kazaa on port 80

my 2000th post w00t!

This is for all you young'ens out their using the new Kazaa and cloggen up that port 80. dont make it easy for them there crackers.

We all know that one of the steps to hacking a computer is info collection. One might ask, "Why would anyone want to break into a persons private computer...what could they get?" Well besides the obvious...internet accounts, any personal data like credit card numbers for ID theft or just a base to launch other attacks from...i dont know. maybe just for some excitement. who knows. but the fact is they do

i used NetCat and my trusty little port scanner i took the kazaa2.txt file it created and used notepad to remove all but the IP (i know their are easier more automated ways but this really isn't about scanning)

then i opened a command prompt and typed:

for /f "tokens=1" %x in (c:\kazaa2.txt) DO echo get /http1.1 |nc -vv %x 80 |more >>nckazaa.txt


This is what i got. Im willing to bet that a good percentage of these user names are also their login names for their computer and other services on it. if not it could help with SE or god knows what else its definitly a privacy issue at least:

echo GET /http1.0 |nc xxx.150.32.58:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.58:1680
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.57.34.148:3914
X-Kazaa-Username: velezc6969

echo GET /http1.0 |nc xxx.150.32.56:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.56:2889
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.57.196.205:3752
X-Kazaa-Username: Minkymadness2020

echo GET /http1.0 |nc xxx.150.32.65:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.171.109.87:3304
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.236.27.43:1501
X-Kazaa-Username: danielnieto13

echo GET /http1.0 |nc xxx.150.32.45:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.146.235.71:2905
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.88.120.154:2150
X-Kazaa-Username: tragickmagick


echo GET /http1.0 |nc xxx.150.32.88:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.88:3653
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.75.158.45:2378
X-Kazaa-Username: vanessadavied

echo GET /http1.0 |nc xxx.150.32.122:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.122:2267
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.189.152.230:1938
X-Kazaa-Username: marlonstokes

echo GET /http1.0 |nc xxx.150.32.144:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.144:xxx83
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.71.50.10:3932
X-Kazaa-Username: mark

echo GET /http1.0 |nc xxx.150.32.182:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.129.48.106:2814
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.26.54.127:3455
X-Kazaa-Username: pimpenit4lyf

echo GET /http1.0 |nc xxx.150.32.194:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.194:2261
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.88.87.193:1815
X-Kazaa-Username: satch45

echo GET /http1.0 |nc xxx.150.32.197:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.143.142.57:1125
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.208.216.164:xxx1
X-Kazaa-Username: Missie8

echo GET /http1.0 |nc xxx.150.32.196:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.165.87.223:23xxx
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.184.93.96:1457
X-Kazaa-Username: atb

echo GET /http1.0 |nc xxx.150.32.203:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.149.70.176:3178
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.51.1.153:1610
X-Kazaa-Username: allstar2003

echo GET /http1.0 |nc xxx.150.32.1xxx:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.1xxx:1459
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xxx.82.104.152:2928
X-Kazaa-Username: phinda

echo GET /http1.0 |nc xxx.150.32.162:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.150.32.162:1963
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.96.111.136:3233
X-Kazaa-Username: caramel1104

echo GET /http1.0 |nc xxx.150.32.xxx6:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: 0.0.0.0:2990
X-Kazaa-Network: KaZaA
X-Kazaa-Username: HOMESROOM

echo GET /http1.0 |nc xxx.150.32.173:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.136.92.180:2325
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.228.117.111:3230
X-Kazaa-Username: incubinkibonki

echo GET /http1.0 |nc xxx.150.32.116:80
HTTP/1.0 501 Not Implemented
X-Kazaa-IP: xxx.147.100.156:2819
X-Kazaa-Network: KaZaA
X-Kazaa-SupernodeIP: xx.230.65.113:3033
X-Kazaa-Username: BoricuaEE44

Nice post Tedob, and congrats on hitting the 2 grand mark. I'm only like 1200+ posts behind you and souleman, and I'm really hoping that by the time I hit 2000 that I will have finally said something that makes sense.

As an addition to your post above, I might remind the newbs that you can turn off port 80 in Kazaa options (firewall tab). I'm sure your ISP will appreciate your efforts.

Interesting, congrats on 2Grand mark! Hope I make it that far. Kazza is to vunerable a program. I suggest people not to use it. Sad but true.

allenb1963 its the same on 1214 i just wanted to let folks see the extent of people hogging up the bandwidth.

there were 23 kazaa users using the standard port 1214 in addition to those above using 80.

this could just as easily have been a DoS attack on all these users using the morphus crasher that compiles from morphus .c. I havn't and wouldn't tested it in the wild but it works real fine on my bosses xp machine when hes using kazaa...man does he get pissed! it completely locks up his computer and he has to turn the power off to re-boot. i grin and say you shouldn't be using kazaa on the network!

Congrats...Tedob 2000 post..don't stop posting something interesting to look at...

he..he he. I am lucky don't use kazaa..

Here is a little something fun that Kazaa does. It adds a registry key (the exact location escapes me right now but you can search the registry for it) that gives it info on existing peers so that if your handy firewall admin has blocked port 1214, the connection will still go through. This allows the connection to still traverse the firewall because if 1214 fails, it looks to these defined peers and begins a connection through port 80. Because I happen to be the handy firewall admin, I have removed the regkey to see what would happen. Yes, the connection fails if the key is removed. Just a little heads up for all of you who KNOW you blocked the Kazaa port, yet users somehow are still downloading filez.