KaZaA Out of the Underworld: Revealed at Last

[snowman]

This is not possible for three reasons:

1) The algorithm in the FastTrack is hard coded in the .exe as machine code by virtue of a unknown c compiler and windoze linker. Not to mention the .exe is mangled by a post linker called PEX.

2) To change such algorithm you would have to patch the .exe machine code.

3) FastTrack supernodes work on the basis of known communication strategies with no way to force the inclusion of a outside strategy nor revert to a previously used strategy once it is expired. For instance to change the strategy they release a new version of the .exe like 1.3 -> 1.3.3 -> 1.5 not download a new set of one-time pads.

This is done to prevent malicious access to the network as a whole. This is all documented on-line if you look around.

Harby, do us a favor and either document your wild claims or stop making them as it is getting borrrrring.

[butterfly_kisses]

 

[JackSpratts]

we just want a link.

- js.

[butterfly_kisses]

sorry about the rumour-mongering earlier. the program i downloaded came off of an irc channel bas something or another...and it basically did nothing unique and was pretty buggy.

it may just have been someone's attempt at a parody.

here is the link http://news.com.com/TechNews/Kazaa.html

oh snowman i have been looking for at least six months for some of that info you claim to know the whereabouts to....how about some links? please

or at least tell me where to look. i can do my own research...

thanks

[BuzzB2K]

Quote:

Originally posted by Harbynger
sorry about the rumour-mongering earlier. the program i downloaded came off of an irc channel bas something or another...and it basically did nothing unique and was pretty buggy.

it may just have been someone's attempt at a parody.

here is the link [url=http://www.geocities.com/technologyinreview/]http://news.com.com/TechNews/Kazaa.html[/ URL]

oh snowman i have been looking for at least six months for some of that info you claim to know the whereabouts to....how about some links? please

or at least tell me where to look. i can do my own research...

thanks

I can't even say nice try, because it isn't the least bit clever, lame yes, but clever? No way...

How could anyone beleive this? (What gave it away was the size of the font was too big when the page opened. That and the Geocities address...)

[butterfly_kisses]

what about funny?

buzz you forgot funny and did you fail to read this part:

it may just have been someone's attempt at a parody

and i give the link...i thought it would be obvious that it is a forgery and a fake but looks like you missed that part.

:\

[Mowzer]

Timmy, Timmy, Timmy.

Funny stuff.

[BuzzB2K]

I don't know guy, you seemed pretty serious about it in the two edited posts of yours.

Then you call it someones attempt at parody, and then hide the geocities link...

Are you saying that you believed it when you first saw it? or what?

[butterfly_kisses]

buzz i am saying that exactly...don't believe all the hype you hear

in warez channels...when i first came to that site...i did find it

odd that it had a geocities ad window...but the rest of the stuff

looked pretty real.

the program i downloaded did a lot of general protection faults

i might have a virus now.

so yep, i got fooled and wanted to show others how easily

it is.

no conspiracy just overenthusiam is all...

[BuzzB2K]

Quote:

Originally posted by Harbynger
buzz i am saying that exactly...don't believe all the hype you hear in warez channels...
i might have a virus now.

I hope you get it all sorted out... that wouldn't be very cool.

[JackSpratts]

a note:

editing for style or grammar without notification is usually acceptable. nobody likes to spot a typo in their post written on the fly anyless than i do - and i hate it. furthermore those automatic "edited by..." tags are distracting and normally unnecessary. but i'm going to have to put 'em back in if we start editing for primary content without saying so. if an entire post is removed without alluding to content, after replies are made, it can often disrupt what follows, and it can make others look bad or at least nonsensical. this forum has influence beyond its’ membership and as such leads by example.

having said that, and since some fact checking was done and a post was apparently found to be premature and pulled, i consider the matter closed.

- js.

[butterfly_kisses]

hi once again, jack spratts....i think i see your point...

for those of you a little lost ...here is the story

I found a flaw in the KaZaA technology a vulnerability if you will

and an "exploit" which up till now i've yet to share but will now do so.

Here is the exploit:

Tools you will Need

GetRight (version 4p3 works great for me)

Latest Version of KaZaA/Klite/Grokster

How its done.

