Morphues Exploit Question Answered - Page 3
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Morphues Exploit Question Answered

  1. #21
    Member
    Join Date
    Jan 2002
    Posts
    58

    Re: grrr........

    Originally posted by guerrillase7en
    so running easy exploits on webservers that do what there supose to do just have really no if any security isn't really an exploit? no cgi exploits are real exploits? no exploits are real exploits? damn then there is no such thing as an exploit. in your mind.....
    Ok..Let me see if I can explain this in a way that you can understand.

    1) The original intention of Morpheus is to allow users to share files, ANY kind of files.
    2) As long as the user puts the files they want to share in a specific directory and follows directions,
    AFAIK you cannot access any other directory other than the shared one. If you can find a way of
    accessing a directory that the user is not sharing then THAT would be an exploit.

    Just because some idiot users choose to share their entire hard drives and you can access them, it does not mean you
    have found an unintended use for the program.

    Whereas if you are able to exploit a webserver that has a bug that hasn't been patched, you could say
    that you have exploited the admin's laziness/the programmer's incompetence since the specifications
    on the server never called for the program to be unable to deal with buffer overflow or whatever means
    you would be using to access it.

    There is a big difference between what happens with Morpheus and what a true exploit is..and if my explanation or that of the other
    posters here telling you don't help you understand...I dont know what else to tell you.
    Sheesh!!
    Realityisanillusioncreatedbyanalcoholdeficiency.

  2. #22
    Member
    Join Date
    Dec 2001
    Posts
    75
    Originally posted by Matty_Cross
    ...Now, if you could upload to their computer through this method... I'd say its an exploit... but you can't....
    u can.

    so using this to d/l there .passwd file and telnet into root isn't going to give u the power you want inorder for it to be an exploit?




    -Guerrilla Se7en

  3. #23
    Member
    Join Date
    Dec 2001
    Posts
    75

    Re: Re: grrr........

    Originally posted by Tortured Spirit
    ...Whereas if you are able to exploit a webserver that has a bug that hasn't been patched, you could say
    that you have exploited the admin's laziness/the programmer's incompetence since the specifications on the server never called for the program to be unable to deal with buffer overflow or whatever means you would be using to access it...
    so exploiting a sys admin's stupidity(if they don't chek for security updates) and exploiting a sys user's stupidity(by shareing evrything) isn't the same?




    -Guerrilla Se7en

  4. #24
    Member
    Join Date
    Jan 2002
    Posts
    58

    Re: Re: Re: grrr........

    Originally posted by guerrillase7en


    so exploiting a sys admin's stupidity(if they don't chek for security updates) and exploiting a sys user's stupidity(by shareing evrything) isn't the same?

    Basically, yes. Security updates are released to patch a bug/security hole that was never intended to be there in the first place.

    With a P2P program like Morpheus, they original intention of the program was to allow ppl to
    share files from a specific directory or directories.

    AFAIU, an exploit by definition is finding a way to take advantage of a bug or security hole that
    should not exist in the first place.

    And that, to me anyway, is the difference.
    Realityisanillusioncreatedbyanalcoholdeficiency.

  5. #25
    Member
    Join Date
    Dec 2001
    Posts
    75

    Re: Re: Re: Re: grrr........

    Originally posted by Tortured Spirit
    ...take advantage of a bug or security hole that should not exist in the first place.
    ...
    it shouldn't allow you to share the holde hard drive/nor let it list *.pwl/.passwd files



    that's a security hole that shouldn't exist....




    -Guerrilla Se7en

  6. #26
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535

    Unhappy I came across this..

    dunno if it work though...

    It's a perl script wich is supposed to be a Kazaa/Morpheus Denial of Service Attack..

    (rename .txt to .pl if u wanna try)
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #27
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    --------------------------------------------------------------------------------
    Originally posted by guerrillase7en

    quote:
    --------------------------------------------------------------------------------
    Originally posted by Matty_Cross
    ...Now, if you could upload to their computer through this method... I'd say its an exploit... but you can't....
    --------------------------------------------------------------------------------

    u can.

    so using this to d/l there .passwd file and telnet into root isn't going to give u the power you want inorder for it to be an exploit?

    --------------------------------------------------------------------------------

    Since when can you UPLOAD to their computer through this 'exploit'?

    I just re-read the 'exploit' tutorial you posted, nothing about being able to upload up there....

    guerrillase7en...
    It SHOULD let you share your whole hard-drive.. its is a file SHARING program.. the key word here is SHARING... Have you noticed, that when your using Morpheus, there is a search option to search EVERYTHING? Does it not dawn upon you that this is there because they didn't really want to create a search category for every single type of file?

    Its meant to be able to share any type of file.

    If a user shares their whole hard drive, that is their choice.... it may not be the best choice, but its their choice.. it isn't an exploit in the software... its doing what it was intented to do....

    I personally am going to stop (or at least try to stop) posting to this thread, as I seem to just be repeating myself...

    I feel kinda like this...
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  8. #28
    Banned
    Join Date
    Oct 2001
    Posts
    1,463
    The Morpheus/KaZaA exploit is not really a exploit..... How can you exploit someones inability to check what files a specific program is sharing with the internet ? If those people just spend 5 seconds and click on a button on a toolbar they could see which files K/M is sharing.... But I guess there too busy for that... So we should just let them have all their personal files on the internet for the world to see
    Although I have been sending messages to the people who do have *.pwl or other system files shared..... There are many more... This non-exploit doesnt only exist in K/M it exists in other file sharing programs... Its just that we choose to publicize these programs.....

    Alll they need to do is get hacked or something or other and then thell be more concerned with security... Thell be picking away at the files with tweezers
    Nothing is REALLY an exploit... Its all human error... if someone had taken the time to add a few more lines of code to prevent K/M from sharing system files.... Then we wouldnt be here.

  9. #29
    akanicknick
    Guest
    First off) that is not hacking that is just newbie sh*t
    Second) like almost everyone said its only files in your shared folder
    Third) You are ******n stupid to even think of this as an exploit

  10. #30
    Member
    Join Date
    Jan 2002
    Posts
    58


    I personally am going to stop (or at least try to stop) posting to this thread, as I seem to just be repeating myself...

    I feel kinda like this... :
    Amen !! My post(s) above were my last attempts to explain this..It can't be explained any clearer than has already been. SO I am gonna quit : with these kids and go on...
    Realityisanillusioncreatedbyanalcoholdeficiency.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides