This does not belong anywhere else...so...

[goldie]

Quote:

Originally posted by Harbynger
feedback is important to this project and so too will betatesters

Goldenrod you are already on my list for one of the first to receive
a beta when its ready...
i could use a few more volunteers?
alright...who wants some?
hehe

[/b]

[Scyth]

Done. The attached file will unpack kmd.exe. Run it from the same directory kmd.exe is in.

edit: Changed the attachment. Works under XP now.

[butterfly_kisses]

Fee Facking Fan!

how'd you figure this out, Scyth?

please do tell because I find that the "journey to discovery" is

almost as great as the final arrival to the destination.

If you will please tell us a little about some of the things you

tried that didn't work and what finally got you on the right track?

this is remarkable and quite amazing. thanks for including your

source (again i should remind my "brothers-in-arms" that i'm

not a programmer) but i do appreciate "commenting" on their

source code (that's how I learn) and this great

[AYB]

[butterfly_kisses]

Scyth, i could not get your unpacker to work for me...all it

would do is launch the kmd.exe but as far as "unpacking" it

didn't do anything for me....is there anything else special i

need to do besides run the unpacker in the same directory

as the kmd.exe?

[butterfly_kisses]

Unanonymity and KaZaA

special thanks to Scyth for his help with this tutorial

How to find someone's ip address from their Username@KaZaA

In order to successfully complete this tutorial it is first necessary to read the KaZaA Out of The Underworld thread particuliar the tutorial section dealing with the kazaadebug.log

I will touch briefly on this method once again (credit to Scyth for this info). First go into the directory where your kazaa.exe program is located. Next create an empty plain-text (ascii) text file
called kazaadebug.log

Next double-click on the kazaa.exe to run it (note that the log will not record debugging information if the kazaa.exe is started in another manner e.g., through a "shortcut" key or a link on the desktop or "quicklaunch" it has to manually be double-clicked for the debug log to record sucessfully.)

Then just search for whatever you are looking for. In this example the file "spiderman" + "gonutz" were the key words used under video files >All to search for. Once I found what I wanted I just double-clicked on the filename that showed up in the search results to begin my download.

After you download a portion or for however long you wish to download for when you are down downloading close kazaa.

Now go into the folder where you made the empty text file called kazaadebug.log

Open it up with a text-editor like Notepad or the very excellent EditPadClassic. Now look for something

similiar to the examples below:

Download: (smr)Spiderman.avi New connection t_dog@KaZaA 0-174180352/174180352 to 187f471c:1214

Download: (smr)Spiderman.avi New connection xnylived@KaZaA 0-174180352/174180352 to 4123d055:1214


Download: (smr)Spiderman.avi source xnylived@KaZaA 4123d055:1214 overloaded, retry 300

Download: (smr)Spiderman.avi source zerosmarts@KaZaA c0a80164:1214 overloaded, retry 300

In the first example #1 we see a username of t_dog@KaZaA followed by a series of numbers

0-174180352/174180352 to 187f471c:1214

the part that says to 187f471c:1214

is the part we want. The 1214 identifies it to us as being an ip address. The ip address that
corresponds to that particuliar username.

But you say: "I typed that into my browser window and nothing happened." Exactly nothing will
happen until you decode the ip address.

Right now what you are looking at the 187f471c is called a "hexadecimal value" to convert it to a
form that you and i can understand it is necessary to change it from a "hexadecimal value" to a
Dword or (double-word) value.

To do this we will need windows calculator. Goto Start>Programs>Accessories>Calculator

While in Calculator choose View>Scientic which will look like this:

http://www.napsterites.net/undergrou...&postid=130407

Make sure that "hex" is selected and enter the value for ip address (in hexadecimal form) that you wish
to "decode".

Now all you have to do to get the Dword value is just to check the circle that says "Dec" which
stands for Decimal.

Do it and you should have something that looks like this now:

http://www.napsterites.net/undergrou...&postid=130408

This should give you the following value 410994460

[so the d-word value of 187f471c is 410994460]

Next step:

Goto this address:

http://www.fichtner.net/tools/ip2dword/

and type 410994460 into the box that says Dword value Then press <Enter> and
it will translate the d-word value into an ip address for you that you can now enter into
a webbrowser formatted like this http://xxx.xxx.xxx.xxx:1214 where "xxx.xxx.xxx.xxx" is an ip address or
the result returned from following the instructions in this text.

In this example the 410994460 turned out to be this ip address: 24.127.71.28

Buh-buh- bhwah , i can change my username to anything i want to right? yep and your ip address gets updated in realtime by the supernodes you are connected to.

End of Tutorial.

Don't abuse this (try the other three for yourselves and let me know what you get)

Cheers,

-Harbynger (of D00m)

[JackSpratts]

jeez harb, you can scan an ip address in real-time with none of the gymnastics by nestating your target. while it's nice to know you can do things the hard way, what am i missing? or can this be used without ever seeing the user, as when you leave kazaa running and unattended with a ton of files queued and the ones it eventually completes are from multi-sourced users different than the ones from "search results"?

- js.

[butterfly_kisses]

Why is this an important discovery?

A couple of uses that I'm aware of include:

1)somebody has a rare file you really want and they wait until you've downloaded almost 90% of a file then they cut you off. If you are a h@><or you can get the ip and use a port scanner to scan the last octet in their ip address...making note of files they are sharing and if they change their username@kazaa all you gotta do is run your portscanner looking for port 1214 and bingo you can find him/her again (there are futher advanced techniques i'm not gonna go into for obvious reasons]

2)People trying to reverse engineer the fasttrack network and understand how the supernodes/clients communicate with one another may find this inforamtion useful. The key here is that KaZaA associates an ip address with the username. This is how file searches and queries are done.

3)A program from Astalavista.com reportedly enables you to send instant messages to someone whose Username@KaZaA you know. This information might be helpful in further developing that application or to improve the messaging feature currently available on the fasttrack clients eg., [b]give you the ability to type in anyone's username@KaZaA and send them and instant message (regardless as to whether or not you were downloading from them).

4)R.I.A.A. and other copyright agencies or groups might find it helpful in tracking you down for prosecution.

[Mowzer]

I would like to submit a vote for harby, to be nominated Napsterite of the year. For finding IP addys, the hard way.

Aswell as being able to change peoples user names on the kazaa service, among other hijinx.

Congrats Timmy. (clap) (clap) (clap)

[indiana_jones]

the log works also good with grokster

[Scyth]

Quote:

Originally posted by Harbynger
Scyth, i could not get your unpacker to work for me...all it
would do is launch the kmd.exe but as far as "unpacking" it
didn't do anything for me....is there anything else special i
need to do besides run the unpacker in the same directory
as the kmd.exe?

My mistake. It didn't work under Win XP/2000/NT. Fixed now.

[butterfly_kisses]

re: scyth and unpacker

thanks, and yes i am using XP so that was probably it.

edited to add the following:

Pure, focken Genius!

that's all i got to say...for now.

[butterfly_kisses]

Quote:

originally posted by Jack Spratts:
can this be used without ever seeing the user, as when you leave kazaa running and unattended with a ton of files queued and the ones it eventually completes are from multi-sourced users different than the ones from "search results"?

"yes."

[JackSpratts]

Quote:

Originally posted by Harbynger
1)...all you gotta do is run your portscanner looking for port 1214 and bingo you can find him/her again (there are futher advanced techniques i'm not gonna go into for obvious reasons]

2)damn after that first one i forgot the other two i may post them later

over a year ago we were using scanned ip's to do port 1214 searches without even bothering to load a fasttrack client. we just used i.e., and we still can today. with ip #'s taken from active transfers you can always scan shared files - no matter how many times a users changes a screen name - as long as their ip address remains constant. so what's different? i'm asking because this at least sounds different, and if it's different it might mean a new weakness. if that's the case it brings up other issues.

- js.

[JackSpratts]

Quote:

Originally posted by Harbynger


"yes."

so it's like an auto ip grabber. works even when you're sleeping and ties the ip to a specific file? o.k., that's new (and welcome). but it doesn't allow more harddrive access than the netstat way does it? in other words this technique does not compromise a fasttrack user further. or does it?

