Flashchat exploits, hacks, tools & more

[dark_lord_tnt]

1. Retrieve all users IPs (proof of concept works) and save into a file maybe. (works with my admin privilege exploit and /whois) ...

Yes This ih how i did it,, currently it displays it in a text box when you click on it.. (THE APP IS A FULL GUI)

2. Steal user's cookie - in theory it should work if you know how to write a cookie stealer and implant it into an message or smile.
i think it is something like your hijack user profile, or is it ? or is it the user id ? ..

Thats a Graet idea, unfortunately "i dont yet know" ( will learn ) how to write a cookie stealer,, And i guess it may be possible to implant it as you suggested.. Will work on it..

The Profile hijack uses SQL injection URL based.

.....
talk under other names
a standalone feature, which will allow you to choose a victim from list and talk under that name (with autoupdate which sees who enteres room). this can be done either by stealing the ID or cookie. i sucessfully talked under other name, but i can't remember what i used, id or whole cookie.

Another great idea,, one i'm currently poundering on,, unfortunately anything i tried thus far sisnt work cause u need both ID's lout and ID.. I can the the lout ID, but havent found a way to get the ID .. I guess the same stealer you mentioned above is the key.. Will work on it.. I'm leaning to the fact you used the ID when you chatted under the dif.. name. I tried it and wound up getting timed out!! maybes thats cause i used firefox and tamper.. Its possible that firefox required a reply, but the app will not require one .. I'll work on it after i finish the rest... ADDING COOKIE / ID stealer and & Chat as another user to list..

If you can remember how you did it.. that will be most helpful.

[dark_lord_tnt]

HERE IS A SCREEN SHOT

flash.jpg

(62.49 KiB) Downloaded 1589 times

The blacked out piece is something that will not be released in the one for public use.. Only members and people who helped will have axcess to that.. Thats includes by idea's, feedback, coders, and testers,,especially for hosters and distributors.

[Sethioz]

As about user cookie, i tried to use those simple cookie stealers available on web, but they never worked for me. however you need to add option "choose cookie stealer".
How it works, is that cookie stealer is a file, like "stealcookie.php" and to get it, you need to make somebody click on that link from inside of other site. for example i can post a javascript on my post with full path to stealcookie.php in it, so when you click on it, then it will store your cookie from current site into that.
So you need to add the 'cookiestealer.php' + the option where to choose it. so for example you can upload the 'cookiestealer.php' to whereever you want and then select the uploaded 'cookiestealer.php' from program, then it will be used. and as about how to make ppl click on it ... well maybe some image or i dunno .. whatever works in flashchat.

one more idea
Anti- boot, ban ..etc - this would work if chatroom thinks that user has admin privileges. admins cannot be kicked, banned ..etc.
alternatively, based on some games, maybe it sends you an 'disconnect' packet, but if you block this packet, then you will stay in chat, however this should not work on ip ban.

maybe also some fontsize would work or some other stuff that would mess up whole screen (like it works in prochat).

[dark_lord_tnt]

yeah ,,t sends a lout packet however it wont be processed.. but i aint sure yet. Well have to see how it works but yeah i will try to do something like that.

[Sethioz]

well my msn is open if you wanna talk about it in detail. so far what you showed and told .. looks quite good.

[haco.pk3]

mmm indeed this is very sexy tool I like it

[dark_lord_tnt]

Just an Update!!

I'm Im proving the Chat Box, It now shows the user + Message and updates Itself
Currently there is no need to log in the chat..

I will do some more work on the chat box over the next few days to allow smilies and the user colors.. I'll need somone to rip the smilies form the chat room for me!!! And If I can get someone to give me the packets for all admin commands and well as the irc /me commands .. If not i'll need to set up a server and uplaoad it an all that crap.. If anyone has a chat room that I can get full admin rights to i can do it my self as time permits... ANY CODERS INTRESTED ???

NEW SCREEN SHOT

flash.jpg

(97.98 KiB) Downloaded 1703 times

[Sethioz]

this is the part where im getting lazy and annoyed, you can easily get all the commands by googling for "flashchat admin commands" or something like that. however if you want to test, then i still have flashchat on my own. look above or look on main page into left menus.
i will pm you the admin password if you need to see and test admin commands.

once again, pm does not work on forum so i have to send it on main site.

[dark_lord_tnt]

Sethioz:: Thats quite ok!! your help thus far was more that i could have asked for. The use of your forum and Chat room was more than i had expected.. I was thinking maybe someone who was reading the post had already had them so i would have saved some time, but getting them isnt a problem..

I will have the first beta finished and packaged over the next day or so.

Update :: Implemented String handling so now the chat box displays the streams in Bolds and italliacs as it would in the
normal chat room.

Profile View and Profile hack works and is fully functional (FOR REGISTED SITE MEMBERS ONLY)

STATUS -- Aint BAN, ANTI KICK , ANTI GAG IMPLEMENTED ( thank you Sethioz for the suggestion and solution)
( Credit given to you for that ... I placed a link to your site as well as your name on the credit list)
(Still has to be tested more though)

testing version will be out within the next day or so I will upload as an attachment to a post here!!, Required are the .net framework (3). Will Include necessary Dll. In installer. But remember the GUI is just for testing the final version will have a different layout and More features. I havent finished all the commands I listed yet I'm just releasing this one (what i have thus far) So you guys can see it and get a better understanding of what I'm going to do.. Look for it at my next Post.!!

[Sethioz]

you really got the Anti- thing working ? i never tested it on my own, but it seems that flashchat is even more vulnerable than i tought.

One more idea for you, only when chatroom is for registered users (or maybe for admin). a password cracker (bruteforce and dictionary).
Proof of Concept is working, i used Luigi's flashchatz to crack passwords, how ?
First i converted a wordlist into a user:pass with fixed username, like this:
Admin:pass1
Admin:pass2
Admin:pass3

then i started flooding the chatroom with this file and used commview to capture packets. I can't remember responses from head, but theres few of them.
"WrongPass"
"Successful login"
..and uh really cant remember others, however i made filter so it never captured the wrongpass or the other ones and alarm with a trigger to enable a ridiculous filter (like size=900000). why ? because commview does not have the "stop trigger" so i had to improvise, i added ridiculous filter to stop the capture, at least no packets was logged anymore. then i simply checked the last sent packet and saw what the password was.

[dark_lord_tnt]

Well I never fully tested it.. What i did was try to kick myself out and i couldnt!! still needs to be fully tested..

Hmm I look at that.. its a realy great idea.. let me get this release out and i'll work that in the next version.

[Sethioz]

if you was able to kick yourself before and then you used the exploit without being logged in as admin and you couldn't kick yourself, then obviously it's working.
however to change chatroom from normal to registered users...its not easy. as far as i remember you have to choose that when installing flashchat onto your site. so i can't be much help with that test. long time ago i used netsons.org to host a free site and then uploaded the test chatroom there..so i can spam it all i want during testing.

[dark_lord_tnt]

I'll use Xammp and host and run the chat script on ly local machine.. unfotrunately I'll have to download the script first.. I'll find one on one of those torrent sites i guess. Any way I'll do that later Currently working on getting this what i have so for out for release.. Few things to correct and add or change so that hopefully it will install and run error free.. (yeah it has an installer)

[Sethioz]

lil bit offtopic, but if you wanna run it locally i suggest you to use virtual machine and install a linux or win server in it. im sure it would come in handy if you are working on such projects that needs testing.

is installer such a good idea ? i personally hate installers, its way better if you just extract the program into a folder and run it.
anyways once you have the final version i can drop it into the "downloads" if you want.

[dark_lord_tnt]

Yeah that will be great!! thank you..

Well concerning the installer it may be necessary as some of the needed components people may not have and it will not work in the same app directory it needs to be registerd.

But taking your concerns into consideration I will release 2 packages. 1 with the installer and the second just unzip and run..

Installer version..

here is the release promised. Its zipped with the read me and package.. (EASY UNINSTALL AND UPGRADE)

let me know if anyone has problems using it so i can fix that in the next release. Please view the readme for instructions on use. BTW you need to left click a user name to set that user as active victum. then right click for additional options.. And you need to have the correct url for it to work ... NO ERROR HANDLING CURRENTLY..

Please provide feedback on the GUI and Functions I know the gui needs improving and it currently a mess but is necessary for develompent. Once its working I will Improve it. Most features are missing cause it isnt implemented yet or take out cause of improper testing..

flashchatextreme.zip

(243.7 KiB) Downloaded 1137 times

[dark_lord_tnt]

Here is the same without the installer. Extract All files to same directory and run flash.exe..
.net frame work is needed.

tested it on a 4 systems with the .net framework and it ran fine. If you have problems you will need to use the installer

[Sethioz]

i took a quick look into the one without installer, connected fine and messages seem to be working fine too, however bell didn't seem to work.
also when i right clicked my own name and IP, then nothing seemed to happen.
however GUI looks quite good to me. i only tested in my own chat for now.

