icq.txt

1000 HOWTOs for various needs [WINDOWS]

The ICQ Security Tutorial / Written by R a v e N (blacksun.box.sk)
<===================================================================> 13/7/2000, version 1.9
Author's notes: I'm getting tired of repeating myself*, so please read my previous tutorials (located at http://blacksun.box.sk). Otherwise, you might not understand some of the terminology.
* Until recently, I had to repeat concepts and terminology that I already explained about in previous tutorials so people who are just reading my first tutorial won't have any difficulties understanding it. Well, I'm kinda tired of doing so, and I'd rather spend my precious time on writing the actual content, so please read my previous tutorials first.
Oh, by the way, I just want you to understand that I am writing this tutorial in order to teach people how to protect themselves. Also, I am not responsible for anything you do, but I do recommend that you won't start stealing everyone's passwords and flooding people etc'. Use this information in order to protect yourself.If you want to impress someone, the best way is to protect him, not to attack him. This will show your true power.   ;-)
Anyway, have fun!

Oh, by the way, if you're having trouble reading some parts of this tutorial, it's because some was written on a Linux box, and Windows cannot read Unix/Linux "end of line" characters properly, so you'll have to view this tutorial in a browser or an advanced editor such as Microsoft Word.

(Send comments or questions to barakirs@netvision.net.il, or post them on our message board at blacksun.box.sk)
the files mentioned in the decryption are included with 'Wang Hack FAQ volume 6' from http://www.wangproducts.co.uk 

What's new in this version:
---------------------------
Version 1.2: added the "what's new" section.
Also added appendixes A and B.
Version 1.3: added appendix C.
Version 1.4: added appendix D.
Version 1.5: added appendices E and F.
Version 1.6: added appendix G.
Version 1.7: added appendix H.
Version 1.8: added appendix I.
Version 1.9: added appendix J.

Table of Contents
<===============>
What is ICQ?
* What does ICQ do?
* What is it good for?
* Where can I get it?
* Before reading this tutorial.

Why is ICQ so insecure?
* Client-side operations.
* Sloppy programming and beta testing.
* Other instant messangers.

The cracks
* What are cracks?
* What can ICQ cracks do for me?
* How do they work, and why are such things possible?
* Where do I get them?
* Unhiding IPs without the cracks

Flooding
* Various types of floods.
* How do those programs really work?
* What to do when you are being flooded.

Spoofing
* What is spoofing anyway?
* How can I spoof ICQ events?
* How do those programs really work?
* Using spoofing to play pranks on people
* Using spoofing to corrupt a person's DB.
* Protecting yourself against DB corruptions.

ICQ homepage flaws
* What is the ICQ homepage?
* How can I crash a person's ICQ client using flaws in the ICQ homepage feature?
* How can I gain read access to a person's HD using flaws in the ICQ homepage feature?
* On which versions will this work?

Tricking ICQ's file transfer feature
* How can I send someone a picture, a text file etc' that is actually a program?
* Why does this happen?

Unhiding invisible users
* The web-aware option.
* Various creative tricks.

Stealing passwords
* Stealing the DB.
* Exploiting the forgotten passwords feature in ICQ's homepage.
* Guessing the password.

Final notes
* To use or not to use?
* Why did AOL buy Mirabilis for so much money?
* Running ICQ under Linux.
* Some rant about ICQ chain letters.

Appendix A: Getting that little port by yourself
* How do you do it?
* Why is it better to do this by yourself?

Appendix B: The advantages of Unix ICQ clones
* Killing the "you were added" notice.
* Getting the IP and port from the client with no need for any patches.
* Built-in message spoofers.

Appendix C: IP ==> UIN convertion by yourself
* Why would I wanna do this?
* How can I do this?

Appendix D: More fun with contact lists
* How can I easily delete someone's contact list without using a spoofer?
* How can I evade this vicious trick?

Appendix E: Incredible tricks with the ICQ protocol
* What cool tricks can I do once I learn the ICQ protocol?
* Where can I learn the ICQ protocol?
 
Appendix F: Reading someone's contacts and history log 
* How can I read someone's contacts and history log? 
* Can I also get his ICQ password that way? 

Appendix G: WebIcq.com
* What is WebIcq.com?
* What's so interesting about it?

Appendix H: Cracking the ICQ Password By Yourself
* How can I crack the ICQ password all by myself, without the use of a program, once I have the DB files?

Appendix I: 00.00.00.00?? / 0.0.0.0??
* Why do I sometimes get false IPs such as 0.0.0.0?
* How can I overcome this?

Appendix J: Newer ICQ Holes
* ICQ Guestbook holes.
* ICQmail hole.

Other tutorials by BSRF
* FTP Security.
* Sendmail Security.
* Overclocking.
* Ad and Spam Blocking.
* Anonymity.
* Info-Gathering.
* Phreaking.
* Advanced Phreaking.