Hackers Targeting Home Computers (fwd)
Major Variola (ret)
mv at cdc.gov
Wed Jan 9 12:38:53 PST 2002
Quoth Sunder:
>>At first I though these were the usual nmap/strobe attacks, but they
were just on port 139... so that got me curious enough to try and
connect
to these boxes. To my surprise they were full blown windows 9x and 2000
machines in homes where the owner had another machine and shared his/her
local drives with the world! Anyone from anywhere on the planet could
mount their drives. So I was nice enough to leave a note on their
desktop
informing them of the consequences of their actions.<<
Nowadays that could get you busted for pointing out the emperor's
nudity.
Windows share sniffing, if your transport hasn't blocked 139, is great
adventure.
There is/was a Windows Sharesniffer GUI which automated this. The tool
would look up
netblocks by name via ARIN, ping the range of IPs, then try to connect
on 139. If possible, it would run (apparently via a "system" command,
"explorer /r,\\12.34.56.78" which opens the Windows share browser (aka
Windows file explorer)). About half the shares had passwords,
half didn't, many printers too. The occasional social security number
could be found.
The sharesniffer.com app also had the ability to post and download info
about shares on usenet newsgroups.
Port 80, port 139, whatever. Ports is ports, unless they're sherry.
More information about the cypherpunks-legacy
mailing list