Kazaa and Morpehus Exploit (how to view their shared files)

From: Mike Hunt (junkmail_incel4@yahoo.com)
Date: 08/30/01 

Message-ID: <20010830013431.41077.qmail@web10605.mail.yahoo.com>
Date: Wed, 29 Aug 2001 18:34:31 -0700 (PDT)
From: Mike Hunt <junkmail_incel4@yahoo.com>
Subject: Kazaa and Morpehus Exploit (how to view their shared files)
To: bugtraq@securityfocus.com

A while back i worked out a very simple way to view
users files using the programs port(1214).
These file sharing programs currently don't have a
feature to view users files.
Whilst downloading a file off a user/s (uses segmented
downloading) do a netstat. You should see a few IP's
or hostnames with :1214 on the end. You can resolve
the hostname or just use the IP if it is provided. Go
into your explorer and type in the address bar:
http://>:1214

e.g. if i was doing local host it would be:
http://127.0.0.1:1214

When you use the address it shows in HTML format all
their files as a link, you can download them without
using morpheus or Kazaa, so use getright or whatever
you want.
It is pretty interesting, i have known about this
since around the release of kazza and i wasen't going
to tell n e one but i thought i might share it with
the security focus community.
I have also found out allot more about the
Kazza/Morpheus programs, which i will tell later, i am
still testing atm.
If n e one has n e feed back, you are welcome to
contact me.
-=PhoX=-
icq: 45263434
AOL: PhoX6969
MSN: incel4ntuvix
IRC: ^PhoX^ (connected to Austnet)
Y!: junkmail_ince4
(using Trillian multi medium chat program
www.trillian.cc)
Email:
Nausia@optusnet.com.au
junkmail_incel4@yahoo.com

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Relevant Pages

  • Re: Help me recover 10GB+ of Kazaa partial dat files...
    ... I am puzzled why Kazaa would reduce the size ... : the recovery programs? ... find files to finish downloading. ... of your news reader program to email me. ...
    (microsoft.public.windowsxp.general)
  • Re: Infecting the KaZaA network?
    ... downloading to use cryptographic hashes (Swarmcast, ... > I just found out a folder named "My shared folder" ... > Inside "My shared folder" there were various KaZaA ...
    (Bugtraq)
  • Re: what security utilities should I have?
    ... > SpywareBlaster and SpywateGuard were the utilities I had ... > in mind but could'nt think of them. ... > Kazaa which is more secure? ... P2P downloading is the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Help me recover 10GB+ of Kazaa partial dat files...
    ... I doubt anyone is going to help you recover 10GB of files you haven't paid for. ... Would it be any different if I exit Kazaa now and run ... find files to finish downloading. ... > of your news reader program to email me. ...
    (microsoft.public.windowsxp.general)