DSNS is a fast, flexible and easy-to-use network scanner. It uses fast SYN-scanning but in addition to open-port-checking, it is able to validate the service that is running, eg. login to FTP services, check proxys and more. It is highly customizable, so you can use it for alot of things.
Here is a way I discovered how you are able to locate users of the file-sharing tool "KaZaA" with DSNS and access their mp3 files without running KaZaA itself.
1- Select any dailup range 2- Add port 1214 (protocol probe: HTTP (GET), file: /) 3- Go!
After just few seconds I got following results:
217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient 0.1 217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient Jul 5 2001 17:18:29 and so on...
4- Now open your favourite browser and goto http://*ip*:1214/ 5- Have fun;)
What do you use DSNS for? Post into the port scanning forum.
wicked
Jan 4 2004, 09:06 AM
make sure to look into the other little bit's 'n' pieces also like these files:
# dsns multi-ip ranges list # # same format as ranges.txt but a multi-range is started by a colon # after the colon must follow a description for that range-'collection' # the description must be more than 4 chars, otherwise multirange gets ignored # be sure to make multi-range descriptions UNIQUE! # :Chello DHCP COM21 range:62.163.xxx.xxx - 62.163.xxx.xxx:NL Chello DHCP COM21 (UPC-KT-CABLE55)
# DSNS Port list file # 17 * qotd :Open port 19 * chargen :Open port 21 * ftp :Open port 22 * ssh :Open port 23 * telnet :Open port 25 * smtp :Open port 43 * whois :Open port 53 * domain :Open port 79 * finger :Open port 80 * www :Open port 110 * pop3 :Open port 113 * auth :Open port 119 * nntp :Open port 137 * nbname :Open port 139 * nbsession :Open port 143 * imap :Open port 1080 * socks :Open port 3128 * www-proxy :Open port 6667 * irc :Open port 8021 * ftp-proxy :Open port 8080 * www-proxy :Open port
if you have any intersting ports/protocols to add ... Please do..
Wkd..
.../
cartman
Jan 4 2004, 10:12 AM
seems to be a good tool ... I try it, Thx
wicked
Jan 4 2004, 10:14 AM
some interesting ports you may want to add/edit:
CODE
135 DCOM
DCHP Manager Client Server Communication MS Exchange Administrator RPC Microsoft Message Queue Server SQL Session Mapper WINS Manager
137 NetBIOS
File shares name lookup Login sequence NetBT name lookups Pass Through Verification Printer Sharing name lookup SQL encryption over other protolos name lookup WINS name service, proxy, registration
138 Login/Logon
NetBT datagrams NetLogon Pass Through Verification
139 CIFS
DNS Administration File shares session Login sequence NetBT service sessions Pass Through Verification Printer sharing session SQL session
445 CIFS See above 593 RPC-over-HTTP MS Exchange and Outlook
Enjoy!
Wkd...
)Oni(
Jan 4 2004, 10:22 AM
very n1 wicked thx alot !
r00l
Jan 4 2004, 10:25 AM
i tried to scan for kazaa as it is shown but here's what i've got:
*.*.*.* 1214 HTTP/1.0 404 Not Found (Kazaa (User: Bagdi)) (148 Bytes read) *.*.*.* 1214 HTTP/1.0 404 Not Found (Kazaa (User: Kim)) (145 Bytes read) *.*.*.* 1214 HTTP/1.0 404 Not Found (Kazaa (User: attila72)) (151 Bytes read)
and so on...
why's that?
wicked
Jan 4 2004, 10:54 AM
Also
Finding Open Ports
CODE
You may manually search for open ports on a Windows computer by executing the netstat command at the command/DOS prompt:
Shut down all running Windows programs Go to the Start menu and select Run In the dialog box type command and hit OK At the Command/DOS prompt type: netstat -a Examine the list of open ports & their associated addresses The port number is located after the colon in the left column of the list (ex: mst3k-XP:4444 - 4444 is the port number) Signs of a possible compromise include: open ports associated with this compromise: 27665, 6351, 48522, 56498, 4444 open ports associated with a non-UVa IP or host (in some cases these MAY be legitimate, but normally are suspect)
and..
Network Scanning Details
CODE
ITC's network scanning begins with a probe with the Retina DCOM Lite Scanner to determine the status of the DCOM RPC service on a machine. A positive hit garners a "vulnerable" designation. Subsequent scanning is concentrated on open ports in the list of: 27665, 6351, 48522, 56498, 4444. Each has been implicated in compromise packages used during this incident. Matching one port gains a "suspect" designation. There are legitimate services running on some of these ports that may be innocently funtioning in the midst of mass compromise. Thus, matching a suspect port does nothing but garner suspicion. No action is taken against an IP matching only one suspect data port. Matching multiple ports gains a "hacked" designation. Commonly, machines matched pairs of either: 6351/48522 or 4444/48522. Each case, however, shows reasonable suspicion to consider the machine compromised. Machines consider hacked have been filtered by ITC at various points around the network and had their networok access blocked.
wicked
Jan 4 2004, 10:56 AM
prolly cause he/she's using Kazaa++ which can block connection attempts to port 1214.... and uses some other Port's to vent connections through...apart from that .. Dunno..
Wkd..
rush
Jan 4 2004, 11:35 AM
Ah yes, i found this scanner some days ago in a threat, it really rox! The only thing is that you need allot of bandwidth if ya want to scan that fast! -Cool kazaa trick btw, never knew that that could!
boshcash
Jan 4 2004, 02:28 PM
that scanner is the best because its really flexible i use it for 2 months i didnt see a better one ..
UnDeRTaKeR
Jan 4 2004, 10:23 PM
WoW i love your posts wicked! 10x a lot man!
BeNiNuK
Jan 4 2004, 11:17 PM
QUOTE
Come get some! Do you want some mp3 files?
Here is a way I discovered how you are able to locate users of the file-sharing tool "KaZaA" with DSNS and access their mp3 files without running KaZaA itself.
1- Select any dailup range 2- Add port 1214 (protocol probe: HTTP (GET), file: /) 3- Go!
After just few seconds I got following results:
217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient 0.1 217.1.x.x 1214 200 OK, KazaaClient Aug 29 2001 19:44:27 217.1.x.x 1214 200 OK, KazaaClient Jul 5 2001 17:18:29 and so on...
4- Now open your favourite browser and goto http://*ip*:1214/ 5- Have fun;)
What do you use DSNS for? Post into the port scanning forum.
when i try to go to there ip eg http://213.89.37.222:1214/ it never works? can u help me why i have a router as well maybe its something to do with this? Thanks
wicked
Jan 6 2004, 06:38 AM
I guess you must think about Firewalls and stuff every now and again...
Wkd..
.../
ThinIce
Jan 21 2004, 12:08 AM
Whenever I've used this program, I've -alway-s come across a wealth of cool stuff.
jak3c
Jan 21 2004, 08:55 PM
ouch it's a very good tool ! thanks wicked
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
... I try it, Thx
