Date: Wed, 29 Aug 2001 18:34:31 -0700 (PDT)
From: Mike Hunt <junkmail_incel4@yahoo.com>
To: bugtraq@securityfocus.com
Subject: Kazaa and Morpehus Exploit (how to view their shared files)
A while back i worked out a very simple way to view
users files using the programs port(1214).
These file sharing programs currently don't have a
feature to view users files.
Whilst downloading a file off a user/s (uses segmented
downloading) do a netstat. You should see a few IP's
or hostnames with :1214 on the end. You can resolve
the hostname or just use the IP if it is provided. Go
into your explorer and type in the address bar:
http://<theirip>:1214
e.g. if i was doing local host it would be:
http://127.0.0.1:1214
When you use the address it shows in HTML format all
their files as a link, you can download them without
using morpheus or Kazaa, so use getright or whatever
you want.
It is pretty interesting, i have known about this
since around the release of kazza and i wasen't going
to tell n e one but i thought i might share it with
the security focus community.
I have also found out allot more about the
Kazza/Morpheus programs, which i will tell later, i am
still testing atm.
If n e one has n e feed back, you are welcome to
contact me.
-=PhoX=-
icq: 45263434
AOL: PhoX6969
MSN: incel4ntuvix
IRC: ^PhoX^ (connected to Austnet)
Y!: junkmail_ince4
(using Trillian multi medium chat program
www.trillian.cc)
Email:
Nausia@optusnet.com.au
junkmail_incel4@yahoo.com
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
