Flashchat exploits, hacks, tools & more

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Well I never fully tested it.. What i did was try to kick myself out and i couldnt!! still needs to be fully tested..

Hmm I look at that.. its a realy great idea.. let me get this release out and i'll work that in the next version.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

if you was able to kick yourself before and then you used the exploit without being logged in as admin and you couldn't kick yourself, then obviously it's working.
however to change chatroom from normal to registered users...its not easy. as far as i remember you have to choose that when installing flashchat onto your site. so i can't be much help with that test. long time ago i used netsons.org to host a free site and then uploaded the test chatroom there..so i can spam it all i want during testing.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

I'll use Xammp and host and run the chat script on ly local machine.. unfotrunately I'll have to download the script first.. I'll find one on one of those torrent sites i guess. Any way I'll do that later Currently working on getting this what i have so for out for release.. Few things to correct and add or change so that hopefully it will install and run error free.. (yeah it has an installer)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

lil bit offtopic, but if you wanna run it locally i suggest you to use virtual machine and install a linux or win server in it. im sure it would come in handy if you are working on such projects that needs testing.

is installer such a good idea ? i personally hate installers, its way better if you just extract the program into a folder and run it.
anyways once you have the final version i can drop it into the "downloads" if you want.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah that will be great!! thank you..

Well concerning the installer it may be necessary as some of the needed components people may not have and it will not work in the same app directory it needs to be registerd.

But taking your concerns into consideration I will release 2 packages. 1 with the installer and the second just unzip and run..

Installer version..

here is the release promised. Its zipped with the read me and package.. (EASY UNINSTALL AND UPGRADE)

let me know if anyone has problems using it so i can fix that in the next release. Please view the readme for instructions on use. BTW you need to left click a user name to set that user as active victum. then right click for additional options.. And you need to have the correct url for it to work ... NO ERROR HANDLING CURRENTLY..

Please provide feedback on the GUI and Functions I know the gui needs improving and it currently a mess but is necessary for develompent. Once its working I will Improve it. Most features are missing cause it isnt implemented yet or take out cause of improper testing..
flashchatextreme.zip
(243.7 KiB) Downloaded 1125 times
Last edited by dark_lord_tnt on Mon Jul 06, 2009 8:35 pm, edited 1 time in total.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Here is the same without the installer. Extract All files to same directory and run flash.exe..
.net frame work is needed.

tested it on a 4 systems with the .net framework and it ran fine. If you have problems you will need to use the installer
Attachments
release_NO_INSTALLER.zip
(41.88 KiB) Downloaded 1052 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

i took a quick look into the one without installer, connected fine and messages seem to be working fine too, however bell didn't seem to work.
also when i right clicked my own name and IP, then nothing seemed to happen.
however GUI looks quite good to me. i only tested in my own chat for now.

btw do you put all the features from Luigi's original flashchatz in it too ? like flooding and such ?
and yeah those alert and announcement messages can also be done with the exploit mentioned here (cant remember it from head)
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

yeah disabled the bell and ip before i released it.. It wasnt tested propperly and it sometimes doesnt seem to work ,, havent paid much attention to it yet. .. yeah everything from the flashchatsz will be included but some will only work on chatrooms you dont have to register with. the flooding for example. But i have found ways to implement something similar with the same effect in registered ones. But those that will take down the server will only be given to certin people (those who are assisting me) like you. All other features I'm guessing, since your hosting the app, will only be avilable to member of your site. When I'm done with this I'll take a look into that pro rooms chat i saw you guys talking about on another post. It should take about a week to have this fully functional.

BTW.. cant find the attributes for the text color of other users,, any idea where I can look ??


BTW looked at the bruteforcer for the admin panel, It does seem possible and i will include it in The MASTER VERSION.. I need a name for this maybe flashchatz 2.0 with Luigi's permission.. I'll ask him.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

Extreme Flashchatz would do, if Luigi is fine with it, but im sure he is if you add credits.

about release, i can put it into downloads in the way you want, for example some light version is available for everybody, then the main version (which you want to release in public) will be available for registered users and the one with all features (which you wanna give only to certain ppl) would either be in Private or not downloadable at all (i can give you the Private section's pass if you want).
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah thanks,, that will be great But I'd prefer you handle that part.. Well luigi said it wouldnt be a good idea to call it flashchatz as its not an upgrade to the original but a different tool all together. He sis however suggest flashchatx,, So putting the two together I think Extreme Flashxhat-X seems good!!.. BTW Can i use your logo on the Flashscreen seeing that its exclusive to your site and your providing a LOT!!! of help you deserve credit for it..

UPDATE!!!
Found Bug that the chat box wasnt scrolling automatically ... >>> FIXED
Found Bug that some user name's appear twice >>> FIXED
Found Bug that causes the Bell , ViewProfile and HackProfile not to work .. >> FIXED (variables wasnt inherited propperly)

Added Code for the KickOut Option, Improved the GUI a BIT
Added Code for Image injection into proflle
Added Code for Script injection Into profile ... XCSS anyone !!!


Found the info i needed for the Ban , unban and other stuff ... THANK YOU Sethioz

I'll be hammering your chatroom a bit to test these commands. I'll try my best not to cause any problems. Thank you again.

I'll Upload version 1.01 in a while 24-36 hrs i guess, should have almost half of everythng in it.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

name sounds good.
yeah you can use the logo and indeed it is unique, made that long time ago.
testing is np, just as long as you don't use the flooding, site has autoban when somebody makes too many connections or too fast.

dark_lord you should check your PM, i sent you the admin pass for chat long ago, but its still unread.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Sethioz I sent you a pm hope you get it..

UPDATE

FIXED the chat box so it now displays user colors
FIXED Resource handler so now it runs faster and free's resource faster.
FIXED User Name List *no more double users (by my testing hope it works)
ANTIBAN dont work on free sites (WILL WORK ON THIS BUT NOT FOR FREE FOR ALL RELEASE)
FIXED the ip problems (not avilable in FREE FOR ALL BUT REGISTED MEMBERS ONLY AND ULTIMATE VERSION)

Ok guys listen up..
The FREE FOR ALL VERSION WILL BE OUT BY TOMORROW (MY TIME)

features
CHAT WITHOUT LOGGING IN as in the preview i released
view hack profile
Inject image into profiles
inject scripts into profiles
Freeze a user (he /she / it wont be able to type unless they log off then back on)
Inject SWF / GIF / JPG directly to a user )comes in handy sending flowers to a girl or porn)
Inject your own smilies to the main room (vanishes when someone types and re appears when you send another including
sound, music etc.. (must be swf file hosted on the internet. upolad them to your home page and thats all you need)
and a few xtras..

LOOK FOR IT!!! in a bit
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

hey Guys!!

Ok In light of some issues i discovered, I've decided not to release the Public Version as yet!! Instead Here is the Public Version Beta for testing. I have 2 Beta Testers Running it as I type this and it works perfectly I have yet to add the smilies, by the time i get that done, It would have been tested and out for release. Maybe 24 hrs or less.. Here is The Beta.. Requires Microsoft .Net frame Work as Before!!! Download from microsoft get the latest version

With installer !!!
Extreme_FlashChat-X_public_test_Installer.zip
(276.68 KiB) Downloaded 1029 times
Without installer
Extreme_FlashChat-X_public_test_No-Installer.zip
(80.52 KiB) Downloaded 1061 times
please leave feedback..

Working on having the release in less than 24hrs..
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

as before i took a quick look, logged into my chat with it and tested messages and few other things, seem to be working, but it lags a lot for me. like huge lag spikes. 1-3 secs lag spikes, i wonder is it because of my ZoneAlarm's 'program control' ?!
need to test it again later without zonealarm.

> PM attachment fixed on site.


EDIT:
how about adding proxy support ? i know i can use proxyfirewall or sockscap or something like that, but if it has proxy support, its better.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah .. but its not a lag .. It updates every 1.9763540745 seconds ,, 3 seconds is an overkill,, i'll look into that.. Consider that the public version.. It had no bugs !!!!! It ran error fee for 24 hrs straight. Feel free to add that to the downloads..


