Sethioz Forum

dude learn something about computers first. you are asking totally dumb things.
only way to get id is to get it out of the packet. you either do it manually by looking at the packet or use extreme flashchat-x.
and that is the easy way...

Im not really sure but i dont think people have covered this yet but most flashchat v5 are vulnerable. Just use the index page not the loading chat one. like such as. www.e-radio24.com/chat/flashchat.php
go to this instead www.e-radio24.com/chat/index.php view source and scroll down.
ull find this below the languages and the pass to login as a admin is 15111959 use the admin panel for this site the password will be 15111959 its below the languages when u veiw the source on the sites index page

<!-- onClick="javascript:alert(session_inst.value);"
To login as a moderator, use <b>15111959</b> as the password.
To login as a spy, use <b>1959</b> as the password. These passwords can be set in the FlashChat configuration file.
-->
<font color="Red"><b> To login as an administrator, moderator or spy, please use the passwords found in FlashChat's
configuration file, with any username.
</b></font>

www.e-radio24.com/chat/admin/index.php u can go change the password and and take over the chat but sometimes it will become a register only chat after you do this.

haha, didnt know that. i once tried flashchat 5, but it fucked up totally. i mean that i was unable to change settings at all. if i changed settings, then flashchat page was just white, did not load.

Sethioz wrote::)
im sure there's more things that can be done, i just haven't exploited it more. Tried banning and booting only once and also same with talking under other names. boot worked, but im not sure what i did. think i used admin ID, but everyone can be admin if you use right password.
you can just mess around with tamper data and commview can be useful too.

oh yes. and you can create unbootable users lol, but you cant talk under them. you simply have to send the "join" packet again with different username (username has to be in same lenght or packet checksum is not same and it wont deliver) so the user you send with packets will appear, but is unbootable.

i know im about to sound stupid. :/ but whats the join packet? i use tamper quite alot..and being baned at one place i go to is being quite annoying. the mods there are snobs too :/ (i use the html name that logs off and sends a user to another site but they figured out how to get past that) so im pretty much on my own :/

join packet is the packet which sends the "join" request to the chatroom.
it is where you have user and password in it.

oh ok i see. thank you

Possibly there is a way to find packets for tamper data. I think theres something called WPE or WEP Pro which sniffs out packets from certaint websites.
The thing is though u may want to turn off your anti virus atm cuz it counts as a virus to your anti virus.

yes, WPE pro, but i like commview more. indeed both of them will be detected as some "hacker tool" or "sniffer". WPE pro is available on my site and it is 100% trustable. i do not put malware on my site.

do you know you can use the /move packet too? pisses ppl off faster then hell lol. you can only get a person who has a name with no space though, as a matter of fact, the whois packet is perfect, you just change whois to move. and same with kick, basicly you only need one packet to do those three. though the kickout @ is abit harder, diffrent packet i think. that one kicks the whole chat, only an admin can stay in. speaking of that, is there anyway to keep yourself in the chat with tamperata after a kickout @ you do yourself? also, im just wondering, i doubt you could do this but is it possable to send more then one packet with tamper data, i pretty much know you cant, but ive missed things before. im just asking that, dont answer if you cant, just ignore the question lol, its just there as an option. haha eh heck since im asking a stupid question ill ask this one, is it possable to make a permanate room with tamper data, a chat i go to only has one room, and it has a max limit of 5. users have to make more rooms in order for more to log on, and unless there is a private rooms some where, which sends the user to a null room(in side the pvt room only it calls it null becuase your not really supposed to be there) which just cuases more problems, as the user cant honestly get out of that room, on there screen at least. thats why i need to know that to fix this problem.

didnt even know about /move.
i think i know how i solved the space problem (space in name). think i right clicked somebody's name as admin (or left click, whatever gives the menu) and then i chose kickout and recorded the packet. there was some small trick to use the space in names, but im very sure i got it working.

tamper data is not best to use, i suggest using webscarab or paros proxy.
you can also use proxocket (aluigi.org) to write your own permanent filters. so for example when you enter any chatroom you will have the half admin rights (ones where you do not have to modify packets). like the ones where you just type "/kickout noob1"
as i explained you can also do that with paros, but paros will only allow ONE filter at a time, while in proxocket there are no limits, you just need to know about C lil bit, in order to modify the .c code and compile it.

ah, well i tryed to figure out how to do space in name myself last night, and i tryed over and over. i finaly got it when i did a ban on a person with a space, i tampered it all the way though and saved it then looked at the packet, something like %26quote is part of it. thats all i know, that or i did the kickout @ packet too, ..or mabye names. idk lol

if somebody would have a chatroom where i can test for me, then post it up (PM me on site if you dont want your chatroom in public). i deleted mine, because it was useless, nobody used it.
so i guess i could give it a try.

i have a random flashchat, no one ever uses it. idc if anyone has it, i use it to test things out myself its http://www.vendorpartycentral.com/chat/flashchat.php
the only thing that might be a problem is that its a diff version but everything should work.

Hey Guys Whats up??

Sorry for being away for a while just got home a few days ago,, and we're having some problems here in the caribbean with earthquakes and volcanoes :(.. Any way, just wanted to let you guys know that flashchat-X is back in development and a new edition will be avilable soon, One that does not lag??? its the update control that causes this!. I'll be giving sethios the source code as well so if you guys want it contact him.. Its written in C# . (well the new one any way). If you guys have any new exploits you want included please let me know .. ps see you in a few... HAPPY new year BTW.

BTW I need a server for testing .. One which some one here owns and are will to give me admin rights for it !!

BTW Sethioz,,
s=7
/unban user

will unban any user including you!!


try this before you log in

(capture a unban packet and save it,, change your log in packet to this packet then log in :)"


use s=7...!!!!

/showbans

/kickroom

if you want to make it even better and more awsome, how about adding the imitate options ?
for example if you want to imitate somebody, you right click and select "imitate", then flashchat-x will get the packet from that person and uses his font. also it will log you out and logs you in with that invisible name "</b>" and automatically uses "/me" before the line.
that would be great. its easy to make, but takes time to get all the data and then replicate it.

imitate is already included ,, its in the menu when you right click!!

not in the way u suggested but its there ..... I will included your's in the next release,, I'll call it "blind chatter"

how about "ghost mode" ? sounds interesting :)
hope to see it soon.
going offtopic with this, but i hope you take a look into prochatrooms too, i could really use that.

hey guys what's up. i am new here. is there a program i can use for extreme flashchat?

what exactly you mean for ? extreme flashchat-x IS a program.

ok.

dark_lord_tnt wrote:BTW I need a server for testing .. One which some one here owns and are will to give me admin rights for it !!

sutpid thing to ask, but do you mean a flashchat, that you can be an admin of? i have quite afew. they are just default passed ones, the pass hasent changed, so its still just adminpass, the one i put above is one of them. they are all dead too, no one uses them.

if you guys have interest in it, what about hosting a chatroom for testing purposes ?
you can open a freehosting account on netsons.org, fateback.com ..etc and upload a chatroom there. those hostings will give you a datebase and everything. however fateback.com had some limits and some php/html/flash applications may not work properly.

also could somebody (who has interest) read thru this thread and write down all explotis demonstrated here and PM them to me, so i could update my FIRST post in this thread, then it is easier for new comers.

guid70 > do not post unnecessary things, read RULES (rule number 4).

ok sorry. let me explain myself clearly....i am eager to learn few things of this site because i find this is an interesting forums as i went through all of it and I do want to know more about the forum. Is there anything I can learn from this site? Like how do i create my own program and stuff like that? Thanks.
Other matters, is that when i went on smstt chatroom, i was being kicked out of the room for no reason and i don't know why. Is there something i could stop them from kicking me out because I didn't do anything wrong. It is not like i want to kick ppl out unless they make negative comments about me that makes me angry, i would kick them out. I just want to make sure there is no violence. And again Sethioz, i followed your rules. Sorry. I wish i had been more clearer before. So any help or suggestions would be greatly appreciated. Thanks again.

ghost mode ???? u mean log in as a spy and still send messages and stuff :)
log in with these

username - spy
pass - spypass

username = (hit space bar 4 times)
pass - anyting (use a room u dont have to create an account for)

Thanks for the room link !!! @shadowslash!! I might mess it up a bit though cause i want to implement stuff to chane the message of the day! log in greetings as well as create bots and stuff!!

I've decided to include everything in the last official version of this release,, before tufat changes the core in the future release (most likely soon)..

prochatrooms.. Yeah For Certin!!! I'll look into it in a few ,, but I wont develop for it as yet.. I am putting my efforts off to flashchatX for a full BLAZE OF GLORY,,,, screw up servers release!!

hey guid70 (recgonise me!!!) that idiot on smstt who logs in with an admin account and keeps banning everyone.. USE Flashchat X and keep kicking his but.. In my next release I'm implementing auto kick for people like him..

dark_tnt_lord i have seen you before, but i haven't seen you on smstt chat for a long time so i guess you're probably busy creating programs and stuff. As i am aware of admin's intention is to ban or kick ppl out and he is trying to lure ppl into using his own site called trinishack.com as you are whether or not familiar with it so he can ban everyone.
Everyone knows who admin is, but what is funny is that admin impersonate anyone from the room list, making them think that they are "real" instead of being himself.
Ok i downloaded flashchat x and i'm seeing it ask for username and password. You can private message me if you want or tell me here. Thanks. I want to kick that idiot admin if he tries anything stupid with me. Also i want to know about MSN messenger. I will explain later when you get this message.

1.) launch flashchat X
2.) click on settings and In your case @?? enter http://chat.smstt.com leave getxml as is..
3,) click ok then enter your username and password (the one u normally use)
4.) click connect..

Thats it your done.. the rest is basically straight foward.. click a name on the list,, right click for options etc..

BTW his name is Darren Ghanny,, better know as sean, weed, and a whole bunch of other fake name he uses,, he doesnt imposinate crap.. and he actually does use an admin account.. no hacking done there!!!

no discussion about chatrooms here, it is still thread for flashchat exploits and bugs.

dark_lord_tnt what are you planning to put into new version ?
what did you meant with the auto kick ?
anyways i can put full version into private downloads if you want and public version (not so dangerous) into downloads.

oh!! Sorry :(

autokick is simply this.. you can set to to automatically kick out a user / users as soon as they log in..

the new version..
1.) improved core (working on now) that will remove the lag (hopefully)
2.) better GUI
3.) smilies
4.) site manipulation (like MOTD, Bots greetings etc)
5.) room creation and moving to different rooms
6.) forcing a user to change rooms
7.) site flooding (multiple logins and outs, bell flood, etc)
8.) auto hack!!! (for a user, gets his ip, brute forces modem, screws up settings)


9... something i call ,,, ]
the Antikythera Mechanism (PROOF OF CONCEPT)
This is my theory based on information i have gathered. It was originally concived to bring down any server / pc / phone any damn thing with an ip address. Unstoppable, un preventable. The details of which i will not share at this time. I will not be trying it fully in this version nor any future versions.. what u will get is a watered down concept, targeted specifically as flashchat servers.. WARNING IF THIS WORKS IT WILL COMPLETELY Incompacitate THE TARGET MACHINE !!!
It is not designed to ever be used nor will i ever endorse or be responible for such.. Its simply to show that the concept wll work....

not like thats ever going to stop u guys from using it ...

Almost forgot...
Already implemented unban me, unban user ,, unban all...
Yep it works,, u can unban yourself even if your ip was banned and without even being logged into the chat room..

Look at prochatrooms.

I think i have a few tricks up my sleeve will have to try them.. BTW anyone got the scripts for it ??? Prochatroomns thats is the one you install on your server.. ??

offtopic: > further discussion about pro chatrooms goes into > Pro ChatRooms hacks / exploits / vulnerabilities

LOL quick update guys!! found why some of the commands didn't work..
while i was testing I hard coded a url in the code so it only worked on that site..

1.) Improved core.. works much better, auto clears the chat box now, doesn't lag (as much).

2.) antiban didnt work on some servers (dont know why yet!) any way I made a few adjustments.

3.) changed the Hack profile.. now you can save a html page (or some type of webscript) as jpg file. upload it to a remote
server and inject the link directly into the user profile.. (GIVES ENDLESS POSSIBILITIES)

thats it for now.


added this Saturday my time..

Wont be including, floods and other stuff that involves stressing the server.. its to dangerous if misused.. (for public version)

However the private version will have The Antikythera Mechanism.. which SHOULD NEVER BE USED.. only if u own a server and you want to test the concept then.. But i wont condone the use of it..

another update..

Included ban and unban functions..
the unban only works if your logged in and it will unban any account, no matter if it was banned by ip, room or chat.

in 3 version of flash chat 4.7 5.1 5.2 etc
ban doesnt work!!!!! in 4.7 it displays the message u were banned by, but he user doesnt actually get banned. and in 5.1 + it doesnt do anything.
My guess is some variables are getting set when the user logs in with the admin pass, that doesnt actually get sent i the packets. I'll have to find these and find a way to set them my self and this may take a while. If anyone has any ideas on this I'm all ears..

Working on a bruteforcer for the admin password .. this is the classic dictionary / random attack which takes time. anyone who knows another way to gain access or to simulate access and execute the functions without actually being in the admin panel ,, please let me know.

I'm all ears for suggestions on those two.

5.x never even worked for me as i said.
as about bruteforcing, i used Luigi's flashchatz to bruteforce.
huh ? yes, im smart :) i used commview to make a rule, so if server sent a packet that "successful login" then it stopped logging of packets and then i just looked into last packet and got the right login.
i just edited my wordlists to be i the following format:
Admin:pass1
Admin:pass2
etc..
so you could easily make bruteforcer and also dictionary attacker, well my attack wasn't really bruteforce, more like dict, because bruteforce is pointless, its too slow if doing it remotely.

quite true,, 'll leave that out and only use the dict.. method. BTW got ban to work on some servers, unban works on all except if user was banned by ip then it doesnt work on some

you could add proxy support, it would be kickass method. like add support for proxy, but only to connect !
as i have explained, it is enought if the "join" packet is sent from other ip, then even "/whois" command shows wrong ip (the one that was used to join). /whois doesn't do live check, it takes the one that was sent while joining. so you can make a proxy support, where you set proxy (TOR for example as proxy) and as soon as it sends join packet to server, it will automatically disable proxy. that would bypass IP bans.

yeah actually ,, I'm working on that..

If that shit works then the creator of flashchat must be the biggest moron ever o__O

If that shit works then the creator of flashchat must be the biggest moron ever o__O

you mean the IP trick ? yes it does work, i have tested it.
i just suggested dlt to make an automatic proxy support, that it sends join packet thru proxy and then disables.

GOOD NEWS.. Its almost ready for release.. more than likely tomorrow.. just testing at the bit..

version 2...

well compiled release.. I'll release a propper one with installer later.. to busy drinking celebrating ..

any way here it is.. if you have the onld one installed just replace the files with these

nice work, i will give it a test and then add into downloads.

I tried the new version on flashchat 6.0.6 and I couldn't see ips of the users, but I could (as a regular user) kick users and the room :P
Trying to ban a user, ended up just kicking that user.

Are these limitations of the public release? or things now fixed in 6.0.6? lol

if im correct, then this release is for 4.xxx
i haven't tested it properly tho. just lot of mess lately.

It isnt limitations.. some of the protocols have changed..
So i will realease more compatable versions as necessary.. i tested it in 6.0 and it worked,, that room may just have restrictions in it.

unban messes up, when i click valid name and unban it gives error:
look at the attached pic.