Vulnerability Development mailing list archives
Re: how to transfer files on napster
From: sysadmin () SASSPRODUCTIONS COM (Seth Georgion)
Date: Sat, 5 Feb 2000 13:45:56 -0500
It really is a worthless discussion. A lot of virus code will insert itself into the middle of perfectly valid files and then include a jmp to their particular code at the beginning. So no matter what you're looking for as a general screen you wouldn't be able to stop that but, far simpler, would be a virus like program that, when executed, opened an already valid MP# and dropped the entire binary of Adobe Photoshop in the middle at some predefined point. The program could also open any mp3 and look through the middle of it for those particular headers which would indicate that there's a stored binary and then it could just delete the rest of the broken mp3 and bam, you would have Photoshop. example. You and your circle of friends from highschool have this program called "mp3 injector" and all it does is open a valid mp3 and insert whatever binary file you choose into the middle of it. In addition it places a header at that "PREDEFINED" point indicating the ending point of the binary. You use the program to open up Ricky Martins latest, stupidest, hit and install Adobe Photoshop in the middle of the mp3. You then put that in your library with the rest of your mp3's but rename it to photoshop5.mp3 Your buddy in wisconsin downloads the photoshop mp3 and opens it with WinAmp. Uh-oh it doesn't work because all though the first 1 minute of the song works it dies there. So he opens photoshop.mpe with his program "mp3 injector" which goes back in the mp3 to it's predifined point where it, of course, finds its header! At this point it reads how deep photoshop is and goes that far back in the mp3 and shucks the mp3 part, it already knew where the begining is so it shucks that part to and saves what other than Photoshop.zip. Ta-Da! It's really very simple and I would doubt it if someone told me that it would take more than 50 lines of assembly code . Sounds like a vuln-dev pet project for proof of concept! E-Mail me if you want to do it or E-Mail the group. Seth Georgion SysAdmin SASS Productions -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Blue Boar Sent: Saturday, February 05, 2000 1:21 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: how to transfer files on napster Jordan Ritter wrote:
On Sat, 5 Feb 2000, Jason Copenhaver wrote: # this txt explains a pretty simple way into fooling napster into # thinking that your transfering an mp3 file. It looks like it only # checks for a valid 4 byte mp3 header and the mp3 file extenstion.... As I stated already in a list email well before yours, this is possible. Anyone that wants to pursue steganographic methods for fooling file transfer software is very likely to meet with success. My conclusion was, who the hell would want to? A hex editor? Gee, that's useful. --jordan
Depends on whether you were trying to keep people solely from giving access to other files on accident, or if you were trying to keep people from trading other types of warez intentionally. BB
Current thread:
- Re: Possible DHCP DOS attack Tal Hornstein (Feb 03)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)
- Re: Possible DHCP DOS attack Sen_Ml Sen_Ml (Feb 04)
- Re: Possible DHCP DOS attack Vladimir Dubrovin (Feb 04)
- Re: Possible DHCP DOS attack Blue Boar (Feb 04)
- how to transfer files on napster Jason Copenhaver (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: how to transfer files on napster Blue Boar (Feb 05)
- Re: how to transfer files on napster Seth Georgion (Feb 05)
- Re: how to transfer files on napster whitvamp () MINDLESS COM (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: how to transfer files on napster Blue Boar (Feb 07)
- Re: how to transfer files on napster David U. (Feb 07)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)
- Simple logging utility app Scorpus Kahn (Feb 06)
- Re: Simple logging utility app Erik Parker (Feb 07)
- Breaking through FTP ALGs -- is it possible? Mikael Olsson (Feb 08)
- <Possible follow-ups>
- Re: Possible DHCP DOS attack Ogrodnek, Larry (Feb 03)
- Re: Possible DHCP DOS attack Sen_Ml Sen_Ml (Feb 04)