Proxy support will be avilabe in the Ultimate version.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

Public version has been added into Downloads > Programs, you can see them here:
Extreme Flashchat-X public w/ installer
Extreme Flashchat-X public w/o installer
- Downloads section can be accessed directly from Forum, look above into the menu.

refreshing has no lag, but when it recieves info, then it spikes. like when i right click the user, then whole client freezer for 1-2 secs.

you can pm me the ready member's version and ill add that too then, which will be available for registered users.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Yeah thats the 1-2 seconds i was speaking about when it verifys everything so that connection wont teminate. it sends a keep alive packet every 2 seconds and verifys all users and msg's with that data. That lag i can maybe reduce it to a second or so but it will hog internet resources. I'll put an option for it.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Ok some people have probles installing and running cause of missing files.. I hope this fixes that.. full packge!!!

WITH INSTALLER
ALLFILES.zip
(1.76 MiB) Downloaded 1321 times
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Hey all 1 quick update

Found a way to chat as a user!!! well kinda its like hijacking that user and making people think that ,,, that person really said that.. (its called mock user)

Inplemented Sethioz LARGE TEXT.. yep make your messages larger that the rest. Really freaks admins out.

Found a way to freeze admin;'s pc. I forced one to shut down his chat room, SIB couldnt even moderate his own chat room.

Found take town to kill the chat room, well actually everyone thats logged into the same room as you are.

MASS ATTACKS function as DDOS however it kills that chat room server (comp its hosted on) as well as the user your attacking.

Will lower the effects of it for private release but full for ultimate.

BTW with the app admins cant gag you.. Pissed one off so bad he tried to ban and kick and tht didnt work eighter. couldnt get my ip eighter. seems like the app has some unforseen benefits. not sure yet have to test it out. but now http://www.trinishack.com has no more chat room.. Really pissed the admins off. They were jerks and abused their roles anyway.

BOTH PRIVATE AND ULTIMATE WILL BE RELEASED BY WEEKEND..

PS. ULTIMTE VERSIONWILL BE DISTRIBUTED BY Sethioz solely. Only contributors will have axcess to it.

Private is avilable for members only.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

this sounds cool. how does it kill the hosting server lol ? i wanna test this on some chatroom :)
can you pm me that one ?
the large text one i knew before, just never tried in flashchat, however the text works basically in every chatroom.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

ok lets say it creates 1000 random users,, and 1000 random users send 1000' mass unignores per second ,, thats 1000 * 1000 * 1000 commands it has to process, your victims pc will be hith with A DDOS the flash client on the computer will freeze together with explorer ... the side effect is that ther server has to process all these commands, bringing it to ts knees and the one i tested on crashed...

No it will not crash your pc as the pc actually only sends 1 packet every second
that 1 packet contains the 1000 unignores .. basically its
/unignore user
/unignore user
/unignore user

etc etc etc /... /unignore user <br> /unignore user

well you get the point..

I have it seperately havet worked it in yet but i will try to get one out to you!!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

as i said back then, flashchat is like a swiss cheese, so many 'holes' in it.
yeah would be great to see this exploit (in detail), but i also guess that you are right about the part that its not a good idea to post it out in public.
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: Flashchat exploits, tools & more

Post by TeamRetox »

best thing to do with new finds is keep em to yourself, as one day or another one of the tards will tell it to a friend and then it leaks all over the place & suddenly everyone knows about it
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

indeed it happens if you tell to wrong ppl. specially if it's something that can lag the whole hosting. i know where i want to test it, netsons.org. they are such bastards. i will make a free site there, upload chat and hit it. then ill see how much it effects netsons.org and my hosted site there.

specially what i hate is when some of the tards who got it from that 'leak' starts to brag with it and says that he made/discover it.
User avatar
public.enemy
Newbie..
Newbie..
Posts: 2
Joined: Tue Aug 04, 2009 2:24 pm

Re: Flashchat exploits, tools & more

Post by public.enemy »

Hi guys...can anyone teach me on how to actually do this..I really want to exploit this flashchat room...

Thanks
:P
Danielle
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

i agree that its a mess in this topic, but if you read thru all the posts (mostly mine), then its all here.
all the exploits are posted here, if somebody can do this for me, would be great.
do what ? < collect all the exploits i have posted in this topic and put them into notepad, like this:
1. kickout anybody
2. crash chatroom
..etc. then i will update my first post so whoever comes and reads, will be able to find what he/she is looking for easily.

so yeah, just start reading from beginning. everything is here, how to get most of the admin rights, how to crash it, how to flood it..etc
if you need help with specific exploit, then ask away.

also now i suggest using Luigi's proxocket, instead of tamper data, which i mentioned earlier.
User avatar
public.enemy
Newbie..
Newbie..
Posts: 2
Joined: Tue Aug 04, 2009 2:24 pm

Re: Flashchat exploits, tools & more

Post by public.enemy »

Thank you very much Sethioz! I really appreciated. I will look through this forum.. lol..

