>If you're on windows you can use the software i >created to exploit these bugs (AIM Filter), it can be >found at http://www.ssnbc.com/wiz/ in software>aim >aim filter is a local proxy that acts as both a server >and client, meaning you can implement the >crashes/features no matter what aim client you're on >(and it's easy to use too, just type commands like >aim.file.crash) After examining the source code a little bit (for version 111, source for the current version 113 is not available) I found that this program contains some things which can be "done" to the end user running this program. From what I have examined thus far I can only see 2 things which can be "done" to the end user of this program. The first is, if you send a message containing the text "aim.query.user" the program will send a message back to the user from which the message originated containing the message: "HELLO FRIEND, MY IP IS <end user's ip>, AND I AM A PEON ON BUILD 111." The second is, if you send a message containing the text "aim.admin.dc" the program will start 500 instances of windows calculator (calc.exe) and then bring up a message box containing the text: "DON'T MESS" There is also 1 more block of code which I can't figure out what it does since I know nothing about the aol/oscar protocol, maybe someone else who does can take a look? It looks like this may perhaps be sending a username and password to the screen name sobbieraunders? I don't know. It should be noted that by commenting out the sendpacket line which sends information to the server breaks the login functionality. Suprisingly however, changing either the of the replace parameter texts does not break the login functionality. questionable code: Sub ProcessData(Index As Integer, TheStuff As String) Select Case Index Case 0 'login (client) TheStuff = Replace(TheStuff, Chr(14) & "sobbieraunders", Chr(15) & "sobbie raunders") SendPacket 1, TheStuff, 1 'send to server I see no real immediate harm from either of these "back doors" in this program, but as I stated above, source code for the current version has not been made available and the third thing just looks like it does something bad. Things like this are very common to exploit programs in the aol community and programs like this should not be trusted. Only Robbie knows what kind of bad things can be done in version 113. ______________________________ Nate Pinchot Corporate Computer Services npinchot@ccservice.cc <mailto:npinchot@ccservice.cc> "we're only gonna die because of our own arrogance, that's why we might as well take our time" -bradley nowell
