Page 1 of 1

123flashchat - exploiting / hacking - possible ?!

Posted: Thu Jun 25, 2009 12:37 am
by ivsolhau
Hi
I'm all new to hacking, and I'm norwegian so pardon my english.
The chat I'd like to mess around with a little is an erotic chat called Eros. It's a norwegian chat and based on the 123flashchat software
To test, go here: http://chat.eros.no/chat.php?page=flash ... skin=clean

What I would like to do is either be able to sniff users IP, or be able to log in as moderator or admin.

If my post here is way out of line, please just delete it :)

sencerely

Ivsolhau

Re: 123flashchat - is it possible?

Posted: Thu Jun 25, 2009 11:36 am
by Sethioz
Hey. nothing here is out of line (if its in right sub-forum)

i took a very quick look and it seems that there's lots of stuff that can be done, but i can't test, because some changes are not even seen by client and there's way too many users.
maybe you can host a free site somewhere and then upload that very same flashchat. for example you could use netsons.org (its not english, but you can upload chat there)
you could find some smaller chatroom with less users, but they would prolly boot me in middle of testing, which is annoying.
anyways, here's few ideas:

change font size to HUGE so it covers whole screen or even 10 times of screen.
messing with the emoticons
there's also few more arguments which i have no idea what they do right now, but prolly they are something like ..font color, font type..etc, which means that it is very possible that if you enter 'invalid' value then other users crash.
here's the "message" packet:

Code: Select all

<TalkMsg color="0x333333" fontSize="12" u="0" i="0" b="0" dest_uid="" emotion="e1" msg="blah" />.
as i said, i only took quick look so i don't know if there's admin/mod icons or something, but if yes, then im quite sure you can use them. as you see color can be changed to anything, it is a simple HEX code. also as i said before i don't know what are those "u" "i" and "b" or "dest_uid=". you need your own chat to test in. or well i could test if you can host a chatroom into some freehosting. once you have a place where to test you can just add me to msn and we can test.
i kind a like chatroom hacking and exploiting.

oh yeah and on top of that .. i could prolly write a fake user flooder using Luigi's original flashchatz program, but again it needs testing in controlled environment where you don't get banned during the process.

UPDATE:
already got banned, so obviously it worked. i used WPE pro and sent 99 packets with fontsize set to 90, but since i don't understand a word they saying in there, i can't tell if they banned cuz of spamming or fontsize. ..so need a test chatroom.

Re: 123flashchat - is it possible?

Posted: Fri Nov 12, 2010 7:30 pm
by ThEMaDMaN
hi again man ur fast at replying and thanks alooooot coz it will be my second hack lolz first was wep hehe it was fun sooo now i know smthings about the tamper data also and now what is possibly there that i can do ? well i dont have that 123 flash chat client coz its not free lolz well there's a trail but still i dont know how to create a server and all that lolz i suck but what to do have to try smthing well i am trying on that side also i was trying to create a site also but m stuck with the server thing when i open it works but when anyone else opens it works untill login screen and says connection error lolzzzzz i hate that well if u can help me with that also so ill be thankfull opz i got lost so i was saying i dont have the client so how will we test it ? i realllllly wana do it and i reallllllllyyy neeed help m waiting again thanks aloooooooottttttt

Re: 123flashchat - is it possible?

Posted: Fri Nov 12, 2010 11:07 pm
by Sethioz
you can google for one where you can test, where's not many ppl visiting.
if you get me a full copy, i could put it up on my hosting too.

Re: 123flashchat - is it possible?

Posted: Sat Nov 13, 2010 8:48 am
by ThEMaDMaN
hi again umm this site is for the test perpose there arent many users on it like max 12 or 13 in one room soo this is the one and about the chat client in the trail u get full access just the problem is that only for 30 days so isnt it ok to use the trail for testing ? u can get the trail on the main site of 123 flash chat :) okz ?

Re: 123flashchat - is it possible?

Posted: Sat Nov 13, 2010 3:46 pm
by Sethioz
you can test "there" if you found something and think that those 12 ppl will not ban you for testing.
and its TRIAL, not trail, trail is what snails have when they move lol.
and im not putting trial on my hosting, its useless.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 13, 2010 10:54 pm
by ThEMaDMaN
lolzzzzzzzzzz n wow okz trial welll what should i test there? and yeah offcourse they will ban me but i can unban my self well its ccleaner gota restart the pc few times and all that n about trial u can put it any site i got a domain also and hosting site also locknerd is also for hosting so u can use that right ? plzzzzzzzz help me out lolz i know its like i dont know anything much lolz but i wana learn so help me outttttttttt

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 13, 2010 11:38 pm
by Sethioz
use ccleaner and restart pc to unban yourself ?? wow i dont even know what to say.
what exactly you on about ? you pop up here and saying HELP. i cant help, if you are making no sense. this thread is about 123 flashchat exploiting, not about "lolz" or how to hack using ccleaner and restarting.

all exploits i have found in 123 flashchat are already listen in my first post, i dont understand what you even after.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Nov 14, 2010 2:14 am
by ThEMaDMaN
okzz well i am looking for the same thing as u have for flash chat like using kick and ban or chating with other's nick or having admin powers but the software is not working for me its its giving error here's the error details >

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.


For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Nov 14, 2010 2:21 am
by Sethioz
that is different flashchat from "tufat flashchat".
you havent figured it out, that exploits for tufat flashchat does not work on other chatrooms ?
what software ? there is no "hacking software" for 123flashchat. or are you talking about some external, if so, post a link. i would like to see other exploits for this chatroom too.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Nov 14, 2010 3:20 am
by ThEMaDMaN
ops i forgot to tell i did knew its diffrent but there;s no harm in trying to i tried Extreme FlashChat-X.application yeah the one in this forum soo?

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Fri Nov 19, 2010 3:45 pm
by ThEMaDMaN
okzz no reply from ur side well i was reading another exploit thread on paltalk so i thought of using WPE PRO on the flash site also and i tried also even when i send packets it doesnt work i dont know i mean we can do smthing with that right? i dont know how to use it barly used it so help plz???

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Fri Nov 19, 2010 8:06 pm
by Sethioz
i had nothing to say about so stupid thing. its like saying "it wont do harm to try and drive car in air, instead of airplane". they have completely different protocols.
wpe pro is not for that. use webscarab on full. read on my wiki about webscarab (download links and full tutorials).
you can make permanent filters using proxocket (also on my wiki).

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 20, 2010 5:41 pm
by ThEMaDMaN
hii againnn yeah i write nonsence smtimes well okz wow it worked web scarab is working and its attached with my internet explorer okz this is working but next no its not working when i use a smiley or block user or do any kind of things in chat room webscarab intercept window does not comes up ? well i think coz its based on swf and it runs everthing from it ? well i dont know i have this stupid ideas only lolz so what now?? what can i do to hack it ?

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 20, 2010 5:59 pm
by Sethioz
webscarab full works with everything. run it on full mode.
and look what you intercepting. smileys might not use POST parameter, try intercepting each parameter one by one to find out which parameter it uses.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Thu Dec 30, 2010 3:28 pm
by ThEMaDMaN
hey howz u ohk now i tired that long time ago when i read ur post first but nothing works ?? i dont know what to do ? now!!???

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Thu Dec 30, 2010 7:59 pm
by Sethioz
maybe i take another look in it, until then you can test what i have suggested.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Wed Jan 05, 2011 7:09 pm
by ThEMaDMaN
hi howz uu m fine ! umm i tried everything ! i knew !! i have acess of host id and soon will also have admin id but dont know what to do ! plz helpppppp

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Mon Mar 14, 2011 6:42 am
by 123flashchat
to hack 123flashchat is extremely expensive as far as i know, you need to buy a $1000 server to install the chat, then buy the $1499 chat, lol.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Mon Mar 14, 2011 6:51 pm
by Sethioz
we do not email here, discussions will remain in public, on forum, not via email. so i edit removed the email.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Tue Mar 15, 2011 2:29 pm
by KEN
with the 1 post he has and the id he told,looks like he is wanting to increase his sales through advertising on a famous forum :p

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Apr 02, 2011 12:53 am
by crogeniks
Hi Sethioz,

I'm writting here about all that 123flashchat hacking and stuff. I checked the wiki, many posts, youtube videos etc. Nothing helped.

so here's the thing.
There's an 123flashchat that i often go, and I see a lot of people messing with it, so I know its hackable and all. I just can't figure out how. I don't really want to mess with the chat, but mostly learn about hacking and stop to be an ignorant.

Don't know if you can see about that and stuff. The desired hacked chat is too big however, too many admin and mods, you're testing would be annoyed :P

Just let me know about all that, and thanks.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Apr 02, 2011 11:51 am
by Sethioz
i dont really know what else to add, i have checked it once, but atm im not really interested in this 123flashchat.
read other posts, like the "tufat flashtchat" hacking, its also on wiki. you will get a good idea how its done.

tools you can use are ever the same.

> wpe pro - analyzing and intercepting packets
> commview - for analyzing the traffic
> tamper data - firefox addon to intercept packets
> firebug - for debugging and finding vulnerabilites
> tsearch - might help in some cases
> paros proxy - intercepting proxy
> burp suite - intercepting proxy and a lot more
> webscarab (full mode) - intercepting proxy and more

some of those tools have been explained on my wiki, with full detailed examples on how to use them to hack.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Thu Apr 21, 2011 9:47 am
by 123flashchat
123 flashchat is based on Java server, very stable and secure, also very hard to hack.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Thu Apr 21, 2011 4:56 pm
by Sethioz
how exactly is this related to exploiting and hacking 123flashchat ? stay in topic .. if you want to talk about security and how to protect against hacking, open new thread. you have been warned.

and you are WRONG, java is one of the most easiest languages, its extremely easy to exploit and intercept.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Jul 23, 2011 10:12 pm
by rolaz
hi all
please can someone explain me step by step how hack one 123flashchat?
i am noob in hacking

please help :(


ps:sorry for my english i am from greece and i dont know so good english laguage

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Jul 23, 2011 11:08 pm
by Sethioz
@rolaz: everything is explained in this topic, i dont understand what you are asking for. if you talking about basic pc hacking, look on my knowledge database and use SEARCH. there are many good articles on how to do things. do not post here if you dont know how to use some tools, this is 123flashchat specific topic only.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Jul 24, 2011 12:14 am
by rolaz
where need write that:

Code: Select all

    <TalkMsg color="0x333333" fontSize="12" u="0" i="0" b="0" dest_uid="" emotion="e1" msg="blah" />.
??

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Jul 24, 2011 1:05 am
by Sethioz
you dont write it anywhere, this is content of intercepted packet.

you need to learn BASICS first, go to knowledge database and learn how to use packet editors, this topic is not a basic tutorial on how to use such tools, no more of this here.
if you need help with basics tools, read knowledge database (wiki). stop being a lazyass, no1 here will feed you with golden spoon, you want to learn, material is on wiki.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Jul 24, 2011 8:28 pm
by rolaz
ok
thank you :)

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Tue Oct 18, 2011 6:40 pm
by coolkev
Hey Sethioz,


I was a member of a site and the owner went completely insane and banned several loyal members. I was reading over some of the basics/tutorials, but I wasn't quite understanding.

I tried Firebug, Tamper Data, Webscarab, and Commview. Commview was the only one that mildly helped. I was able to see the packets, but unable to edit or resend them.

This is the url to the sites 123flashchat server: http://chat.fratpad.com:35555/

I was unsuccessful trying to crack the admin passwords. I know all 3 usernames, but as for passwords I'm at a blank.

Do you have any idea of anything I could do to find these out? (Also your site is very awesome and detailed)

Thanks,

Kev

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Wed Oct 19, 2011 2:34 pm
by Sethioz
at the moment im not interested in chat hacking at all, however i will tell you how i cracked passwords in tufat flashchat (its not same).
i used Luigi's tool (flashchatz), which he wrote on my request, to massively login/logout with user:pass combinations that it can take from a list.

i set commview to capture it and then i setted the filter, when it recieved the "successful" login packet, then it stops capture.
commview doesn't exactly have "stop" capture function as trigger, so i just made it to trigger some ridiciulous rule that captures no packets at all. some IP or some ridiculous advanced rule to capture some text that doesn't exist.

so once the right combination was sent and server said successful login, commview stopped logging and then i simply checked the last few lines that commview shows and password was there.

however in order to launch this kind of attack, you first have to modify flashchatz to work with 123flashchat. it isnt really hard. i modified it to work with some other chat, which name i don't remember. just research the code of flashchatz and then see what 123flashchat uses and modify where needed. it isnt easy if you know nothing about it, but you only need to change some data that is recieved / sent between chat server and client.

Luigi is not intereseted in chatrooms at all, so there is no point asking him to change it, he only did this one as a favor to me.

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Wed Oct 19, 2011 2:51 pm
by coolkev
Thanks for the reply. I will check it out.


Kev

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Fri Nov 02, 2012 10:05 pm
by online_iran
hi
i want help to hack this flash chat

http://1pars.com/1pars.php

it is working whit 123 flash chat 9.8

may be help me ... plz

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 03, 2012 2:11 am
by Sethioz
read thru the topic and do it yourself

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Mon May 13, 2013 4:25 am
by PrinceSAM
hey bro i need ur help then i hope you will help me plz

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sat Nov 01, 2014 2:59 am
by mrcraigx
Hi, I own a chat site, it's just a small 50 ppl license at the moment as it's kinda new, i have an issue though with another chat owner who relentlessly spams my chat, blocking his ip and ip ranges for proxies don't stop him, lets face it, without email reg it's easy to bypass a ban, i would be willing to let you come and practice in my chat if you teach me how to put the hurt on the syrian fuk who keeps spamming me, come see me at www.chat-vibes.com and we'll chat, look for Stoner Craig UK, thats me. hope we can work together soon.

p.s the boot codes and large font codes from your previous post don't work in his chat, it's figuring out tamper data and how to use what i get that i need clarifying on tbh,

Re: 123flashchat - exploiting / hacking - possible ?!

Posted: Sun Nov 02, 2014 3:28 am
by Sethioz
I can't be bothered to join any chats just to teach someone lol. that's why i have a forum for.