Try this simple tutorial first and once you get the hang of it

use it to amuse your friends...hell make a java or perl script

to automate the process...

okay here goes

First thing you will need to know is an ip address for a supernode

How to find a supernode? simple just use the getright webbrowser to connect to this address (while running KaZaA/Grokster or K-Lite) http://127.0.0.1:1214

See all the great information you get?

Here is what I got when I connected to my port 1214 with the Getright webbrowser (with KaZaA up and running and connected to the fasttrack network)

Connecting to: 127.0.0.1
GET / HTTP/1.1
Host: 127.0.0.1:1214
Range: bytes=0-
User-Agent: X-Kazaa-Network: ???
Accept: *.*, */*
HTTP/1.1 200 OK
Content-Length: 5292
Accept-Ranges: bytes
Date: Sat, 04 May 2002 06:17:52 GMT
Server: KazaaClient Mar 30 2002 23:23:10
Connection: close
Last-Modified: Sat, 04 May 2002 06:17:52 GMT
X-Kazaa-Username: Shellybelly
X-Kazaa-Network: KaZaA
X-Kazaa-IP: 67.226.238.91:1214
X-Kazaa-SupernodeIP: 68.9.104.199:1214
Content-Type: text/html

(Got 55 files in web page http://127.0.0.1/.)


As you can see in the example (real example) above I am connected to the supernode ip address of 68.9.104.199:1214

So that is how you get your first supernode ip address...check out the picture I am attaching.

[butterfly_kisses]

But for this example I will show you how to connect to the
following address:

supernode.kazaa.com on port 1214

well friends. Getright's webbrowser has a wonderful option which actually allows you to set the user-agent from the information I gathered above i gleaned that

X-Kazaa-Network: KaZaA

was a viable option to use as an user-agent for connecting to the KaZaA Network. Another favourite to use is

X-Kazaa-Network: ???

and finally this user-agent also works wonders as well:

X-Kazaa-Server: KaZaA

see the screenshot for where to change your user-agent in

Getright

[butterfly_kisses]

Got your user-agent field set up right now in Getright?

Good let's move on by

A)closing and reopening the Getright Webbrowser....this will get rid of the 127.0.0.1:1214 address and any folders which showed up when you connected to this address earlier.

now

B)Type this in exactly as shown below in bold:

http://supernode.kazaa.com:1214

and press enter....

what do you get?

You should get something like the below screenshot:

you didn't get very much information this time did you?

you should only see something like the below:

-----StartRequest---------------2002/05/04-02:32:01-----
Connecting to: supernode.kazaa.com
GET / HTTP/1.1
Host: supernode.kazaa.com:1214
Range: bytes=0-
User-Agent: X-Kazaa-Network: ???
Accept: *.*, */*
(Got 0 files in web page http://supernode.kazaa.com/.)


see pic

[butterfly_kisses]

So what do we do now?

A1)we goto regedit and type and open up HKEY Current User

Software>KaZaA>User details...

look for password and username

jot these down and keep them handy...

see pic:

[butterfly_kisses]

Now take the username and password found in your registry for KaZaA and enter these values into the getright browser under the login and password fields:

see screen shot: below

in my case my login name would be : Shellybelly

and my password is e882b72bccfc2ad578c27b0d9b472a14

evil genius tip

*note KaZaA forms the password by taking the value you enter in for "username" and running its encryption scheme on it to give you a valid password which i believe is done by adding the value of your username and the password together and then XOring them and finally doing the PGP-key dance to make them and it valid.

[butterfly_kisses]

Make sure that after you enter something into the login and password fields of the Getright browser that you goto ToOLs>
Clear Cache and clear the getright browser's cache before pressing enter.

Now after entering the values for the username and password contained in your registry for kazaa into the login name and password fields of the getright browser (with user-agent set as
X-Kazaa Network: ???) and pressing <ENTER>

we not get a little more information

In my case I got the following:

-----StartRequest---------------2002/05/04-02:43:56-----
Connecting to: supernode.kazaa.com
GET / HTTP/1.1
Host: supernode.kazaa.com:1214
Range: bytes=0-
User-Agent: X-Kazaa-Network: ???
Accept: *.*, */*
Authorization: Basic U2hlbGx5YmVsbHk6ZTg4MmI3MmJjY2ZjMmFkNTc4YzI3YjBkOWI0NzJhMTQ=
HTTP/1.0 404 Not Found
X-Kazaa-Username: anon25084
X-Kazaa-Network: ???
X-Kazaa-IP: 213.248.107.11:1214

(Got 0 files in web page http://supernode.kazaa.com/.)


What is important here is the value under X-Kazaa-Username

which in this case is anon25084

and also where it says:

Authorization: Basic

we will use both these fields.

Now what you do is go back into the get right browser and change your username to that of the supernode's which is in this case anon2508 and change the value of the password to

the information returned by the KaZaA server (supernode) which is in this example:

U2hlbGx5YmVsbHk6ZTg4MmI3MmJjY2ZjMmFkNTc4YzI3YjBkOWI0NzJhMTQ=

Now to change or enter a value in the password field of the getright browser you will need to select all and press CTRL-V to paste and if you need to copy anything which you will from the information field in the getright browser you can use CTRL-C to copy any text that you need to.

Okay got it?
Let's make sure:

After connecting to the supernode for the first time using your username and password the supernode will tell you its username and password (which is part of an extremely long PGP-key) and you will need to repeatedly connect to the supenode in this manner each time chaning the value of your password to match the value returned by the KaZaA server or "supernode" after you do this exercise enough you soon gain "trusted" status kind of like Spoofing i guess in that it thinks you are on the same network and have authorization to access its files...

Here is another screenshot:

[butterfly_kisses]

Q) How often do i need to keep connecting to the supernode before i am giving access to the files?

A)you keep following the procedure of connecting to the supernode (make sure you clear getright's browser cache each time before pressing enter) until you no longer get the 404 or 403 error getting directory contents message...

when this message stops showing you can now browser any directory you want.

Supplement notes:

The password that gets returned with each connection to the supernode can will get very large eventually. So remember to use CTRL-C to copy and CTRL-V to paste instead of clearing out the old password each time just single-click in the password box (it might be right-click and select the option Select-all then use CTRL-V to paste the new password (the username stays the same after you change it the first time to match that of the supernode you are connecting to)

Tip2 make sure to clear the browser cache before pressing enter.


Tip3 if you don't know the name of files contained on the server try guessing a few like C:\ or hda0 or .files etcetera...

Have fun with this tip but remember hacking is cutting limbs off so be careful not to that to yourself with these tips.

[butterfly_kisses]

Finally the Moral of the Story for the people who still don't get "it"

This article or post is not about "hacking" it is about how the p2p network of KaZaA works.

Basically it can be summarised this way. The client (your kazaa) connects to a supernode (it exchanges a key that was created by the value you entered in for your username...KaZaA created a password automatically "behind the scenes" and added the value of the username you put in with the random password it created. XORed those values and then encrypted them with PGP-key)

Upon connecting to a supernode your client gives its PGP-key (the password i just mentioned above) to the KaZaA-sErver (superpeer) that it connects to...it then gives you its pgp-key back which your client returns the value back at which point the server gives you a little more of the pgp-code then your client just repeats back what the supernode tells it.

Basically what we have done here is to go throught this process manually using the very excellent Getright Webbrowser as our go-between and "psuedo-fasttrack client"

Okay geniuses get to work.

and Snowman i want those links, please...thank-you

[snowman]

Harby my friend, this is rather interesting side effect of the FastTrack stack using HTTP protocol. FastTrack clients have a small limited HTTP server in them.

But you have yet to really communicate with the supernode client. What I mean by that is:

1) discover other peers;
2) discover all the peers and supernodes an active supernode knows about;
3) submit a search to find a file to a supernode;
4) download a file discovered in step 3.

You have discovered info about a node. I don’t disagree that it is interesting. However what you are going to need is info about the links that bind the nodes together in a network and how to traverse them. What makes FastTrack FastTrack is the linkages and their automatic development in real time not the nodes you are poking at. This is genius of the network stack.

What you seem to have discovered is huge security hole in the client itself where you can fool a client in the supernode mode to give you any file on a hard drive. This is amazing in itself because of its implications.