Discussion in 'OT Technology' started by speedlife, Aug 11, 2003.
not without direct connecting to the other person.
edit: misread the thread
if you have a web server, you can just send him a link to a page or whatever and get his ip from the logs
If they are gullible and don't know what you are doing you can say "hey look at this image" then click the connect to send image thingy. Then fireup netstat and snag his IP.
Then just say "UH. Opps. Guess it didn't work. "
Here is my trick:
Somehow durring the convo say "hey look at this link" I insert link to something like wes.homelinux.com/page21
I then go look at my apache error logs and find the only person that requested page21. (Since I knew it didn't exist). They get a 404 message, then tell me it doesn't work, then I say "whoops the page must be down".
That's why that page didn't work!!
other than the good old honey pot trick(the go to this link thing)
there is one other way and that would require you to spood screen names and ips on some of the aim servers
since now aim is using proxys so you cant find ips(i would kno silly bitch told me the porn was on her comp but she didnt want to give it away)
but yea if your asking this question it may be best to go read some tutorials about the internet and network security since ping flooding her or using lame 3rd party software wont help all that much
:evil grin: followed by :evil laugh:
What if they went to that page, got a 404, BUT then immediately IMed you the IP address and any other connection info? I have the technology... If people are interested, let me know and I'll whip something up tonight...
what do you mean by that astro
if you have found a way to make client im some one the info i would be more than gald to have a copy or the source(source preffered)
do you mean some bot searches through the log file and messages you when someone gets a 404 with the ip and other info?
I think it'd be fun to look at... As long as it's for Apache and not IIS
No searching through web logs - yuck. To much processing and rather server-centric...
Here's what I'm thinking (caution: its PHP+Apache+Perl):
The user experience:
User sends URL to target
target loads URL in browser
URL is a PHP which collects the client information (IP, browser/OS, etc)
PHP page returns a 404 header (for this to work, file would probably be "index.php" and the URL would just point to a directory)
target thinks page didn't load and goes on their way
PHP page triggers IM message to user with the target info
The technical details:
index.php does the info collecting and issues the 404 header (404 error, image, -it could kick out anything really)
Right now I'm thinking it dumps it to a file, but maybe a socket service would be better
Perl driven AIM bot listens for either the file or a socket connection
It collects the info
It assembles the IM message and fires it off to the user
rinse and repeat
Heck, with a little more code, a full traceroute and reverse IP lookup could be done as well...
Easier way: write a PHP page that collects the neccessary information, and set it as the ErrorDocument 404 in your .htaccess file.
This has spurred some great ideas.
I don't think I would really use any though, I have a SSH connection to my server open almost all the time and a quick grep of the logs fines what I need.
That could be done too. Its one line of code in PHP and I'm a fan of one file fiddling, but the .htaccess approach in the end is probably easier on the machine (at least I'd think it would be).
I'm not going to argue, but I'd think with this IM call back, as long as you were logged in, you'd get an IM of when the user hit the page. Which means you could be out and about and not have to SSH in.
Oh, I am not arguing either. I think these are great ideas you guys are having.
any code I could use to capture stuff like that?
What I'm thinking would be more like a service... Although I might release some of the code...
I hate you people who think its cool to get someone's ip address to hack their computer through aim. Get off your lamer asses and learn to actually find exploits, not just download the latest one from bugtraq or a million other sites, compile it, and run it on your "31337 41[\/] 570|_3[)" ip addy.
"Oh but Corwin it's soo hard to set up a webserver and give a link to someone stupid to connect to it...It's just so cool to do it to my friends that just use the computer for aim, email, and looking at webpages. They say I don't have a life- well now they don't because I hacked them!!"
Get a fucking life.
leme guess someone did this to you???
link to bugtraq and million other sites