[tut] How To Find The Ip Of A Client

[hummmu]

I'm getting sick of newb posting over and over about how to find the IP of client, when its slightly hidden.

If the client is packed.
•First open ur client with a Hex editor.
•Look at the header of the script, where its says “This program cannot be run in DOS mode ... bla bla bla” A bit further down, if ur client is packed then you will see something similar to this “Compressed by Petite ©1999 Ian Luck”
•Then that’s the moment where you say “fuck”, cause that dude who’s hosting the server just gave you an extra 5 min of work, by lamely packing his client.
•Now ur gonna need an unpacker. Probably the best for your ppl lvl of knowledge, would be <a href='http://www.chez.com/sahesa/dwn/ProcDump32.rar' target='_blank'>ProcDump32</a>(YOU HAVE TO RIGHT CLICK). Which is a basic PEunpacker/packer.
•Now unpack the client using ProcDump32, select the unpacking form, based on what is in the header of ur client, when you first hexed it.
As in this example “Compressed by Petite ©1999 Ian Luck”, you would select Petite<1.3.
•Once its unpack you can simply hex it, and find the ip. But if the host bother packing his client, he will probably edit out the word checksum.
But lucky for you, the IP is always on the 000BA500 line. So just use ur hex editor, search for that line, and you get the IP.
•Btw… once the client is unpacked, you can easily code it using OllyDbg, Charlie’s code and directly edit the client with the hacks.

If you don't want to bother unpacking the hole client
•Connect urself to the server, using the client.
•Alt-tab back to window.
•Click on START --- then RUN --- type in CMD
•There a plenty of different command you can type in to get the IP, but probably the best one is: netstat –no
Where n show the address and port of the connection
Where o display the PID of the application.
•And if at that point, you still can’t figure how what you’ve just done, then press CTRL+ALT+DEL, click in the VIEW menu, and select “Select columns” and check the option PID. Then match the PID of ur HB process with the IP you got.


Feel free to comment my procedure, and add yours if you know other way.


-MySeLF-
*pinned* -tyteman

[James!]

The Link Of The Unpacker is false B)

[James!]

This it is a Link that it works correctly
<a href='http://www.fortunecity.com/millenium/fi ... f-pd14.zip' target='_blank'>http://www.fortunecity.com/millenium/fi ... d14.zip</a>

[bolex17]

Another way to do it is..

Tools Required.
TSearch Edited Edtion.
Look on a few pages back, i posted E-Search

Direction
Open up your client, then use Tsearch to target the client, open up the hex editor in tsearch and click the small magnify glass in the hex editor window and search
"magiccfg" without the quotes, scroll a few lines up and you should see the Ip.

[hummmu]

yeah but depending on the version, the magiccfg is not always at the same place.
The IP is always on the 000BA500 line.

[powermage]

actually u can get the ip when u create the acc then u go to history then u look for the numbers ^^ simple and easy =)

[hummmu]

true... but that requires more than 2 brain cells, what most of the ppl who need a TUT to find the IP of a client, have...


soooo drunk, so fuck it, if it dsoesn;t make sense.

[SexyJake]

Here's a working link for Proc....


<a href='http://www.fortunecity.com/millenium/fi ... f-pd14.zip' target='_blank'>http://www.fortunecity.com/millenium/fi ... d14.zip</a>

[Lopo]

What happened to the good old cntrl+f checksum error?????????

[diwx]

What happened to the good old cntrl+f checksum error?????????

compressed :unsure:

[sahar]

What do you mean by compressed :huh: :huh:

[HzK]

What do you mean by compressed :huh: :huh:

I think he means that the person packed the client.

[Cleroth]

Find the IP of a client? lol. Just go to www.whatismyip.com
:ph34r: :ph34r: :ph34r:

Btw Petite is sux packer.

[James!]

ProcDump32 Sucks

[Inf3ktion]

-Clears throat-
Ahem..
Alt+Tab
Start>Run>Cmd
netstat -n