Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: obtai an IP of an MSN Messenger contact
From: n3td3v <n3td3v () gmail com>
Date: Wed, 5 Apr 2006 18:59:42 +0100

If you want the IP of a user on Yahoo Messenger, all you do is add a user to
your list with social engineering techniques, then you listen on port 5101
and send the victim a normal instant message. Yahoo compromises security in
that way by attempting to establish a peer to peer connection between
consumer clients, to save on server useage. Yahoo don't care how easy it is
to obtain a users IP by simply sending someone an instant message. Yahoo say
the fact you need to add each other to a friends list first is good enough
security to protect its users.

On Yahoo messenger you don't even need to send a file like the kiddie
xyperpix suggested.

And the reason I bring up Yahoo messenger in a msn messenger thread? Because
both are abotu to link networks, so you can have cross network
compatibility,

Hackers are standing by as are phishers this Summer for the functionality to
be launched. This will make for a very interesting summer, because for years
the Yahoo messenger protocol has been easy as chips to hack, to obtain
cookies, disconnect users from the network etc.

And of course Yahoo tried to lock out third party connections from robots
using their network for worms, spam, phishing, although the encryption
technique they tried to use was reverse engineered and within two days of
Yahoo launching their handshake security stuff, the encryption was cracked,
and the robots returned, along with third party chat clients.

Its going to be a busy summer.

Get ready.




On 4/5/06, Technocrat <dj.technocrat.listmail () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

xyberpix wrote:
If he's online, send him a file, as you're sending the file, do an
netstat -an, and you should see the address that you're transferring to.
That is so long as he's not using a proxy ;-)

X, don't feed the children..lol He could have found that with a Google
search man..lol

This one is for Guidoz - http://www.guidoz.com/tryhere.jpg

Ian, hope you played a great trick on your "friend".

- -Technocrat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEMwUtYes14KNcgbYRAnHLAKChCbSM8zlN1xOdd1SqKi83TfVLQQCgjhcN
ODJx4+0qDh/s2E6GVTRP2Pc=
=t1yH
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault