Page 1 of 2

123flashchat - exploiting / hacking - possible ?!

PostPosted: Thu Jun 25, 2009 12:37 am
by ivsolhau
Hi
I'm all new to hacking, and I'm norwegian so pardon my english.
The chat I'd like to mess around with a little is an erotic chat called Eros. It's a norwegian chat and based on the 123flashchat software
To test, go here: http://chat.eros.no/chat.php?page=flashwindowadv&alias=Gjest&password=none&init_location=&skin=clean

What I would like to do is either be able to sniff users IP, or be able to log in as moderator or admin.

If my post here is way out of line, please just delete it :)

sencerely

Ivsolhau

Re: 123flashchat - is it possible?

PostPosted: Thu Jun 25, 2009 11:36 am
by Sethioz
Hey. nothing here is out of line (if its in right sub-forum)

i took a very quick look and it seems that there's lots of stuff that can be done, but i can't test, because some changes are not even seen by client and there's way too many users.
maybe you can host a free site somewhere and then upload that very same flashchat. for example you could use netsons.org (its not english, but you can upload chat there)
you could find some smaller chatroom with less users, but they would prolly boot me in middle of testing, which is annoying.
anyways, here's few ideas:

change font size to HUGE so it covers whole screen or even 10 times of screen.
messing with the emoticons
there's also few more arguments which i have no idea what they do right now, but prolly they are something like ..font color, font type..etc, which means that it is very possible that if you enter 'invalid' value then other users crash.
here's the "message" packet:

Code: Select all
<TalkMsg color="0x333333" fontSize="12" u="0" i="0" b="0" dest_uid="" emotion="e1" msg="blah" />.


as i said, i only took quick look so i don't know if there's admin/mod icons or something, but if yes, then im quite sure you can use them. as you see color can be changed to anything, it is a simple HEX code. also as i said before i don't know what are those "u" "i" and "b" or "dest_uid=". you need your own chat to test in. or well i could test if you can host a chatroom into some freehosting. once you have a place where to test you can just add me to msn and we can test.
i kind a like chatroom hacking and exploiting.

oh yeah and on top of that .. i could prolly write a fake user flooder using Luigi's original flashchatz program, but again it needs testing in controlled environment where you don't get banned during the process.

UPDATE:
already got banned, so obviously it worked. i used WPE pro and sent 99 packets with fontsize set to 90, but since i don't understand a word they saying in there, i can't tell if they banned cuz of spamming or fontsize. ..so need a test chatroom.

Re: 123flashchat - is it possible?

PostPosted: Fri Nov 12, 2010 7:30 pm
by ThEMaDMaN
hi again man ur fast at replying and thanks alooooot coz it will be my second hack lolz first was wep hehe it was fun sooo now i know smthings about the tamper data also and now what is possibly there that i can do ? well i dont have that 123 flash chat client coz its not free lolz well there's a trail but still i dont know how to create a server and all that lolz i suck but what to do have to try smthing well i am trying on that side also i was trying to create a site also but m stuck with the server thing when i open it works but when anyone else opens it works untill login screen and says connection error lolzzzzz i hate that well if u can help me with that also so ill be thankfull opz i got lost so i was saying i dont have the client so how will we test it ? i realllllly wana do it and i reallllllllyyy neeed help m waiting again thanks aloooooooottttttt

Re: 123flashchat - is it possible?

PostPosted: Fri Nov 12, 2010 11:07 pm
by Sethioz
you can google for one where you can test, where's not many ppl visiting.
if you get me a full copy, i could put it up on my hosting too.

Re: 123flashchat - is it possible?

PostPosted: Sat Nov 13, 2010 8:48 am
by ThEMaDMaN
hi again umm this site is for the test perpose there arent many users on it like max 12 or 13 in one room soo this is the one and about the chat client in the trail u get full access just the problem is that only for 30 days so isnt it ok to use the trail for testing ? u can get the trail on the main site of 123 flash chat :) okz ?

Re: 123flashchat - is it possible?

