Hi everyone, Aleph One suggested I post this here to get a more polished version for an advisory. Here is what I have found and I am sure most of the people here can test this and develop it even further. Limewire is a gnutella file sharing client. Due to common misconfigurations by the user, people are sharing their whole harddrives. This means you can do everything from downloading someone's quicken data file (quicken is a money management program) to downloading cookies off peoples hard drives. Who cares about the cookies you say? Well I have found cookies from certain sites that contains people user name & password stored in clear text. I am sure with enough testing you could figure out a way to dump the sam file off an NT box or etc etc. Anyone who wants to run with this great I would just appreciate if you do further the research you let me know what you find. Cheers Vuln-Dev, Leon ps: sorry for screwing up the packet capture on the aol im 0-day post.
This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 17:33:39 PDT