icq.txt

1000 HOWTOs for various needs [WINDOWS]

---------------------
I know many people who do not use ICQ nor any other instant messanger because of security reasons. You could also refuse to use Email in fear of being mailbombed or receiving "hostile applications" by mail, refuse to use the web in fear of getting into a hostile page, refuse to use IRC in fear of getting DoSsed or hacked by someone etc'. I personally do not believe that the solution is to simply give up. If you face a security problem, learn it and do your best to fix it.
I hope that you will use the knowledge you have learned while reading through this tutorial to do your best to secure yourself from ICQ and it's security issues and flaws, instead of just giving up.

Why did AOL buy Mirabilis for so much money?
--------------------------------------------
Those of you who read the introduction (you're saying you didn't read it? Naughty naughty!), or those of you who heard about it in the news, know that Mirabilis was bought by AOL for 400 million U.S. dollars in 1998. But why would AOL buy Mirabilis for so much money?
The answer is - Email addresses. ICQ has hundreds of millions of users, and hundreds of thousands of more people are registering more ICQ accounts every day. Most of those people will have an Email address, and put it somewhere in their info. My guess is that AOL are selling some of these Email addresses to spammers (not too many and not in one time, in order not to scandalize the net) for money (and lot's of it. I was once offered 90$ by some firm for every 1,000 Email addresses I sell to them).

Running ICQ under Linux
-----------------------
ICQ for Windows 3.11, ICQ for Windows 9x, ICQ for Windows NT, ICQ for Mac, ICQ for Java... what? No ICQ for Linux?
You must be wondering why Mirabilis didn't release ICQ for Linux. Well, let me tell you a little story. The Cyber God, a member of BSRF, signed up for some mailing list he found at Mirabilis's homepage. It said that members of this mailing list will be notified when a Linux version of ICQ goes out. He waited and waited but nothing happened. After a while, he decided to go back to Mirabilis's homepage and look for the page where he signed up. He searched and he searched, all with no luck - this mailing list disappeared without a trace.
Conclusion: ???
Did Mirabilis fail to port ICQ to Linux (to port: to make a version of a certain program for another OS)? Did the project lose it's budget? Nobody knows...
Anyway, if you really want to run ICQ on Linux, you could either:

A) Download ICQ for Java, and get a Java Virtual Machine for Linux. Start your JVM and run ICQ for Java on it.
B) Go to www.linuxberg.com, go to their software page, find the ICQ page and you will get a nice list of ICQ clones for Linux.

Some rant about ICQ chain letters
---------------------------------
Probably the most annoying thing about ICQ is not it's poor security, but it's never-ending flow of chain letters. Forward this or Mirabilis will start charging money for the use of ICQ!! Forward this and your ICQ will change colors!! Forward this and your crush will kiss you!! Forward this to everyone - there is a virus in the new release of ICQ!! Forward this to everyone - do not add 5917057 (or any other UIN), he is sending viruses!! Forward this to 1-5 people and your crush will kiss you, forward this to 6-10 people and you will win the lottery etc' etc'...!! Forward this or your monitor will melt down!!
People, people, be reasonable! I never forwarded any of this crap, and Mirabilis didn't charge a penny from me, I didn't get runned over by 49 Budist monks, I didn't get my computer infected with any viruses nor hacked etc' etc' (although my monitor did melt... kidding!).
Please don't forward any of this crap. I promise you that nothing bad will happen if you won't forward these letters (I mean, everybody knows that the only chain mail that brings you bad luck if you don't send it comes by real mail...   ;-) ).
Also, if you want a good laugh at someone who forwards you a chain letter, send him this message:

This is an ICQ chain letter. Please do not stop the chain!
Cindy from Sydney forwarded this letter to 49 million people and became the queen of Zaire!!
Masha from Russia forwarded this letter to 23.7 million people and became an astronaut and got to fly to the moon!!
Gil from Brasil didn't forward this letter to anyone and was turned into a frog!!
Chan from Japan forwarded this letter to 107 thousand people and became the world's Pokemon and PacMan champion!!
If you forward this letter to 1-5 people: 1-5 people will be pissed at you for forwarding them a stupid chain letter!
If you forward this letter to 6-10 people: 6-10 people will be pissed at you for forwarding them a stupid chain letter!
If you forward this letter to 11-15 people: 11-15 people will be pissed at you for forwarding them a stupid chain letter!
If you forward this letter to 16-20 people: 16-20 people will be pissed at you for forwarding them a stupid chain letter!

Funny, huh? I wrote it myself... *grin*

Appendix A: Getting that little port by yourself
================================================
Yes. You can get that little ICQ port by yourself, faster than any stupid "ICQ Portscanning 3l33t k-rad h4x0r1ng proggie" and flood, spoof or just plain annoy people like hell!! WHEEEEEEEE!!!
How? Simple. Remember when I told you about "the cool way" to get IPs on ICQ? Well, getting the port is almost the same. You see, once you find the IP you will also see the port nearby. Connections in netstat are displayed by their IP, the local port and the remote port, so all you have to do is find the remote IP of your target. This is what you'll see: his-IP:the-port. So simply look after the : and you'll see the port.
Also, there is an even easier way to do this. Read appendix B to find out more.
Thanks to Zero Alpha for the idea behind this trick.

Appendix B: The advantages of Unix ICQ clones
=============================================
Although ICQ clones always have less features than official releases of ICQ itself, they sometimes have some neat features, such as a menu option that updates all of your contact list's info, a button that tries to connect to the next server out of a large list of servers if you fail connecting etc'.
Also, most ICQ will display the target's IP and ICQ port within a new field in the info page, as well as let you add people without authorization nor without notifying them (although you could choose to notify someone he's been added).
Hell, some ICQ clones will even have a built-in message spoofer! Hehe...

Appendix C: IP ==> UIN convertion by yourself
=============================================
Suppose someone just tried to nuke you. Your firewall stopped the DoS attempt. You wanna chat with the idiot and tell him how stupid he is, but alas - you only have his IP address. No problemo! If this user has ICQ, you can get his UIN quite easily.
There are infinite reasons for why you would wanna know how to convert IPs to UINs. I'm sure you could think of at least five in about a minute and a half, so instead, let's just get on with it, shall we?
This little trick is quite simple. First of all, grab a simple message spoofer. Then, feed it with the target's IP, and send a spoofed message that comes from your UIN. For example: if your UIN is 5917057 (that's MY UIN, actually...  :-) ), you should spoof a message from that UIN (spoof messages from my UIN and I'll kill you!!  :-) ). So grab a simple message spoofer and send a "spoofed" message to your target's IP. Now, in this message, you need to include something that will surely get replied to. It could be something offensive, something interesting or appealing (sending a "Wanna learn how to hack Hotmail" to the usual script kiddie would surely get replied. Also try "Hey, I have a surprise for you...". In other words, anything that will surely get replied to) etc'. Now, suppose the target replies to your message. Where do you think the reply goes to? You, of course! It's your UIN, after all! Since you've sent this message from your UIN, this is where the reply will go to.
Now, that you received an ICQ message from your target, you will also have his/her UIN

Appendix D: More fun with contact lists
=======================================
As I've already said, if you make someone add himself, he will lose his contact list unless he has the patch against it. I've already gone through the process of using message spoofers to make someone add himself. Now, here's another cool way to do this.
First thing's first, you need to have this person in your contact list. Then, change his name on your contact list, and send him himself as a contact. It will appear to him that the contact you're sending him is another person's contact, and he will add this person, which is actually himself!
If you want to protect yourself against such things, simply install the patch that let's you add yourself to your own contact list (we've already discussed about where u can get this patch), or simply make sure you don't add yourself.  :-)

BTW the cool person who came up with this trick is Dr. Virus (another member of BSRF. He's the one that made the flash intro and menu).

Appendix E: Incredible tricks with the ICQ protocol
===================================================
Imagine that you could hijack someone's session with another person and eavasdrop their conversation. Imagine being able to get the IP, port and a lot of information about a certain user within a couple of seconds. Imagine having more power over the system that you can think of.
You can get this power by learning the ICQ protocol. The problem is that other people can learn it as well, and use this knowledge in order to maliciously harm you. Don't get caught with your pants down.  :-)
Learn the ICQ protocol here: http://www.student.nada.kth.se/~d95-mih/icq/
Get some canned programs to see what can be done using this knowledge and learn more about the ICQ protocol from the source (please do not abuse these programs!): http://www.hackology.com/~ewitness/

Thanks to Eyewitness for the URLs.

Appendix F: Reading someone's contacts and history log 
====================================================== 
If you manage to get someone's DB (stands for database) files, located at the appropriate DB directory under his ICQ directory (for example: the DB files in icq99a should be under db99a or something of that sort), you can place them in your DB directory and then start ICQ as another account with that person's contact list, history log etc'. 
Just remember that if the other person has an older version of ICQ, you might have to use the DB converter to convert his DB files to fit with your new version of ICQ, and if the other user has a newer version, than you have to get his version to fit. 
Oh, and you can also get his ICQ password. It's usually located in the line that starts with IUserSound (or maybe it was I_UserSound or something of that sort. You should experiment with your own DB files), or just get an automated ICQ password recovery tool from the net (there are thousands of these in every script-kiddie archive). 

Appendix G: WebIcq.com
======================
www.webicq.com is a service that enables you to access your ICQ account from anywhere in the world. But what's so interesting about it?
Well, first, as for the moment, it enables you to add people to your contact list without their authorization. Groovy!
But that's not all. If you're having any difficulties with the crack that enables you to run multiple instances of ICQ at the same time, or cannot find a crack for your version of ICQ, relax! You can always use webicq.com as a second ICQ window. Have fun, and play nice.      ;-)

Appendix H: Decrypting The ICQ Password
=======================================
The following is taken with permission from www.wangproducts.co.uk:

Decrypting the ICQ99b password
------------------------------

Last volume we talked about playing around with ICQ and we briefly mentioned the ICQ password. Here is what I said:

Versions before ICQ99b store the ICQ password in plain text (i.e. not encrypted) in their DB file (I believe they are now encrypted? - email me if I am wrong). The DB file is located in the following different places depending on your version:

Version lower that ICQ99a = \ICQ\DB\ 

ICQ99a = \ICQ\NewDB\

ICQ99b = \ICQ\DB99b\

Simply look through the file for the password - it usually appears on the line beginning "iUserSound". You could also use the web-server exploit detailed earlier to get the DB file.

Well, I have been doing some research on the ICQ99b password - and yes, it is still in the DB file...but encrypted. The DB files are two files which are called:

<your UIN>.dat
<your UIN>.idx

In order to decrypt the ICQ password, you will need 3 pieces of information:


Your UIN 

Your CryptIV value 

The encrypted password

Your ICQ99b password is encrypted in the .dat file, in the folder \ICQ\DB99b\ and it appears after the text:

Password

I bet you couldn't have guessed that one! Right, the actual encrypted password is the text 4 chars on from the word 'password'. Here is an example:

Password k