If you want the IP of a user on Yahoo Messenger, all you do is add a user to your list with social engineering techniques, then you listen on port 5101 and send the victim a normal instant message. Yahoo compromises security in that way by attempting to establish a peer to peer connection between consumer clients, to save on server useage. Yahoo don't care how easy it is to obtain a users IP by simply sending someone an instant message. Yahoo say the fact you need to add each other to a friends list first is good enough security to protect its users.
On Yahoo messenger you don't even need to send a file like the kiddie xyperpix suggested.
And the reason I bring up Yahoo messenger in a msn messenger thread? Because both are abotu to link networks, so you can have cross network compatibility,
Hackers are standing by as are phishers this Summer for the functionality to be launched. This will make for a very interesting summer, because for years the Yahoo messenger protocol has been easy as chips to hack, to obtain cookies, disconnect users from the network etc.
And of course Yahoo tried to lock out third party connections from robots using their network for worms, spam, phishing, although the encryption technique they tried to use was reverse engineered and within two days of Yahoo launching their handshake security stuff, the encryption was cracked, and the robots returned, along with third party chat clients.
Its going to be a busy summer.
Get ready.
On 4/5/06, Technocrat <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
xyberpix wrote:
> If he's online, send him a file, as you're sending the file, do an
> netstat -an, and you should see the address that you're transferring to.
> That is so long as he's not using a proxy ;-)
X, don't feed the children..lol He could have found that with a Google
search man..lol
This one is for Guidoz - http://www.guidoz.com/tryhere.jpg
Ian, hope you played a great trick on your "friend".
- -Technocrat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEMwUtYes14KNcgbYRAnHLAKChCbSM8zlN1xOdd1SqKi83TfVLQQCgjhcN
ODJx4+0qDh/s2E6GVTRP2Pc=
=t1yH
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
