just have really no if any security isn't really an exploit? no cgi exploits are real exploits? no exploits are real exploits? damn then there is no such thing as an exploit. in your mind.....




    -Guerrilla Se7en

  10. #20
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    This is not an exploit...
    Face it...
    Its just simply using a different interface to access the files.
    Your not able to do something that you shouldn't be able to do, which is really what an exploit is...

    Now, if you could upload to their computer through this method... I'd say its an exploit... but you can't.... so I won't..

    I'd be hard pressed to bring myself to admit this is a security flaw... the closest this comes to being a security flaw, is that you can get the users IP Address... and that is unavoidable in a P2P situation AFAIK...
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •