Windows Messenger Messages....beware. (long)
01-02-2003, 03:32 AM
#1
Race Director
Thread Starter
Windows Messenger Messages....beware. (long)
I couldn't sleep tnite so I figured I'd shed a little light on why people getting these annoying messages should be very concerned if they haven't secured their PC properly. I thought about it alot, and I personally believe that hackers may be responsible for sending many of these messages as a way of quickly identifying windows XP/NT/2000 systems with default/vulnerable OS configurations that are directly attached to the internet.
If you get these messages from people/computers on the internet, this tells me the following :
Your pc most likely isn't behind a firewall/router, and is therefore using a public, internet routable IP address. Ideally, your PC should really be 1) placed on an internal network behind a NAT capable (most are) internet facing router/firewall, 2) configured to use a private ip address like 192.168.X.X (which is not internet routable), and 3) running personal firewall software as well. Unless you specifically configure them to do so, a router/firewall will not pass on connection attempts originating from the internet to the computers behind it unless the computers behind it actually initiated the communication. Windows messenger messages for example would not make it through to the computers behind your router. Hackers are constantly scanning public IP ranges on the internet for specific vulnerabilities. A vulnerable computer attached directly to the internet(using a public IP address) will likely be compromised by hackers within hours of being placed on the internet. I've tested this with some bait 'honeypot' pc's. Kinda like watching an ant farm.
If I were a bad guy here's what I might do to locate/hack into your NT/2000/xp system if it is unprotected by a firewall/router and lacking basic OS security configurations.
1. Write a quick script that uses the windows 'net send' command (i.e net send 12.10.xXX.XxX whatsup punk) to send a windows messenger message to each IP address in a range of IP adressess.
2. Wait for replies.If my message was successfully recieved, from each computer I would get a response back like this: "The message was successfully sent to 10.10.1.134" . If the message wasn't recieved, I would get a response like this "An error occurred while sending a message to 192.168.1.1.The message alias could not be found on the network.More help is available by typing NET HELPMSG 2273."
3. Success messages returned indicate that a windows PC recieved my message, thereby successfully producing a pop up message on that PC's screen that says 'whatsup punk'. For all the PC's that replied with 'success', I now know they are windows boxes running the messenger service, and I'd now go for low hanging fruit. I'd try mapping a drive as admin to a default share, using a blank password. for example: net use * \\10.10.x.x\C$ /user:12.12.x.x\administrator "". I guarantee I'd get access to a shitload of the pc's I tried this on if the IP range targeted was that of a cable modem/dsl network. Probably because most people don't think about security beyond their virus protection. Once that command is successful, I basically 'OWN' the pc.I can view files, add/delete user accounts, and basically really fuck with someones pc.
The point here is, if you are getting these messages on your PC, make sure you have secured your PC. The example above was really simplistic. If the above technique didn't work, I personally know of a ton of other ways to get into your system if you don't secure it (I used to be a 'whitehat' (meaning good guy) hacker for EDS). It's not me you need to worry about though, it's the bad guys out there that get off on f'n with your computer. This has been a public service announcement.
If you get these messages from people/computers on the internet, this tells me the following :
Your pc most likely isn't behind a firewall/router, and is therefore using a public, internet routable IP address. Ideally, your PC should really be 1) placed on an internal network behind a NAT capable (most are) internet facing router/firewall, 2) configured to use a private ip address like 192.168.X.X (which is not internet routable), and 3) running personal firewall software as well. Unless you specifically configure them to do so, a router/firewall will not pass on connection attempts originating from the internet to the computers behind it unless the computers behind it actually initiated the communication. Windows messenger messages for example would not make it through to the computers behind your router. Hackers are constantly scanning public IP ranges on the internet for specific vulnerabilities. A vulnerable computer attached directly to the internet(using a public IP address) will likely be compromised by hackers within hours of being placed on the internet. I've tested this with some bait 'honeypot' pc's. Kinda like watching an ant farm.
If I were a bad guy here's what I might do to locate/hack into your NT/2000/xp system if it is unprotected by a firewall/router and lacking basic OS security configurations.
1. Write a quick script that uses the windows 'net send' command (i.e net send 12.10.xXX.XxX whatsup punk) to send a windows messenger message to each IP address in a range of IP adressess.
2. Wait for replies.If my message was successfully recieved, from each computer I would get a response back like this: "The message was successfully sent to 10.10.1.134" . If the message wasn't recieved, I would get a response like this "An error occurred while sending a message to 192.168.1.1.The message alias could not be found on the network.More help is available by typing NET HELPMSG 2273."
3. Success messages returned indicate that a windows PC recieved my message, thereby successfully producing a pop up message on that PC's screen that says 'whatsup punk'. For all the PC's that replied with 'success', I now know they are windows boxes running the messenger service, and I'd now go for low hanging fruit. I'd try mapping a drive as admin to a default share, using a blank password. for example: net use * \\10.10.x.x\C$ /user:12.12.x.x\administrator "". I guarantee I'd get access to a shitload of the pc's I tried this on if the IP range targeted was that of a cable modem/dsl network. Probably because most people don't think about security beyond their virus protection. Once that command is successful, I basically 'OWN' the pc.I can view files, add/delete user accounts, and basically really fuck with someones pc.
The point here is, if you are getting these messages on your PC, make sure you have secured your PC. The example above was really simplistic. If the above technique didn't work, I personally know of a ton of other ways to get into your system if you don't secure it (I used to be a 'whitehat' (meaning good guy) hacker for EDS). It's not me you need to worry about though, it's the bad guys out there that get off on f'n with your computer. This has been a public service announcement.
Thread
Thread Starter
Forum
Replies
Last Post
spoiler900
5G TLX (2015-2020)
20
10-10-2015 06:48 PM
xsilverhawkx
2G TL Problems & Fixes
5
09-28-2015 06:51 PM
AcuraKidd
Non-Automotive & Motorcycle Sales
0
09-25-2015 11:18 PM