Sorry..I just hate this site that ruined my reputation, now it's revenge! ugh! I wish I was like you people who can hack and all...

Nonetheless, I love this site!

Danielle
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Hello, Sethioz. I've been "tampering" with flashchat recently, and I know currently how to ring the bell, and how to change my symbol to admin-mod, the only problem I have is, how can I retrieve someone's ID?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

honostly i can't remember it so well anymore, but i think it is on the index of chat, so when you start loading the chatroom, it loads all the IDs too.
if you mean the individual ID, which you can use to pm them, but if you mean the ID to talk under their name, then you can't. well you can, but you would need a cookie stealer.
so it should be enought if you just monitor the packets while connectin into chatroom, it should appear as soon as you enter login info and click login, then it retrieves all IDs (who are currently in chat).

you can also use Extreme Flashchat-X.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

All right, from a little googling and looking back, I found that using this exploit can work for banning:
http://www.derkeiler.com/Mailing-Lists/ ... 00138.html

First, you log in as ROLE_ADMIN with password $req['s'] == 7

Then, go into tamper data, type a message, hit start tamper and enter it, then tamper, edit post data into this ban code :

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=(You NEED your ID here, a simple way to get it is by clicking the "Save" button near the bottom of the chat and message box, and it's in the address.)

Replace the 5581 (after 0&u=) with victim's ID, which you can get using Extreme Flashchat-X

Then hit ok, and the ban popup alert should show up, and they get banned!

The first time the alert showed up and the second time I did it I got disconnected, but the victim WAS banned as well.

Go for it! ;)

And, if you want an easy way to talk under someone's name, (only in main chat, without tamper data, just HTML codes) all you do is log in as </b> and use this in your messages:

/me <font color="#000000">[] 0:00 xm: </font>

Just change the "000000" to the desired victim's color and the 0:00 xm to the time (ex. 4:15 pm) and their name in between the brackets, and it should look exactly as if they sent the message. And if they're also using bold or italic lettering, just put <i></i> or <b></b> in between xm: and </font> but don't forget to put your message in between <i> and such.

Enjoy!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

i know the ban, its already been done by me. you don't need id at end at all, it is enought to add s=7 and it will give you admin rights, you can make a permanent filter with proxocket, so it is enought to type in the ban command and user gets banned.

/me < quite brilliant idea actually, </b> is blank name or something ?
cuz "/me" is used if you wanna talk about yourself in 3rd person, so if </b> is blank name, then yeah it works.
ill test it someday in some big chat and hopefully make a big confusion :)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

quite offtopic, but being annoyed and bored i wanted to annoy ppl in extamil.com chatroom. what i found out is that they don't use flashchat anymore.
why ? ..use your imagination :) this is the second site that has to change their system cuz of me. just on the record, i did not fuck up extamil, i just tested bell and some bans there (only once, until they banned me).
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Sethioz wrote: /me < quite brilliant idea actually, </b> is blank name or something ?
Yep, </b> logs you in as a blank name so it's perfect for impersonating others.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

somebody post some site's that use flashchat, im bored :)
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Here's one that I like to tamper about with often.

http://tailedfox.com/chat/flashchat.php

They use 4.7.11, which means HIGHLY screw able.

And there's also at least 30 users on a day on the flashchat alone, pretty popular place.

:)
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Hey guys,, I know i promised a new release and i havent done that yet with good reason as well. It appears TUFAT took a new direction with flashchat and most (almost all) these exploits will be useless once the server is upgraded to the newer versions.. Anyway it looks like Flashchat Extreme needs to be transfered to version 2.0 (YES U READ RIGHT) The new system will involve java and action script with a php frontend. I aint sure what and what is up with new concept yet but I'm sure darren and his gang will be putting a better foot foward.

Dont think that this means its unexploiatable cause nothing is.. Indeed its a different turn of direction but I for one look foward to this. The FlaschatX will still connect, but some of the features wont work (AS IS). if anyone owns a chat room please upgrade it, post link here and soyce code.

well Sethioz, it looks like u wont be bored much longer!!!

Will still upload the final version of Flashchat X 1.0 but i wont bother inplementing all the features i planned on integrating.

Version 2.0 has started!!!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

im not sure which version you mean, but your flashchatX will still work in all chatrooms that use the older versions.
about year ago i did try the new version of flashchat and it was total failure. as soon as you changed ANY settings, it become corrupt and did not load into chatroom. im talking about settings in the config.ini or whatever it was.
so i don't think they have done anything better in this 'new' version.
i don't have much interest in it atm, but i guess ill take a look at it and if its good ill install it on my site too.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Ok, by inviting someone on a chat while tamper data is started, you can get the person's ID where it says "u=" on the post data, what I just figured out.

But now to figure out, how can you set the amount of time the person's banned for?

EDIT: Here's an awesome code, whoever clicks your name gets redirected to this link or any other you change it to.

<fontsize="13"></i><a href="http://bringvictory.com">Name</a></b>

Change "Name" to the desired name, when they click exactly on the name, they're redirected.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

id can be optained when you send pm to the person too. for sniffing use commview, not tamper data.
tamper data is only useful if you want to tamper with your sent data, before it reaches server.

you can not select the time, it is set in the chatroom's config file by admin. it can only be changed in the config file directly, there is no command for that as far as i know. you would have to download the config file from FTP, then edit it and reupload.

awsome work with the name btw, thanks. do you even realize what it means ? it means you can get malicious code into ppls computer or steal their cookie. for example you can steal admin's cookie, then you can use cookie editor and use admin's cookie to get his privileges. im not sure if flashchat's cookie contains md5 hash of password, but if it does, then you can even crack admin's password like this.

huh ? well yes, you can use cookie stealer. usually it can be done with pictures or something like that, but this name method is nice. basically it is good way to execute your own code inside of somebody's site.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Yeah, very true about the cookie stealing and such..

Now, does anyone here know a gag or kick packet for tamper data? Trying to get one of those.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

you do not need packet for those, i have explained all that in earlier posts.
you just add this s=7 (or whatever it was) to get admin privileges. if you include that in the packet, you can sucessfully use /kick command (should work on gag too, but never tested and i even dont know gag command).
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Just s=7? I always had that in my ban packet and whenever I tried the command, didn't work.

Do you mean using it from tamper data, or using the privileges from the commands themselves if you add s=7?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

ugh honostly i don't like when ppl don't read earlier posts and then ask stupid questions, but in same i understand how annoying it is to read thru 100 or more posts.
look at the page 2 and post 10 (think its 10th). i have explained there, with examples, how to get admin privileges.

and yes, you replace it and do /kickout noob1 and user "noob1" will be kicked out. its been over year when i last dealed with it, so i maybe wrong about this /kickout command, but you can either do it with /kickout command or by tampering with the packet directly and replacing whole data.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

I know, I've read, but I'm wondering when I'll be able to execute the command and when it's able to work.

Like for example, with the ban packet, I used it to ban a user off of the chat, am I then able to use the full command?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

ugh .. IT IS on the 2nd page. i do not understand what you are after. i have explained there how and when.
i have clearly explained how and where it works.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

I'm sorry for the confusion and irritation, but it doesn't seem to work for me after I used the packet with tamper data. (The command won't work after I submit the tamper and ban/gag/kick someone, and s=7 was added.)

I'm only wondering do I need paros proxy for them to actually work? By reading the first page, I believe you're saying to use the commands after submitting a tamper with s=7 added, but they're still not available for me.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

no. s=7 does not give you admin rights permanently, it is only per packet. it needs to be present in the packet while you send kick or gag command.
paros proxy can put s=7 automatically into each packet, thats why i used it.
if you want to ban somebody, then you need to have s=7 in the same packet with the /kickout command.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Oh, all right. I see now.

Although, on paros, I'm using 3.2.13, and on tools-filter, I enable "Replace HTTP request body using defined pattern", and the response body, right?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

im not so sure about paros anymore, i used it long time ago. you can test and see what works, then you can use commview or something to capture the packets and see if it is replaced.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Ah, all right, thanks, now I get it.

All that's left is to get the kickout packet, I tried getting it from a default chat but it was interpreted as a message because I had to use the command.
Post Reply