Obtaining IP Address query

[Soilworker]

Hi all,

Great site here, lots of reading!!
I have a question for any who think they may know the answer. Attempting to identify a remote IP Address, whilst establishing a direct file transfer to the host via MSN, I have been using both the IPGet script for MSN Plus and netstat. My problem is, in all attempts I have only ever identified IP's that belong to Microsoft in USA, not the intended target. Is there an explanation for this?

I have managed in the past, to identify my intended targets IP through an email header, however as it is set to Dynamic it has usually renewed by the time I get round to investigating it for open ports and vunerabilities. I would really appreciate any suggestions or advice from experienced members.

Thanks in advance,
Soilworker.

[bad_brain]

hm, I am not using MSN, but if you can't retrieve the target IP by a file transfer it is most likely that all traffic is relayed through the MSN servers (maybe since the last messenger update).
an option to get the IP might be sniffing the packets with Wireshark, I think the "msnms" expression should filter the packages so only MSN messenger traffic is displayed (if not you simply have to pick the packets by hand)....there is a good chance the target IP can be found there because I doubt the MSN servers act as non-forwarding proxy.

[DNR]

Hey soilworker, welcome to suck-o

I agree with B_B's comment above, MSN could be routing all traffic through its server (what better way to see everything one does on MSN).
I disagree with him on the respect that it will be as easy as capturing packets and looking for the IP its to be forwarded to. My research has shown some IM progs use a code - propriety code that uses numbers or a string to represent a user. That number or string is matched up to a user and translated to its forward IP on the chat server.

Some IM servers allow user to user connections for large file transfers - they rather keep that traffic off their servers to avoid lag.

This can vary with each IM prog out there, they have gotten smart on the old tricks. They promise to filter out all traffic from malicious files, but they really are just peeking at everything you say and send

Now you are left with the problem of dealing with host-based firewalls which basically makes any computer look like a black hole.

DNR

[floodhound2]

Did you try "netstat -n"? This usually works for me, but i think you need to be communicating to the wanted IP address.

Ill try later on today to see if I can remember.

[Soilworker]

an option to get the IP might be sniffing the packets with Wireshark, I think the "msnms" expression should filter the packages so only MSN messenger traffic is displayed

Ok, I have not used Wireshark yet. I will try it out and see what happens.

[Soilworker]

Hey soilworker, welcome to suck-o

Some IM servers allow user to user connections for large file transfers - they rather keep that traffic off their servers to avoid lag.

Now you are left with the problem of dealing with host-based firewalls which basically makes any computer look like a black hole.

DNR

Are you suggesting to attempt to file transfer a larger file? And if so, how large would you suggest, perhaps an .mp3 @ 5Mb or an album at around 80Mb?

Host based firewalls? Sounds like I better get reading some more, I would not consider myself to have nearly the required knowledge to perform attacks of that status just yet LOL.

[Soilworker]

Did you try "netstat -n"? This usually works for me, but i think you need to be communicating to the wanted IP address.

Yeah, I tried each of the netstat commands but without success. All identified connections relate back to 64.XXXXXX & 202.XXXXXX IP's residing in USA. There is no change upon initiation of MSN chat or file transfer. I was dissapointed when IPGet did not give me the results I was hoping for. Its actually a nice little program.

[Soilworker]

Thanks for responses so far too guys. I really appreciate the way forums can come together and brainstorm ideas to help each other out. I am fairly new to the hacking world and have a great deal to learn, but I am patient, intelligent and a naturally logical thinker. I look forward to learning a great deal from you guys.

[DNR]

np soilworker.
Don't forget to check out other IM progs, yahoo, aim, and then there is Internet Relay Chat (IRC). Lots to explore, lots to learn.

Host-based firewalls were not prevalent back in my time, but since they are free and mostly dumbed down, now every computer has a firewall on it. The trick will be trying to use traffic already allowed permission by the firewall to send in or retrieve files. Or ..

Make sure you check out the forum's old posts, your answers might already have been printed.

One side note, use the EDIT button in the top right corner of all of your posts if you need to add something more, having several posts by yourself can seem confusing or feels like something taken out of context.
Try to put all your thoughts in one box

Go introduce yourself in the "Introduce Yourself" Sticky - that will be your first hacking lesson - go find the thread

DNR

[floodhound2]

Hey in the future try to make only one post. It can be done and makes things less confusing.

I wont delete or edit them, but next time answer all in one post. Thanks

[Soilworker]

No prob's guys,

Criticism taken on board, I reply to all in a single post from now on.
Thanks again for your help so far.

[str33tl0rd]

i agree with most of the says here....but i should say that msn isn't always the best of ways to try gettin ip adresses..........sometimes what you can is a php ip log for a particluar link....so make a site...run the php log.....give the link to your friend to visit.......the log should automatically log any ip adress which has visited the site.........i like that way......its easier and no much of social engineerin is need to make the victim accept that you are not sending shits to them or anything ( thats becuase most of my friends are scared of me when i talk to them over msn.....!!!!!!!!!!!!.........and i hate it)

[Soilworker]

.......sometimes what you can is a php ip log for a particluar link....so make a site...run the php log.....give the link to your friend to visit.......

Yes, I find this method quite appealing also. I will look into that, thanks.

Note: I have gained IP addresses for several contacts now through IPGet on MSN. The pattern I have noticed though is the IP's that are identified all belong to foreign countries, mostly South America. None of the local contacts here in Australia are revealed. Don't know if there is anything to make of that, though the above mentioned technique via webpage engineering is beginning to sound more like a winner.

Thanks again.

[nightkid]

been a while since i was on here...anywho,
i used msn plus as well my friend and sad to say, with the release of 9.0 i not been able to again IPs either (damn msn) with netstat -n i assume u did that before the file transfer and after, easier to find the extra ip...i continue to use that method when im on windows and no problems???? the website is a good idea but anyone who is savvy may be onto your game unless you put a bit of work into the site to be appealing. myself i'd rather have a nice little script to grab a ip instead of directing someone to a site, perhaps research msn and make your own (and distribute here ) or keep looking for one already made, hint: google mess black