PostPosted: Sat Nov 13, 2010 3:46 pm
by Sethioz
you can test "there" if you found something and think that those 12 ppl will not ban you for testing.
and its TRIAL, not trail, trail is what snails have when they move lol.
and im not putting trial on my hosting, its useless.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sat Nov 13, 2010 10:54 pm
by ThEMaDMaN
lolzzzzzzzzzz n wow okz trial welll what should i test there? and yeah offcourse they will ban me but i can unban my self well its ccleaner gota restart the pc few times and all that n about trial u can put it any site i got a domain also and hosting site also locknerd is also for hosting so u can use that right ? plzzzzzzzz help me out lolz i know its like i dont know anything much lolz but i wana learn so help me outttttttttt

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sat Nov 13, 2010 11:38 pm
by Sethioz
use ccleaner and restart pc to unban yourself ?? wow i dont even know what to say.
what exactly you on about ? you pop up here and saying HELP. i cant help, if you are making no sense. this thread is about 123 flashchat exploiting, not about "lolz" or how to hack using ccleaner and restarting.

all exploits i have found in 123 flashchat are already listen in my first post, i dont understand what you even after.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sun Nov 14, 2010 2:14 am
by ThEMaDMaN
okzz well i am looking for the same thing as u have for flash chat like using kick and ban or chating with other's nick or having admin powers but the software is not working for me its its giving error here's the error details >

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.


For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sun Nov 14, 2010 2:21 am
by Sethioz
that is different flashchat from "tufat flashchat".
you havent figured it out, that exploits for tufat flashchat does not work on other chatrooms ?
what software ? there is no "hacking software" for 123flashchat. or are you talking about some external, if so, post a link. i would like to see other exploits for this chatroom too.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sun Nov 14, 2010 3:20 am
by ThEMaDMaN
ops i forgot to tell i did knew its diffrent but there;s no harm in trying to i tried Extreme FlashChat-X.application yeah the one in this forum soo?

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Fri Nov 19, 2010 3:45 pm
by ThEMaDMaN
okzz no reply from ur side well i was reading another exploit thread on paltalk so i thought of using WPE PRO on the flash site also and i tried also even when i send packets it doesnt work i dont know i mean we can do smthing with that right? i dont know how to use it barly used it so help plz???

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Fri Nov 19, 2010 8:06 pm
by Sethioz
i had nothing to say about so stupid thing. its like saying "it wont do harm to try and drive car in air, instead of airplane". they have completely different protocols.
wpe pro is not for that. use webscarab on full. read on my wiki about webscarab (download links and full tutorials).
you can make permanent filters using proxocket (also on my wiki).

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sat Nov 20, 2010 5:41 pm
by ThEMaDMaN
hii againnn yeah i write nonsence smtimes well okz wow it worked web scarab is working and its attached with my internet explorer okz this is working but next no its not working when i use a smiley or block user or do any kind of things in chat room webscarab intercept window does not comes up ? well i think coz its based on swf and it runs everthing from it ? well i dont know i have this stupid ideas only lolz so what now?? what can i do to hack it ?

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Sat Nov 20, 2010 5:59 pm
by Sethioz
webscarab full works with everything. run it on full mode.
and look what you intercepting. smileys might not use POST parameter, try intercepting each parameter one by one to find out which parameter it uses.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Thu Dec 30, 2010 3:28 pm
by ThEMaDMaN
hey howz u ohk now i tired that long time ago when i read ur post first but nothing works ?? i dont know what to do ? now!!???

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Thu Dec 30, 2010 7:59 pm
by Sethioz
maybe i take another look in it, until then you can test what i have suggested.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Wed Jan 05, 2011 7:09 pm
by ThEMaDMaN
hi howz uu m fine ! umm i tried everything ! i knew !! i have acess of host id and soon will also have admin id but dont know what to do ! plz helpppppp

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Mon Mar 14, 2011 6:42 am
by 123flashchat
to hack 123flashchat is extremely expensive as far as i know, you need to buy a $1000 server to install the chat, then buy the $1499 chat, lol.

Re: 123flashchat - exploiting / hacking - possible ?!

PostPosted: Mon Mar 14, 2011 6:51 pm
by Sethioz
we do not email here, discussions will remain in public, on forum, not via email. so i edit removed the email.