|
-
May 26th, 2003, 02:17 AM
#21
I see no problems with publishing how they did it. It's not the flaws you share, but what you do with that knowledge.
While posting a patch along with the problem would be nice, not everyone has the skills or the ability to create a patch for the problem.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
May 26th, 2003, 04:53 AM
#22
This is nothing new and you really are displaying your ignorance by posting this.
It has been argued here on a few occasions if this is hacking or illegal and the concensus was it is not. The reason...Its nothing you couldn't get by using Kazaa itself only going threw more trouble to get it. Your only viewing what the user intends for you to see and the user name is given with each file kazaa finds.
Your use of NetCat shows a lack of knowledge in using it. Your using -t to make it emulate telnet when its not necessary and the entire process should be automated.
Because its not hacking or illegal ill show you.
you can either use a scanner that can output to a file or cut and past the results. heres the output from a simple scanner outputing to a file named c:\kazaa.txt.
Port# 80 on host xxx.149.251.12 is active
Port# 80 on host xxx.149.251.88 is active
Port# 80 on host xxx.149.251.85 is active
Port# 80 on host xxx.149.251.70 is active
Port# 80 on host xxx.149.251.94 is active
Port# 80 on host xxx.149.251.102 is active
Port# 80 on host xxx.149.251.26 is active
Port# 80 on host xxx.149.251.54 is active
or 1214 or both if you so desire
now open a command prompt. type the statement below all on one line and enter:
FOR /F "tokens=5" %X in (c:\kazaa.txt) DO echo GET /http1.0 \n\n |nc -vv %X 80 |more |find "Kazaa-IP" >>newport.txt
"tokens=5" says only use the fifth element in this line, and store it in %X
the output in newport.txt will look something like this
X-Kazaa-IP: xxx.149.251.71:2156
X-Kazaa-IP: xxx.175.243.233:2625
X-Kazaa-IP: xxx.149.251.88:3702
X-Kazaa-IP: xxx.149.251.12:1117
X-Kazaa-IP: xxx.143.174.72:2387
X-Kazaa-IP: xxx.149.251.146:3071
(remember the super node is still only just a user)
If you dont have a port scanner simply select an address range, say.. 202.11.21.0-202.11.21.255. now open a command prompt and type:
FOR /L %X in (2,1,254) DO echo GET /http1.0 \n\n |nc -vv 202.11.21.%X 80 |more |find "Kazaa-IP" >>newport.txt
this way will try to connect to every address in the range at port 80 and take much longer...but it works.
now you can have an entire list of address and ports you can waste your time looking for things that you could find much easier by using Kazaa itself.
oh by the way the above method requires an NT based system. if your using *nix you shouldn't have to be shown.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 26th, 2003, 05:59 AM
#23
/me sniffs... well said tedob...
-
May 26th, 2003, 06:09 AM
#24
Banned
We've found tons of Kazaa clients not even using these ports, buttttttttttt we won't even
get in to subject of playing with portscanning  We'll continue to gain access you continue to surf.80 ..nuff said, sorry for the rest of ya =)
-
May 26th, 2003, 10:28 AM
#25
Member
different ppl with different oppinions.. i am with instronics, coz now alot of ppl know that their kazaa isn't that safe.. but still, sabro should do something about how he/she present it in ao.
cheers again 
-
May 26th, 2003, 12:11 PM
#26
difference of opinions
i would just like to say that it seems there are varying oppinions on this matter, i would like to apologise to sabro for the way i jumped on him. in retrospect it was a bit harsh.
the information itself was useful and of course that is why we are all here, it was just the way it was interpreted that initially made me flame ! alot of these forum do spend too much time just dissing others instead of focusing on the information we are all after.
I for one am now going to make a concerted efoort to concentrate more on the content than the intent and give people a little more leeway, of course i dont want to see the usual crap about "how do you hack this etc" but will not be so quick to jump in future.
Again i apologise sabro and thanks for the info just present it a little differently next time.
live well and love life to all.
Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !
The Head foundation
Please give generously
-
May 26th, 2003, 07:27 PM
#27
Oh contraire:
These are the IPs and ports from which the html listing of files that are shared can be viewed if the user is sharing any :
X-Kazaa-IP: xxx.149.251.71:2156
X-Kazaa-IP: xxx.175.243.233:2625
X-Kazaa-IP: xxx.149.251.88:3702
X-Kazaa-IP: xxx.149.251.12:1117
X-Kazaa-IP: xxx.143.174.72:2387
X-Kazaa-IP: xxx.149.251.146:3071
Hardly port 80. But on ports 80 or 1214 are kept the records as to which port a request must be made to.
I do agree with you that a list of kazaa user can be used for further exploitation. These are usually the most fool-hearted. Some using the same user name for everything.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 26th, 2003, 10:44 PM
#28
Junior Member
Kazaa Lite is a sweet hacked version of Kazaa!
-
May 26th, 2003, 11:48 PM
#29
-
May 27th, 2003, 03:06 AM
#30
Banned
Are we so bored that all we have to talk about is how to "hack" Kazaa? I mean get a life people and start posting about important stuff!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote