RE: Reported Kazaa and Morpheus vulnerabilities

[Sven Kamphuis <sven () cb3rob net>]

why not automate the search for such.

its rather easy to search on the kazaa network for such files, then make a
connection to the user involved on 1214/tcp and send him a message
(user_text - doesn't need your kazaa id anyway) to turn it off... 

he will fix the problem if he gets an irritating popup from a non existing
evilhacker@hax0rnet luser telling him you have access to his personal
stuff  every 10 minutes or so ;)
might make the unsuspecting wintendo user a bit more careful....

about 60 lines of code would do the trick incl. error handling and
base64 encoding (although the message only needs to be encoded once unless
you wanna make something really fancy out of it with changing messages
and stuff ;)

still think kazaa should go opensource though ;)


-- 
Sven Kamphuis,
Technical Manager,
CB3ROB BBS.

=============================================================================
CB3ROB BBS - Remote Computing Facilities & Network Security
=============================================================================
Address: Prins Bernhardlaan 12     KvK:    37089253
         NL-1921 BB                Tax ID: NL-190827336B01
         Akersloot                 Bank:   56.64.08.287 (ABN-AMRO Castricum)
         The Netherlands           Giro:   9074112 (Postbank)
Phone:   +31/251-316800            
Fax:     +31/251-316799            e-Mail: info () cb3rob net
=============================================================================


=============================================================================

On Tue, 5 Feb 2002, leon wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I don't understand what the big deal is.  I pointed this out on this
> list almost 3 months ago in regards to limewire.  You can find the
> thread with the subject limewire unauthorized cookie disclosure. 
> People have been sharing there hardrives inappropriately for some
> time now.
>
> I don't get it why this is suddenly so important.
>
> Cheers,
>
> Leon
>
> - -----Original Message-----
> From: tfm () tfm org [mailto:tfm () tfm org] 
> Sent: Monday, February 04, 2002 5:06 AM
> To: vuln-dev () securityfocus com
> Subject: Re: Reported Kazaa and Morpheus vulnerabilities
>
> Under search menu select "everything" and search for system.ini to
> see how
> many users share windows directory.
> This morning I've found 10 users with 428273 online users.
> You can easily find the ip of these ones and browse their hd.
> Maybe it's better if someone release a patch to disable "c:\windows"
> sharing
> or a simple popup alert windows...
> Bye
>
> TfM
>
> - ----- Original Message -----
>
> > RE the article on the BBCs website at
> > http://news.bbc.co.uk/hi/english/sci/tech/newsid_1798000/1798095.stm
> >
> > I just searched the archives at Securityfocus and CERT and neither
> produced
> > any relavent results
> >
> > I mean, pointing a browser to http://ip_address:1214/ does give a
> > list of files... it gives the list of files that you're sharing. So
> > what?
> >
> > Anyone know anything about this?
> >
> > Harry M
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPGAFhtqAgf0xoaEuEQJRHACfao6xjP++NH32NUe1MNkFzkCy+TAAnRQq
> 3rl1eJRV8yWv3bAXRoHFlDni
> =c+Ga
> -----END PGP SIGNATURE-----