Flashchat exploits, hacks, tools & more

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

what did they fix exactly ?
btw you can also do "/whois" command using the admin privileges exploit to see somebody's IP, if they so stupid that they ban firefox, then you can scare the shit out of them by telling them their own ip and saying that you gonna hack them. usually it works so well.

also long time ago when i first started hacking tufat flashchat, they had newer version, but it did not work. well it worked, but you was unable to change any settings at all. as soon as you changed something (like time settings..etc), then the chat did not load.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

yea i no /profile works too instead of /whois to show ip i tryed that they aint that scared of it lool....these guys have tryed everything to block me including blocking firefox and blocking proxys from entering their site...but once they realized i got through after they blocked proxys they unblocked it.
Last edited by jimmyx02 on Sat Jun 27, 2009 5:12 am, edited 1 time in total.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

as about proxys, you can easily use TOR and then read TOR / Vidalia - how to use specific server/s as exit node. theres thousands of proxy servers and you can set any country as exit node, then you can use paros, webscarab and even burp suite i think to double route. so first your fox connects to your proxy and then proxy connects to TOR.

this is still flashchat topic, but if you get somebody's IP, you can scan it for open ports, lot of ppl have their NetBIOS ports open which allows you to basically get full control over pc or you can get access to their router and ban them from their own router or something (lot of ppl have default admin user and name in their router).

kula: why exactly that site name is not right ?
if somebody keeps messing with your chatroom, then there is a good reason for that (usually is). I first started working on flashchat when i got booted and banned from one chat i used to go, because one stupid girl started to blame me and everybody belived her not me, soo i took steps.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

i only removed it to protect the member not the chatroom.
this is going totally offtopic, do not post such things here, it is still flashchat exploits topic.
jimmyx02
Newbie..
Newbie..
Posts: 14
Joined: Tue Jun 23, 2009 11:26 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by jimmyx02 »

ok ill run some tests on the router ban trick ill get back to u if anything....as for king or wat ever ur name is why not ask me to remove the site link, im the one that posted it lool...site link stays on!!! i will add another later
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

router ban trick ?
as i mentioned, tools like burp suite, webscarab ..etc allows double proxying (or how to call it). firefox > webscarab > proxy

further offtopic posts will be deleted from this topic
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

I need a few Beta Testers as well as Contributors to a continutation of luigi's Flashchatz.. The project involves an upgrade based on the original concept. It will basically be a windows appilication that will exploit all of tufats flaws. The souce is closed but will be given to all contributing coders who are testers.. Testers are required to test the app in all situations as well as test any upgrades made to it, provide feedback to coders so that it can reach it full potential.. its in VB .NET 2005. Currently There are no member to this project besides me. I also require someone to host and distribute the app. Future projects as well. If intrested please contact me.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

so you planning to implant all the exploits ive found into it ? for example you can choose "ban" and then user and hit "go" or "do it" or whatever and it bans the person from chat ?
im not directly interested in it anymore, but you can add me to msn (i will pm you on site, not here, cuz forum's pm does not work) and i can test and help whenever im up for it, but no promises.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah basically everything the Admins can do and a lot more.. Think of it as a windows chat client.
1.) connects a user account
2.) retrives all info, incluing users, ids, rooms, and main chat log (yeah it even brings up the log)
3.) send message to main , or to a user
4.) get user id,
5.) send urgent message

The above is already implemented and works!!!

Yet to implement (proof of concept and trial works for these)
6.) Inject Image in main chat (proof of concept works)
7.) Inject Image in Invite (proof of concept works)
8.) Mass Unignore bombs single or multiple user (proof of concept works and better than i thought alomst like a DDOS attack)
9.) Mass Invite attack on single or multiple user (with Option image injection) .... works just like the above
10.) Kick User
11.) Kick Room
12.) Ban User
13.) Ban Ip
14.) Unban User / ip
15.) Room alert / chat alert
16.) Move User to any room
17.) Gag
18.) Room empty& flood

These work in theory
19. accept pm messages
20.) hijack pm messages
21.) Hijack user message and change contents
22.) Hijack user profile and customize it
23). Customize your own profie with exploit
24.) get user email / chnage password ..

e.g exploited profile...

http://chat.smstt.com/profile.php?user=18663
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

few ideas:

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois)
2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ?
3. talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois) ...

Yes This ih how i did it,, currently it displays it in a text box when you click on it.. (THE APP IS A FULL GUI)

2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ? ..

Thats a Graet idea, unfortunately "i dont yet know" ( will learn ) how to write a cookie stealer,, And i guess it may be possible to implant it as you suggested.. Will work on it..

The Profile hijack uses SQL injection URL based.

.....
talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.

Another great idea,, one i'm currently poundering on,, unfortunately anything i tried thus far sisnt work cause u need both ID's lout and ID.. I can the the lout ID, but havent found a way to get the ID .. I guess the same stealer you mentioned above is the key.. Will work on it.. I'm leaning to the fact you used the ID when you chatted under the dif.. name. I tried it and wound up getting timed out!! :( maybes thats cause i used firefox and tamper.. Its possible that firefox required a reply, but the app will not require one :).. I'll work on it after i finish the rest... ADDING COOKIE / ID stealer and & Chat as another user to list..

If you can remember how you did it.. that will be most helpful.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

HERE IS A SCREEN SHOT
flash.jpg
(62.49 KiB) Downloaded 1589 times
The blacked out piece is something that will not be released in the one for public use.. Only members and people who helped will have axcess to that.. Thats includes by idea's, feedback, coders, and testers,,especially for hosters and distributors.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

As about user cookie, i tried to use those simple cookie stealers available on web, but they never worked for me. however you need to add option "choose cookie stealer".
How it works, is that cookie stealer is a file, like "stealcookie.php" and to get it, you need to make somebody click on that link from inside of other site. for example i can post a javascript on my post with full path to stealcookie.php in it, so when you click on it, then it will store your cookie from current site into that.
So you need to add the 'cookiestealer.php' + the option where to choose it. so for example you can upload the 'cookiestealer.php' to whereever you want and then select the uploaded 'cookiestealer.php' from program, then it will be used. and as about how to make ppl click on it ... well maybe some image or i dunno .. whatever works in flashchat.

one more idea
Anti- boot, ban ..etc - this would work if chatroom thinks that user has admin privileges. admins cannot be kicked, banned ..etc.
alternatively, based on some games, maybe it sends you an 'disconnect' packet, but if you block this packet, then you will stay in chat, however this should not work on ip ban.

maybe also some fontsize would work or some other stuff that would mess up whole screen (like it works in prochat).
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

yeah ,,t sends a lout packet however it wont be processed.. but i aint sure yet. Well have to see how it works but yeah i will try to do something like that.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

well my msn is open if you wanna talk about it in detail. so far what you showed and told .. looks quite good.
User avatar
haco.pk3
Newbie..
Newbie..
Posts: 13
Joined: Fri Jan 23, 2009 10:18 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by haco.pk3 »

mmm indeed this is very sexy tool I like it .dh.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Just an Update!!

I'm Im proving the Chat Box, It now shows the user + Message and updates Itself
Currently there is no need to log in the chat..

I will do some more work on the chat box over the next few days to allow smilies and the user colors.. I'll need somone to rip the smilies form the chat room for me!!! And If I can get someone to give me the packets for all admin commands and well as the irc /me commands .. If not i'll need to set up a server and uplaoad it an all that crap.. If anyone has a chat room that I can get full admin rights to i can do it my self as time permits... ANY CODERS INTRESTED ???

NEW SCREEN SHOT
flash.jpg
(97.98 KiB) Downloaded 1703 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

this is the part where im getting lazy and annoyed, you can easily get all the commands by googling for "flashchat admin commands" or something like that. however if you want to test, then i still have flashchat on my own. look above or look on main page into left menus.
i will pm you the admin password if you need to see and test admin commands.

once again, pm does not work on forum so i have to send it on main site.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Sethioz:: Thats quite ok!! your help thus far was more that i could have asked for. The use of your forum and Chat room was more than i had expected.. I was thinking maybe someone who was reading the post had already had them so i would have saved some time, but getting them isnt a problem..

I will have the first beta finished and packaged over the next day or so.

Update :: Implemented String handling so now the chat box displays the streams in Bolds and italliacs as it would in the
normal chat room.

Profile View and Profile hack works and is fully functional (FOR REGISTED SITE MEMBERS ONLY)

STATUS -- Aint BAN, ANTI KICK , ANTI GAG IMPLEMENTED ( thank you Sethioz for the suggestion and solution)
( Credit given to you for that ... I placed a link to your site as well as your name on the credit list)
(Still has to be tested more though)

testing version will be out within the next day or so I will upload as an attachment to a post here!!, Required are the .net framework (3). Will Include necessary Dll. In installer. But remember the GUI is just for testing the final version will have a different layout and More features. I havent finished all the commands I listed yet I'm just releasing this one (what i have thus far) So you guys can see it and get a better understanding of what I'm going to do.. Look for it at my next Post.!!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

you really got the Anti- thing working ? i never tested it on my own, but it seems that flashchat is even more vulnerable than i tought.

One more idea for you, only when chatroom is for registered users (or maybe for admin). a password cracker (bruteforce and dictionary).
Proof of Concept is working, i used Luigi's flashchatz to crack passwords, how ?
First i converted a wordlist into a user:pass with fixed username, like this:
Admin:pass1
Admin:pass2
Admin:pass3

then i started flooding the chatroom with this file and used commview to capture packets. I can't remember responses from head, but theres few of them.
"WrongPass"
"Successful login"
..and uh really cant remember others, however i made filter so it never captured the wrongpass or the other ones and alarm with a trigger to enable a ridiculous filter (like size=900000). why ? because commview does not have the "stop trigger" so i had to improvise, i added ridiculous filter to stop the capture, at least no packets was logged anymore. then i simply checked the last sent packet and saw what the password was.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Well I never fully tested it.. What i did was try to kick myself out and i couldnt!! still needs to be fully tested..

Hmm I look at that.. its a realy great idea.. let me get this release out and i'll work that in the next version.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

if you was able to kick yourself before and then you used the exploit without being logged in as admin and you couldn't kick yourself, then obviously it's working.
however to change chatroom from normal to registered users...its not easy. as far as i remember you have to choose that when installing flashchat onto your site. so i can't be much help with that test. long time ago i used netsons.org to host a free site and then uploaded the test chatroom there..so i can spam it all i want during testing.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

I'll use Xammp and host and run the chat script on ly local machine.. unfotrunately I'll have to download the script first.. I'll find one on one of those torrent sites i guess. Any way I'll do that later Currently working on getting this what i have so for out for release.. Few things to correct and add or change so that hopefully it will install and run error free.. (yeah it has an installer)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

lil bit offtopic, but if you wanna run it locally i suggest you to use virtual machine and install a linux or win server in it. im sure it would come in handy if you are working on such projects that needs testing.

is installer such a good idea ? i personally hate installers, its way better if you just extract the program into a folder and run it.
anyways once you have the final version i can drop it into the "downloads" if you want.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah that will be great!! thank you..

Well concerning the installer it may be necessary as some of the needed components people may not have and it will not work in the same app directory it needs to be registerd.

But taking your concerns into consideration I will release 2 packages. 1 with the installer and the second just unzip and run..

Installer version..

here is the release promised. Its zipped with the read me and package.. (EASY UNINSTALL AND UPGRADE)

let me know if anyone has problems using it so i can fix that in the next release. Please view the readme for instructions on use. BTW you need to left click a user name to set that user as active victum. then right click for additional options.. And you need to have the correct url for it to work ... NO ERROR HANDLING CURRENTLY..

Please provide feedback on the GUI and Functions I know the gui needs improving and it currently a mess but is necessary for develompent. Once its working I will Improve it. Most features are missing cause it isnt implemented yet or take out cause of improper testing..
flashchatextreme.zip
(243.7 KiB) Downloaded 1125 times
Last edited by dark_lord_tnt on Mon Jul 06, 2009 8:35 pm, edited 1 time in total.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Here is the same without the installer. Extract All files to same directory and run flash.exe..
.net frame work is needed.

tested it on a 4 systems with the .net framework and it ran fine. If you have problems you will need to use the installer
Attachments
release_NO_INSTALLER.zip
(41.88 KiB) Downloaded 1052 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

i took a quick look into the one without installer, connected fine and messages seem to be working fine too, however bell didn't seem to work.
also when i right clicked my own name and IP, then nothing seemed to happen.
however GUI looks quite good to me. i only tested in my own chat for now.

btw do you put all the features from Luigi's original flashchatz in it too ? like flooding and such ?
and yeah those alert and announcement messages can also be done with the exploit mentioned here (cant remember it from head)
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

yeah disabled the bell and ip before i released it.. It wasnt tested propperly and it sometimes doesnt seem to work ,, havent paid much attention to it yet. .. yeah everything from the flashchatsz will be included but some will only work on chatrooms you dont have to register with. the flooding for example. But i have found ways to implement something similar with the same effect in registered ones. But those that will take down the server will only be given to certin people (those who are assisting me) like you. All other features I'm guessing, since your hosting the app, will only be avilable to member of your site. When I'm done with this I'll take a look into that pro rooms chat i saw you guys talking about on another post. It should take about a week to have this fully functional.

BTW.. cant find the attributes for the text color of other users,, any idea where I can look ??


BTW looked at the bruteforcer for the admin panel, It does seem possible and i will include it in The MASTER VERSION.. I need a name for this maybe flashchatz 2.0 with Luigi's permission.. I'll ask him.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

Extreme Flashchatz would do, if Luigi is fine with it, but im sure he is if you add credits.

about release, i can put it into downloads in the way you want, for example some light version is available for everybody, then the main version (which you want to release in public) will be available for registered users and the one with all features (which you wanna give only to certain ppl) would either be in Private or not downloadable at all (i can give you the Private section's pass if you want).
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah thanks,, that will be great But I'd prefer you handle that part.. Well luigi said it wouldnt be a good idea to call it flashchatz as its not an upgrade to the original but a different tool all together. He sis however suggest flashchatx,, So putting the two together I think Extreme Flashxhat-X seems good!!.. BTW Can i use your logo on the Flashscreen seeing that its exclusive to your site and your providing a LOT!!! of help you deserve credit for it..

UPDATE!!!
Found Bug that the chat box wasnt scrolling automatically ... >>> FIXED
Found Bug that some user name's appear twice >>> FIXED
Found Bug that causes the Bell , ViewProfile and HackProfile not to work .. >> FIXED (variables wasnt inherited propperly)

Added Code for the KickOut Option, Improved the GUI a BIT
Added Code for Image injection into proflle
Added Code for Script injection Into profile ... XCSS anyone !!!


Found the info i needed for the Ban , unban and other stuff ... THANK YOU Sethioz

I'll be hammering your chatroom a bit to test these commands. I'll try my best not to cause any problems. Thank you again.

I'll Upload version 1.01 in a while 24-36 hrs i guess, should have almost half of everythng in it.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

name sounds good.
yeah you can use the logo and indeed it is unique, made that long time ago.
testing is np, just as long as you don't use the flooding, site has autoban when somebody makes too many connections or too fast.

dark_lord you should check your PM, i sent you the admin pass for chat long ago, but its still unread.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Sethioz I sent you a pm hope you get it..

UPDATE

FIXED the chat box so it now displays user colors
FIXED Resource handler so now it runs faster and free's resource faster.
FIXED User Name List *no more double users (by my testing hope it works)
ANTIBAN dont work on free sites (WILL WORK ON THIS BUT NOT FOR FREE FOR ALL RELEASE)
FIXED the ip problems (not avilable in FREE FOR ALL BUT REGISTED MEMBERS ONLY AND ULTIMATE VERSION)

Ok guys listen up..
The FREE FOR ALL VERSION WILL BE OUT BY TOMORROW (MY TIME)

features
CHAT WITHOUT LOGGING IN as in the preview i released
view hack profile
Inject image into profiles
inject scripts into profiles
Freeze a user (he /she / it wont be able to type unless they log off then back on)
Inject SWF / GIF / JPG directly to a user )comes in handy sending flowers to a girl or porn)
Inject your own smilies to the main room (vanishes when someone types and re appears when you send another including
sound, music etc.. (must be swf file hosted on the internet. upolad them to your home page and thats all you need)
and a few xtras..

LOOK FOR IT!!! in a bit
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

hey Guys!!

Ok In light of some issues i discovered, I've decided not to release the Public Version as yet!! Instead Here is the Public Version Beta for testing. I have 2 Beta Testers Running it as I type this and it works perfectly I have yet to add the smilies, by the time i get that done, It would have been tested and out for release. Maybe 24 hrs or less.. Here is The Beta.. Requires Microsoft .Net frame Work as Before!!! Download from microsoft get the latest version

With installer !!!
Extreme_FlashChat-X_public_test_Installer.zip
(276.68 KiB) Downloaded 1029 times
Without installer
Extreme_FlashChat-X_public_test_No-Installer.zip
(80.52 KiB) Downloaded 1062 times
please leave feedback..

Working on having the release in less than 24hrs..
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

as before i took a quick look, logged into my chat with it and tested messages and few other things, seem to be working, but it lags a lot for me. like huge lag spikes. 1-3 secs lag spikes, i wonder is it because of my ZoneAlarm's 'program control' ?!
need to test it again later without zonealarm.

> PM attachment fixed on site.


EDIT:
how about adding proxy support ? i know i can use proxyfirewall or sockscap or something like that, but if it has proxy support, its better.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by dark_lord_tnt »

Yeah .. but its not a lag .. It updates every 1.9763540745 seconds ,, 3 seconds is an overkill,, i'll look into that.. Consider that the public version.. It had no bugs !!!!! It ran error fee for 24 hrs straight. Feel free to add that to the downloads..


Proxy support will be avilabe in the Ultimate version.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits - flashchatz and more ! boot, ban..etc !

Post by Sethioz »

Public version has been added into Downloads > Programs, you can see them here:
Extreme Flashchat-X public w/ installer
Extreme Flashchat-X public w/o installer
- Downloads section can be accessed directly from Forum, look above into the menu.

refreshing has no lag, but when it recieves info, then it spikes. like when i right click the user, then whole client freezer for 1-2 secs.

you can pm me the ready member's version and ill add that too then, which will be available for registered users.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Yeah thats the 1-2 seconds i was speaking about when it verifys everything so that connection wont teminate. it sends a keep alive packet every 2 seconds and verifys all users and msg's with that data. That lag i can maybe reduce it to a second or so but it will hog internet resources. I'll put an option for it.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Ok some people have probles installing and running cause of missing files.. I hope this fixes that.. full packge!!!

WITH INSTALLER
ALLFILES.zip
(1.76 MiB) Downloaded 1321 times
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

Hey all 1 quick update

Found a way to chat as a user!!! well kinda its like hijacking that user and making people think that ,,, that person really said that.. (its called mock user)

Inplemented Sethioz LARGE TEXT.. yep make your messages larger that the rest. Really freaks admins out.

Found a way to freeze admin;'s pc. I forced one to shut down his chat room, SIB couldnt even moderate his own chat room.

Found take town to kill the chat room, well actually everyone thats logged into the same room as you are.

MASS ATTACKS function as DDOS however it kills that chat room server (comp its hosted on) as well as the user your attacking.

Will lower the effects of it for private release but full for ultimate.

BTW with the app admins cant gag you.. Pissed one off so bad he tried to ban and kick and tht didnt work eighter. couldnt get my ip eighter. seems like the app has some unforseen benefits. not sure yet have to test it out. but now http://www.trinishack.com has no more chat room.. Really pissed the admins off. They were jerks and abused their roles anyway.

BOTH PRIVATE AND ULTIMATE WILL BE RELEASED BY WEEKEND..

PS. ULTIMTE VERSIONWILL BE DISTRIBUTED BY Sethioz solely. Only contributors will have axcess to it.

Private is avilable for members only.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

this sounds cool. how does it kill the hosting server lol ? i wanna test this on some chatroom :)
can you pm me that one ?
the large text one i knew before, just never tried in flashchat, however the text works basically in every chatroom.
dark_lord_tnt
Allie
Allie
Posts: 45
Joined: Sat Jul 04, 2009 5:51 pm

Re: Flashchat exploits, tools & more

Post by dark_lord_tnt »

ok lets say it creates 1000 random users,, and 1000 random users send 1000' mass unignores per second ,, thats 1000 * 1000 * 1000 commands it has to process, your victims pc will be hith with A DDOS the flash client on the computer will freeze together with explorer ... the side effect is that ther server has to process all these commands, bringing it to ts knees and the one i tested on crashed...

No it will not crash your pc as the pc actually only sends 1 packet every second
that 1 packet contains the 1000 unignores .. basically its
/unignore user
/unignore user
/unignore user

etc etc etc /... /unignore user <br> /unignore user

well you get the point..

I have it seperately havet worked it in yet but i will try to get one out to you!!
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

as i said back then, flashchat is like a swiss cheese, so many 'holes' in it.
yeah would be great to see this exploit (in detail), but i also guess that you are right about the part that its not a good idea to post it out in public.
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: Flashchat exploits, tools & more

Post by TeamRetox »

best thing to do with new finds is keep em to yourself, as one day or another one of the tards will tell it to a friend and then it leaks all over the place & suddenly everyone knows about it
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

indeed it happens if you tell to wrong ppl. specially if it's something that can lag the whole hosting. i know where i want to test it, netsons.org. they are such bastards. i will make a free site there, upload chat and hit it. then ill see how much it effects netsons.org and my hosted site there.

specially what i hate is when some of the tards who got it from that 'leak' starts to brag with it and says that he made/discover it.
User avatar
public.enemy
Newbie..
Newbie..
Posts: 2
Joined: Tue Aug 04, 2009 2:24 pm

Re: Flashchat exploits, tools & more

Post by public.enemy »

Hi guys...can anyone teach me on how to actually do this..I really want to exploit this flashchat room...

Thanks
:P
Danielle
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

i agree that its a mess in this topic, but if you read thru all the posts (mostly mine), then its all here.
all the exploits are posted here, if somebody can do this for me, would be great.
do what ? < collect all the exploits i have posted in this topic and put them into notepad, like this:
1. kickout anybody
2. crash chatroom
..etc. then i will update my first post so whoever comes and reads, will be able to find what he/she is looking for easily.

so yeah, just start reading from beginning. everything is here, how to get most of the admin rights, how to crash it, how to flood it..etc
if you need help with specific exploit, then ask away.

also now i suggest using Luigi's proxocket, instead of tamper data, which i mentioned earlier.
User avatar
public.enemy
Newbie..
Newbie..
Posts: 2
Joined: Tue Aug 04, 2009 2:24 pm

Re: Flashchat exploits, tools & more

Post by public.enemy »

Thank you very much Sethioz! I really appreciated. I will look through this forum.. lol..

Sorry..I just hate this site that ruined my reputation, now it's revenge! ugh! I wish I was like you people who can hack and all...

Nonetheless, I love this site!

Danielle
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

Hello, Sethioz. I've been "tampering" with flashchat recently, and I know currently how to ring the bell, and how to change my symbol to admin-mod, the only problem I have is, how can I retrieve someone's ID?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Flashchat exploits, tools & more

Post by Sethioz »

honostly i can't remember it so well anymore, but i think it is on the index of chat, so when you start loading the chatroom, it loads all the IDs too.
if you mean the individual ID, which you can use to pm them, but if you mean the ID to talk under their name, then you can't. well you can, but you would need a cookie stealer.
so it should be enought if you just monitor the packets while connectin into chatroom, it should appear as soon as you enter login info and click login, then it retrieves all IDs (who are currently in chat).

you can also use Extreme Flashchat-X.
Laqueum
Newbie..
Newbie..
Posts: 17
Joined: Mon Aug 31, 2009 1:42 am

Re: Flashchat exploits, tools & more

Post by Laqueum »

All right, from a little googling and looking back, I found that using this exploit can work for banning:
http://www.derkeiler.com/Mailing-Lists/ ... 00138.html

First, you log in as ROLE_ADMIN with password $req['s'] == 7

Then, go into tamper data, type a message, hit start tamper and enter it, then tamper, edit post data into this ban code :

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=(You NEED your ID here, a simple way to get it is by clicking the "Save" button near the bottom of the chat and message box, and it's in the address.)

Replace the 5581 (after 0&u=) with victim's ID, which you can get using Extreme Flashchat-X

Then hit ok, and the ban popup alert should show up, and they get banned!

The first time the alert showed up and the second time I did it I got disconnected, but the victim WAS banned as well.

Go for it! ;)

And, if you want an easy way to talk under someone's name, (only in main chat, without tamper data, just HTML codes) all you do is log in as </b> and use this in your messages:

/me <font color="#000000">[] 0:00 xm: </font>

Just change the "000000" to the desired victim's color and the 0:00 xm to the time (ex. 4:15 pm) and their name in between the brackets, and it should look exactly as if they sent the message. And if they're also using bold or italic lettering, just put <i></i> or <b></b> in between xm: and </font> but don't forget to put your message in between <i> and such.

Enjoy!
Post Reply