|
-
May 25th, 2003, 01:05 PM
#11
BTW this is old really old google for it. Ok a long shot what if he doesent know how to patch the vuln he posted info here regarding it maybe some one here could provide a explanation to prevent this or a patch instead of handing out negs do something constructive give suggestions on how to prevent it . I dont have the resources here to play around with it but i am sure some one does  and it does work im not sure if it only particular versions that is exploitable. Told you it was old
An advisory for a recent vuln 8/1/2003
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
May 25th, 2003, 01:06 PM
#12
I'm with instronics on this mather. When there's an exploit wich can be used for malicious things, why shouldn't it be posted on a security forum ? I think the security people of all internet folks should know first. Wether he's a newbie or wether it's about a subject people feel lame about (sub7, netbus, back orifice) we should know about it. I don't know with what intention Sabro posted, still I saw way to freaking many simple "bugtraq copies" on here turn beyond extremely positive, why should a copy from a newbie get the same ?
I think none of those plain copies should be rewarded, but yet they are, so this one deserves it as much as the others do. You'd better just sign up for bugtraq or the like, or maybe it should be put in those top rows on the mainpage...
-
May 25th, 2003, 03:27 PM
#13
Perception is everything, especially when reading posts that do not convey intent or tone very well. I for one welcome known exploits as long as they are posted in an ojective fashion, not something like, "L33t H4x0r attack on hotmail...". I feel, like others in this thread, that it is important to have members post known exploits with the caveat that it comes along with some type of suggested countermeasure.
That said, this is good post but it would be even better if they posted this additional info:
This exploit is rendered useless if the checkmark is removed from the setting that allows the client running Kazaa to funtion as a supernode. (which is true by the way).
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 25th, 2003, 06:11 PM
#14
well it used to be much simpler, to where you would start downloading a file from someone on kazaa, then open dos and type netstat -a
which would return ports that had foreign addresses of :1214
then you could simply go to the web browser, put in the ip, with an appending :1214 and get the very same results as that one up there, however i do believe this was patched in versions ago of kazaa. I could be wrong, but this is a simple way to do it.
-
May 25th, 2003, 06:25 PM
#15
Originally posted here by er0k
well it used to be much simpler, to where you would start downloading a file from someone on kazaa, then open dos and type netstat -a
which would return ports that had foreign addresses of :1214
then you could simply go to the web browser, put in the ip, with an appending :1214 and get the very same results as that one up there, however i do believe this was patched in versions ago of kazaa. I could be wrong, but this is a simple way to do it.
Yep it s patched!
i m gone,thx everyone for so much fun and good info.
cheers and good bye
-
May 25th, 2003, 08:30 PM
#16
****. Did ANYONE in here read the guy's website. It is obviously security focused and aimed at informing people about possible exploits.
I agree that the post could have been worded differently, but I think some of you were a little too quick to jump on him for this one. I know we're all supposed to be paranoid by nature and not give people the benefit of the doubt, but a few simple clicks and you can see what this poster's true intent was.
Mike Reilly
bluebeard96@yahoo.com
-
May 25th, 2003, 09:39 PM
#17
i would have to agree with bluebeard, thats why i didnt take part in the flaming but rather wanted to continue the discussion. However, i do believe it would have been better if he had posted a patch as well as the exploit instead of just the exploit, and maybe added some information about why he is posting this instead of just posting a random sploit on these boards..
-
May 25th, 2003, 10:15 PM
#18
Member
What port does KaZaA run on?
-
May 25th, 2003, 10:46 PM
#19
depends on what you specify, when i used it, i had it running on 1214, but i know it can run on others
-
May 26th, 2003, 01:56 AM
#20
Banned
First and foremost, our intentions were not to promote actually attacking Kazaa users, just
as information since most Kazaa users feel they are anon due to the fact Kazaa doesn't
show the ip address in the client. We've found alot of hidden Kazaa users (non-irc'ers, etc)
that didn't even know people knew their machines existed and it was very easy to gain access to their machines thru misconfigurations, etc because they figured they was hidden.
Second of all we've found older Kazaa clients running on 1214/TCP, 80/TCP and various other ports and would suggest as a quick 'fix' that you upgrade to the lastest client.
The newer clients seems to only monitor 1214/UDP and will only open communications after receiving speically crafted packets, which tends to be alittle bit more technical and out of the
relm of your average script kiddes.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote