Vulnerability Development mailing list archives
RE: Reported Kazaa and Morpheus vulnerabilities
From: Sven Kamphuis <sven () cb3rob net>
Date: Mon, 11 Feb 2002 04:24:26 +0100 (CET)
why not automate the search for such. its rather easy to search on the kazaa network for such files, then make a connection to the user involved on 1214/tcp and send him a message (user_text - doesn't need your kazaa id anyway) to turn it off... he will fix the problem if he gets an irritating popup from a non existing evilhacker@hax0rnet luser telling him you have access to his personal stuff every 10 minutes or so ;) might make the unsuspecting wintendo user a bit more careful.... about 60 lines of code would do the trick incl. error handling and base64 encoding (although the message only needs to be encoded once unless you wanna make something really fancy out of it with changing messages and stuff ;) still think kazaa should go opensource though ;) -- Sven Kamphuis, Technical Manager, CB3ROB BBS. ============================================================================= CB3ROB BBS - Remote Computing Facilities & Network Security ============================================================================= Address: Prins Bernhardlaan 12 KvK: 37089253 NL-1921 BB Tax ID: NL-190827336B01 Akersloot Bank: 56.64.08.287 (ABN-AMRO Castricum) The Netherlands Giro: 9074112 (Postbank) Phone: +31/251-316800 Fax: +31/251-316799 e-Mail: info () cb3rob net ============================================================================= ============================================================================= On Tue, 5 Feb 2002, leon wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't understand what the big deal is. I pointed this out on this list almost 3 months ago in regards to limewire. You can find the thread with the subject limewire unauthorized cookie disclosure. People have been sharing there hardrives inappropriately for some time now. I don't get it why this is suddenly so important. Cheers, Leon - -----Original Message----- From: tfm () tfm org [mailto:tfm () tfm org] Sent: Monday, February 04, 2002 5:06 AM To: vuln-dev () securityfocus com Subject: Re: Reported Kazaa and Morpheus vulnerabilities Under search menu select "everything" and search for system.ini to see how many users share windows directory. This morning I've found 10 users with 428273 online users. You can easily find the ip of these ones and browse their hd. Maybe it's better if someone release a patch to disable "c:\windows" sharing or a simple popup alert windows... Bye TfM - ----- Original Message -----RE the article on the BBCs website at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1798000/1798095.stm I just searched the archives at Securityfocus and CERT and neitherproducedany relavent results I mean, pointing a browser to http://ip_address:1214/ does give a list of files... it gives the list of files that you're sharing. So what? Anyone know anything about this? Harry M-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPGAFhtqAgf0xoaEuEQJRHACfao6xjP++NH32NUe1MNkFzkCy+TAAnRQq 3rl1eJRV8yWv3bAXRoHFlDni =c+Ga -----END PGP SIGNATURE-----
Current thread:
- Re: Reported Kazaa and Morpheus vulnerabilities, (continued)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities Qazi M. M. Ahmed (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Stanley G. Bubrouski (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities dreamwvr () dreamwvr com (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Elan Hasson (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Colby Marks (Feb 07)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Re: Reported Kazaa and Morpheus vulnerabilities Arta (Feb 05)
- RE: Reported Kazaa and Morpheus vulnerabilities Sven Kamphuis (Feb 10)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 04)