- js.

[butterfly_kisses]

what's different now, jack?

Well, [i]its been my experience that the browser "hack" with http://xxx.xxx.xxx.xxx:1214 no longer works anymore

have you tried sucessfully downloading from someone in this manner?

(oh btw be sure to look at page two I updated some of the new uses for what you were asking me about)

shoot, I'll repost them here:

Quote:

Why is this an important discovery?

A couple of uses that I'm aware of include:

1)somebody has a rare file you really want and they wait until you've downloaded almost 90% of a file then they cut you off. If you are a h@><or you can get the ip and use a port scanner to scan the last octet in their ip address...making note of files they are sharing and if they change their username@kazaa all you gotta do is run your portscanner looking for port 1214 and bingo you can find him/her again (there are futher advanced techniques i'm not gonna go into for obvious reasons]

2)People trying to reverse engineer the fasttrack network and understand how the supernodes/clients communicate with one another may find this inforamtion useful. The key here is that KaZaA associates an ip address with the username. This is how file searches and queries are done.

3)A program from Astalavista.com reportedly enables you to send instant messages to someone whose Username@KaZaA you know. This information might be helpful in further developing that application or to improve the messaging feature currently available on the fasttrack clients eg., [b]give you the ability to type in anyone's username@KaZaA and send them and instant message (regardless as to whether or not you were downloading from them).

4)R.I.A.A. and other copyright agencies or groups might find it helpful in tracking you down for prosecution.

***note**** [i]there is a 5th item I'm not mentioning****

anybody else got any ideas?

[butterfly_kisses]

Quote:

but it doesn't allow more harddrive access than the netstat way does it?

Not at the moment, Jack however if successful in applying the

technique in the first tutorial (the other thread) you could

steal someone's "supercookie" and have access to all their

MSN sites or get credit card info anything that a person puts

on their computer that they think is "safe" really isn't if the other

"hack" is executed without making any errors. (i've only

tried it sucessfully on the example given in that thread...hence

the reason i removed the pic)

[Mowzer]

The real problem is in KaZaA's entire setup.

One girl did a site where she included everything she came up with, and a connection a comapny has in using KaZaA to mine personal info.

She even gained acess to files from an Ottwa rcmp detachment.

Was an intresting read. Not like that BBC garbage that spewed out all over the net a few months ago.

When people are running the equivlent of a web server, its bound to have every hole and exploit, and buffer over run sniffed out.

However it seems KaZaA has a zilch policy regarding the privacy or secuirty of its user base as a whole.

[Mowzer]

As for super cookies, thats a litttle more of a grey area.

In the past many secuirty groups and org's have reported about super cookies and how they can see all.

Since then a number of have realized short comings with the theory's, and downlisted the the super cookie to some type of other bug or secuirty hole.

Most noted was Gibson who went on a farce about how a main stream ISP was using a form of super cookies in its custom version of IE. Gibson, a leading secuirty expert later retracted his staements upon learning the super cookie was only tracking net settings or changes customers might make to theif band width.

It was not collecting personal info.

For the latest scare all, get off the net super cookie warning that has come out, see this very well crafted web site...

http://www.computerbytesman.com/priv...cookiedemo.htm

There is a fix provided aswell.

Bottem line is no super cookie has been found that gives anyone 100% history and in depth info on a user. One would be just breaking in the damn box, and dropping a key logger.

Alas, there are also other means aswell. Many, many other means to gleam personal info. Simply because programmers get lazy or bad code gets executed by the end user. Some where, out there, at this very minute 100 so people are leaking personal data due to stupidity, rather on there part for opening the email attachment "torjan.exe" or because of stupidity on microsofts part.

Regardless one should use common sense and not give the credit card numbers out on line, or keep your membership info to porn sites in your email box, or any other sensitive type of info.

If you wont post it on your front door, then dont put it on your computer.

sage advice.

Kinda like this tid bit from conf.
"Man who marries girl with no bust has right to feel low down."

[butterfly_kisses]

Quote:

Kinda like this tid bit from conf.
"Man who marries girl with no bust has right to feel low down."

lmao, that was funny, ethen.

and some good info. thanks for sharing.