P2P-Zone

P2P-Zone (http://www.p2p-zone.com/underground/index.php)
-   Peer to Peer (http://www.p2p-zone.com/underground/forumdisplay.php?f=5)
-   -   Kmdb.html search for it on your computer (http://www.p2p-zone.com/underground/showthread.php?t=10731)

butterfly_kisses 23-04-02 07:51 PM
Kmdb.html search for it on your computer
 
Hi everyone..I remember reading one of numerous security notices concerning Microsoft and Internet Explorer Browsers about a malicious website operator being able to read the contents of a)your cookies or b)your entire harddrive

and in some instances to have as much control over your computer as you have.

But the key to the exploit was knowing the exact name of a file located on the victim's computer...

Well i've known about the existence of kmdb.html for sometime now and am just now becoming concerned with the security implications of this file being created no matter which fasttrack client you use (I'm uncertain about the Imesh client whichever Gnutella client that was or is that also accesses fasttrack...i hope i named the right one)

So my question to the board is what is the file used for....Looking at the source code revealed it loaded ads and usually depending on the client the ads came from different sources...

They seem to "project" the ad into the client (Grokster/Kazaa) window at the bottom left of the screen...Even with a hacked Cd_clint.dll the kmdb.html file still gets created.

Could the KaZaA and or Grokster websites use this knowledge of the kmdb.html file to exploit its users? I'm certain of it and in most cases they probably already have.

I just wanted to bring this to the attention of others because as far as I know I'm the only who noticed this and cared to say anything about it.

On another note the KaZaA executable is packed or compressed with an executable compactor called PeCompact v1.67 I hope this infor will help you alls out there who use SoftIce or Windasm in some small way. : )

"...a world without spyware....hmmm now there's a pleasant thought."

:)

:b: "Harby"

HAL9000 24-04-02 12:47 AM
I found kmdb.html in my box.

Code:
<HTML>
<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLL="NO">
<IFRAME SRC="http://adroar.com/grokster_ads.shtml" WIDTH="468" HEIGHT="60" FRAMEBORDER="no" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="no">
<A HREF="http://adroar.com/cgi-bin/adjuggler.cgi?img_click=/grokster_client" TARGET="_blank">
<IMG SRC="http://adroar.com/cgi-bin/adjuggler.cgi?img_only=/grokster_client " ALT="Click here to find out more!" BORDER=0 HEIGHT="60" WIDTH"468"></A>
</IFRAME>
</BODY>
</HTML>

BuzzB2K 24-04-02 01:12 AM
I found two (I dual boot) - same exact file.

Snarkridden 24-04-02 03:03 AM
Thanks Harby..
 
There are many internal code compressors used with todays programs, to defeat hack attempts, or just simple "resource engineering" ...

On another note the KaZaA executable is packed or compressed with an executable compactor called PeCompact v1.67 I hope this infor will help you alls out there who use SoftIce or Windasm in some small way. : )

Pe is just one of them, would be nice to have a REVERSE Pe, in the days when we used Pklite/Pkzip etc there were many such expanders "Busters" ideal for restoring the original codes as compiled.

Any of you real techie bods got any links for such proggies to the the biz with windows stuff? could do with one to "open up" WinMx3.00 as some vital changes need to be made that I'm sure the final version wil not have...

Thanks.. Snark.. :beer:

twinspan 25-04-02 03:06 AM
found (and deleted) kmdb.html in C\Windows\Temp. Thanks, Harbynger.

re browsers and security, take a look a this comparison chart for the big three browsers, and ask yourself how on earth Microsoft get away with it.

Scyth 25-04-02 04:29 PM
I wouldn't be to concerned. Firstly, if I remember correctly, the vulnerabilities only allowed you to read/execute the file that you knew the name and location. If simply knowing the name and location of any file was enough for full access, the millions of people who install common software to the default directory would be vulnerable. Moreover, the FastTrack client can already run any code they want on your computer once you've launched the client. There's no need for them to use any sort of hack.


All times are GMT -6. The time now is 06:23 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)