|
-
May 25th, 2003, 10:37 AM
#1
Banned
 Hacking with Kazaa
###############################################################*
# S.A.B.R.O. Net Security Advisory
# home.earthlink.net/~wh1004989
###############################################################*
#Product: Kazaa
#Authors: Sabro
#Tools Needed : netcat, winfo
###############################################################*
#Overview#-----------------------------------------------------#
Kazaa is a popular P2P file sharing program that most are aware
of, however it can be used to find other systems to gain access
to.
#Method#-------------------------------------------------------#
First start Kazaa and once your connected look in the
Tool/Options/firewall area, and down towards the bottom you'll
notice the Incoming Ports section.
Record the port number listed in the Use Port **** for incoming
connections and select the Use Port 80 as alternative for
incoming connections checkbox. Now that you've done this
fire up netcat and issue the following commands :
nc -v -t 127.0.0.1 80 and once connected enter :
GET / HTTP 1.0
You should receiving something as the following
HTTP/1.0 404 Not Found
X-Kazaa-Username: sabro
X-Kazaa-Network: KaZaA
X-Kazaa-IP: 209.183.120.91:2957
X-Kazaa-SupernodeIP: 66.65.160.49:2436
Record the ip address and port of the X-Kazaa-SupernodeIP, shut
Kazaa down and repeat the process, you should receive a new
ip and port. Collect these for further use. Once you've got
what you want connect to these other ips with netcat, being
sure to try ports 80/TCP, 1214/TCP and the port you got from
the supernode.
You should then notice the different user names for Kazaa and you
should get the standard 404 not found. If you lucky enough to get
a listing of files shared by Kazaa, fire up your trusty web
brower at point it at the victim. You should be able to see
to see the same file listing, however when you click on most of
the files, you won't be prompted to save, merely a click and
nothing happens....on your end. The victim will see the following
example on their side :
Title | Artist | User | Participation Level | Progress | Status | Time | Uploaded/Reg
-------------------------------------------------------------------------------------------------------------------------
Hand in my Pocket | Alanis Morrisette | | Low(0) | | Aborted | | 128k/3474kb
--------------------------------------------------------------------------------------------------------------------------
World Needs a Hero| MegaDeth | | Low(0) | | Aborted | | 128/5481kb
--------------------------------------------------------------------------------------------------------------------------
Respect | Pantera | | Low(0) | | Aborted | | 128/4907kb
__________________________________________________________________________________________________________________________
While this is a mild annoyance to the victim, and hardly constitutes
a security flaw, we have used this method to identify win boxes
running Kazaa, and vunerable to other attacks such as open or
weakly passworded shares, BO, Netbus, etc etc without having to first
scan the host to see if they have these services available.
#eof
Sincerely,
Sabro
http://home.earthlink.net/~wh1004989
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote