|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
09-05-02, 09:10 PM | #41 | |
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
Quote:
|
|
09-05-02, 10:15 PM | #43 |
Napsterite
Join Date: Apr 2002
Posts: 138
|
hot damn!@Xyctnam
Fee Facking Fan!
how'd you figure this out, Scyth? please do tell because I find that the "journey to discovery" is almost as great as the final arrival to the destination. If you will please tell us a little about some of the things you tried that didn't work and what finally got you on the right track? this is remarkable and quite amazing. thanks for including your source (again i should remind my "brothers-in-arms" that i'm not a programmer) but i do appreciate "commenting" on their source code (that's how I learn) and this great |
10-05-02, 02:38 AM | #44 |
Registered User
Join Date: Jan 2002
Posts: 82
|
|
10-05-02, 11:19 AM | #45 |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Scyth, i could not get your unpacker to work for me...all it
would do is launch the kmd.exe but as far as "unpacking" it didn't do anything for me....is there anything else special i need to do besides run the unpacker in the same directory as the kmd.exe? |
10-05-02, 03:36 PM | #46 |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Tutorial #2
Unanonymity and KaZaA
special thanks to Scyth for his help with this tutorial How to find someone's ip address from their Username@KaZaA In order to successfully complete this tutorial it is first necessary to read the KaZaA Out of The Underworld thread particuliar the tutorial section dealing with the kazaadebug.log I will touch briefly on this method once again (credit to Scyth for this info). First go into the directory where your kazaa.exe program is located. Next create an empty plain-text (ascii) text file called kazaadebug.log Next double-click on the kazaa.exe to run it (note that the log will not record debugging information if the kazaa.exe is started in another manner e.g., through a "shortcut" key or a link on the desktop or "quicklaunch" it has to manually be double-clicked for the debug log to record sucessfully.) Then just search for whatever you are looking for. In this example the file "spiderman" + "gonutz" were the key words used under video files >All to search for. Once I found what I wanted I just double-clicked on the filename that showed up in the search results to begin my download. After you download a portion or for however long you wish to download for when you are down downloading close kazaa. Now go into the folder where you made the empty text file called kazaadebug.log Open it up with a text-editor like Notepad or the very excellent EditPadClassic. Now look for something similiar to the examples below: Download: (smr)Spiderman.avi New connection t_dog@KaZaA 0-174180352/174180352 to 187f471c:1214 Download: (smr)Spiderman.avi New connection xnylived@KaZaA 0-174180352/174180352 to 4123d055:1214 Download: (smr)Spiderman.avi source xnylived@KaZaA 4123d055:1214 overloaded, retry 300 Download: (smr)Spiderman.avi source zerosmarts@KaZaA c0a80164:1214 overloaded, retry 300 In the first example #1 we see a username of t_dog@KaZaA followed by a series of numbers 0-174180352/174180352 to 187f471c:1214 the part that says to 187f471c:1214 is the part we want. The 1214 identifies it to us as being an ip address. The ip address that corresponds to that particuliar username. But you say: "I typed that into my browser window and nothing happened." Exactly nothing will happen until you decode the ip address. Right now what you are looking at the 187f471c is called a "hexadecimal value" to convert it to a form that you and i can understand it is necessary to change it from a "hexadecimal value" to a Dword or (double-word) value. To do this we will need windows calculator. Goto Start>Programs>Accessories>Calculator While in Calculator choose View>Scientic which will look like this: http://www.napsterites.net/undergrou...&postid=130407 Make sure that "hex" is selected and enter the value for ip address (in hexadecimal form) that you wish to "decode". Now all you have to do to get the Dword value is just to check the circle that says "Dec" which stands for Decimal. Do it and you should have something that looks like this now: http://www.napsterites.net/undergrou...&postid=130408 This should give you the following value 410994460 [so the d-word value of 187f471c is 410994460] Next step: Goto this address: http://www.fichtner.net/tools/ip2dword/ and type 410994460 into the box that says Dword value Then press <Enter> and it will translate the d-word value into an ip address for you that you can now enter into a webbrowser formatted like this http://xxx.xxx.xxx.xxx:1214 where "xxx.xxx.xxx.xxx" is an ip address or the result returned from following the instructions in this text. In this example the 410994460 turned out to be this ip address: 24.127.71.28 Buh-buh- bhwah , i can change my username to anything i want to right? yep and your ip address gets updated in realtime by the supernodes you are connected to. End of Tutorial. Don't abuse this (try the other three for yourselves and let me know what you get) Cheers, -Harbynger (of D00m) |
10-05-02, 03:51 PM | #47 |
Join Date: May 2001
Location: New England
Posts: 10,024
|
jeez harb, you can scan an ip address in real-time with none of the gymnastics by nestating your target. while it's nice to know you can do things the hard way, what am i missing? or can this be used without ever seeing the user, as when you leave kazaa running and unattended with a ton of files queued and the ones it eventually completes are from multi-sourced users different than the ones from "search results"?
- js. |
10-05-02, 03:58 PM | #48 |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Why is this an important discovery?
A couple of uses that I'm aware of include: 1)somebody has a rare file you really want and they wait until you've downloaded almost 90% of a file then they cut you off. If you are a h@><or you can get the ip and use a port scanner to scan the last octet in their ip address...making note of files they are sharing and if they change their username@kazaa all you gotta do is run your portscanner looking for port 1214 and bingo you can find him/her again (there are futher advanced techniques i'm not gonna go into for obvious reasons] 2)People trying to reverse engineer the fasttrack network and understand how the supernodes/clients communicate with one another may find this inforamtion useful. The key here is that KaZaA associates an ip address with the username. This is how file searches and queries are done. 3)A program from Astalavista.com reportedly enables you to send instant messages to someone whose Username@KaZaA you know. This information might be helpful in further developing that application or to improve the messaging feature currently available on the fasttrack clients eg., [b]give you the ability to type in anyone's username@KaZaA and send them and instant message (regardless as to whether or not you were downloading from them). 4)R.I.A.A. and other copyright agencies or groups might find it helpful in tracking you down for prosecution. Last edited by butterfly_kisses : 10-05-02 at 06:57 PM. |
10-05-02, 04:00 PM | #49 |
'
Join Date: Jan 2002
Posts: 209
|
I would like to submit a vote for harby, to be nominated Napsterite of the year. For finding IP addys, the hard way.
Aswell as being able to change peoples user names on the kazaa service, among other hijinx. Congrats Timmy. (clap) (clap) (clap) |
10-05-02, 04:28 PM | #50 |
B2B Protagonist ... Life is ... Bubble to Bubble ... Beer to Beer ... love a VLAIBB (Very Lonesome Artificial Intelligence Brained Bubble) @ http://www.geocities.com/vlaibb vlaibb@yahoo.com
Join Date: Jan 2002
Posts: 206
|
the log works also good with grokster
__________________
VLAIBB - The Ultimate Gateway to P2P Sites File: surprise.mp3 Length:5845871Bytes UUHash:=1LDYkHDl65OprVz37xN1VSo9b00= Copy the lines above and use 'Paste from Clipboard' function of sig2dat 3.11.a (supports quicklinks) to create a startfile for your FastTrack p2p client for safe download |
10-05-02, 04:43 PM | #51 | |
Registered User
Join Date: Apr 2001
Location: Vancouver, Canada
Posts: 454
|
Quote:
|
|
10-05-02, 04:47 PM | #52 |
Napsterite
Join Date: Apr 2002
Posts: 138
|
re: scyth and unpacker
thanks, and yes i am using XP so that was probably it. edited to add the following: Pure, focken Genius! that's all i got to say...for now. Last edited by butterfly_kisses : 10-05-02 at 05:50 PM. |
10-05-02, 07:08 PM | #53 | |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Quote:
|
|
10-05-02, 07:13 PM | #54 | |
Join Date: May 2001
Location: New England
Posts: 10,024
|
Quote:
- js. |
|
10-05-02, 07:18 PM | #55 | |
Join Date: May 2001
Location: New England
Posts: 10,024
|
Quote:
- js. |
|
10-05-02, 07:21 PM | #56 | |
Napsterite
Join Date: Apr 2002
Posts: 138
|
what's different now, jack?
Well, [i]its been my experience that the browser "hack" with http://xxx.xxx.xxx.xxx:1214 no longer works anymore have you tried sucessfully downloading from someone in this manner? (oh btw be sure to look at page two I updated some of the new uses for what you were asking me about) shoot, I'll repost them here: Quote:
anybody else got any ideas? |
|
10-05-02, 07:25 PM | #57 | |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Quote:
technique in the first tutorial (the other thread) you could steal someone's "supercookie" and have access to all their MSN sites or get credit card info anything that a person puts on their computer that they think is "safe" really isn't if the other "hack" is executed without making any errors. (i've only tried it sucessfully on the example given in that thread...hence the reason i removed the pic) |
|
10-05-02, 10:12 PM | #58 |
'
Join Date: Jan 2002
Posts: 209
|
The real problem is in KaZaA's entire setup.
One girl did a site where she included everything she came up with, and a connection a comapny has in using KaZaA to mine personal info. She even gained acess to files from an Ottwa rcmp detachment. Was an intresting read. Not like that BBC garbage that spewed out all over the net a few months ago. When people are running the equivlent of a web server, its bound to have every hole and exploit, and buffer over run sniffed out. However it seems KaZaA has a zilch policy regarding the privacy or secuirty of its user base as a whole. |
10-05-02, 10:37 PM | #59 |
'
Join Date: Jan 2002
Posts: 209
|
As for super cookies, thats a litttle more of a grey area.
In the past many secuirty groups and org's have reported about super cookies and how they can see all. Since then a number of have realized short comings with the theory's, and downlisted the the super cookie to some type of other bug or secuirty hole. Most noted was Gibson who went on a farce about how a main stream ISP was using a form of super cookies in its custom version of IE. Gibson, a leading secuirty expert later retracted his staements upon learning the super cookie was only tracking net settings or changes customers might make to theif band width. It was not collecting personal info. For the latest scare all, get off the net super cookie warning that has come out, see this very well crafted web site... http://www.computerbytesman.com/priv...cookiedemo.htm There is a fix provided aswell. Bottem line is no super cookie has been found that gives anyone 100% history and in depth info on a user. One would be just breaking in the damn box, and dropping a key logger. Alas, there are also other means aswell. Many, many other means to gleam personal info. Simply because programmers get lazy or bad code gets executed by the end user. Some where, out there, at this very minute 100 so people are leaking personal data due to stupidity, rather on there part for opening the email attachment "torjan.exe" or because of stupidity on microsofts part. Regardless one should use common sense and not give the credit card numbers out on line, or keep your membership info to porn sites in your email box, or any other sensitive type of info. If you wont post it on your front door, then dont put it on your computer. sage advice. Kinda like this tid bit from conf. "Man who marries girl with no bust has right to feel low down." |
10-05-02, 10:46 PM | #60 | |
Napsterite
Join Date: Apr 2002
Posts: 138
|
Quote:
and some good info. thanks for sharing. |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|