btw do you put all the features from Luigi's original flashchatz in it too ? like flooding and such ?
and yeah those alert and announcement messages can also be done with the exploit mentioned here (cant remember it from head)

[dark_lord_tnt]

yeah disabled the bell and ip before i released it.. It wasnt tested propperly and it sometimes doesnt seem to work ,, havent paid much attention to it yet. .. yeah everything from the flashchatsz will be included but some will only work on chatrooms you dont have to register with. the flooding for example. But i have found ways to implement something similar with the same effect in registered ones. But those that will take down the server will only be given to certin people (those who are assisting me) like you. All other features I'm guessing, since your hosting the app, will only be avilable to member of your site. When I'm done with this I'll take a look into that pro rooms chat i saw you guys talking about on another post. It should take about a week to have this fully functional.

BTW.. cant find the attributes for the text color of other users,, any idea where I can look ??


BTW looked at the bruteforcer for the admin panel, It does seem possible and i will include it in The MASTER VERSION.. I need a name for this maybe flashchatz 2.0 with Luigi's permission.. I'll ask him.

[Sethioz]

Extreme Flashchatz would do, if Luigi is fine with it, but im sure he is if you add credits.

about release, i can put it into downloads in the way you want, for example some light version is available for everybody, then the main version (which you want to release in public) will be available for registered users and the one with all features (which you wanna give only to certain ppl) would either be in Private or not downloadable at all (i can give you the Private section's pass if you want).

[dark_lord_tnt]

Yeah thanks,, that will be great But I'd prefer you handle that part.. Well luigi said it wouldnt be a good idea to call it flashchatz as its not an upgrade to the original but a different tool all together. He sis however suggest flashchatx,, So putting the two together I think Extreme Flashxhat-X seems good!!.. BTW Can i use your logo on the Flashscreen seeing that its exclusive to your site and your providing a LOT!!! of help you deserve credit for it..

UPDATE!!!
Found Bug that the chat box wasnt scrolling automatically ... >>> FIXED
Found Bug that some user name's appear twice >>> FIXED
Found Bug that causes the Bell , ViewProfile and HackProfile not to work .. >> FIXED (variables wasnt inherited propperly)

Added Code for the KickOut Option, Improved the GUI a BIT
Added Code for Image injection into proflle
Added Code for Script injection Into profile ... XCSS anyone !!!


Found the info i needed for the Ban , unban and other stuff ... THANK YOU Sethioz

I'll be hammering your chatroom a bit to test these commands. I'll try my best not to cause any problems. Thank you again.

I'll Upload version 1.01 in a while 24-36 hrs i guess, should have almost half of everythng in it.

[Sethioz]

name sounds good.
yeah you can use the logo and indeed it is unique, made that long time ago.
testing is np, just as long as you don't use the flooding, site has autoban when somebody makes too many connections or too fast.

dark_lord you should check your PM, i sent you the admin pass for chat long ago, but its still unread.

[dark_lord_tnt]

Sethioz I sent you a pm hope you get it..

UPDATE

FIXED the chat box so it now displays user colors
FIXED Resource handler so now it runs faster and free's resource faster.
FIXED User Name List *no more double users (by my testing hope it works)
ANTIBAN dont work on free sites (WILL WORK ON THIS BUT NOT FOR FREE FOR ALL RELEASE)
FIXED the ip problems (not avilable in FREE FOR ALL BUT REGISTED MEMBERS ONLY AND ULTIMATE VERSION)

Ok guys listen up..
The FREE FOR ALL VERSION WILL BE OUT BY TOMORROW (MY TIME)

features
CHAT WITHOUT LOGGING IN as in the preview i released
view hack profile
Inject image into profiles
inject scripts into profiles
Freeze a user (he /she / it wont be able to type unless they log off then back on)
Inject SWF / GIF / JPG directly to a user )comes in handy sending flowers to a girl or porn)
Inject your own smilies to the main room (vanishes when someone types and re appears when you send another including
sound, music etc.. (must be swf file hosted on the internet. upolad them to your home page and thats all you need)
and a few xtras..

LOOK FOR IT!!! in a bit

[dark_lord_tnt]

hey Guys!!

Ok In light of some issues i discovered, I've decided not to release the Public Version as yet!! Instead Here is the Public Version Beta for testing. I have 2 Beta Testers Running it as I type this and it works perfectly I have yet to add the smilies, by the time i get that done, It would have been tested and out for release. Maybe 24 hrs or less.. Here is The Beta.. Requires Microsoft .Net frame Work as Before!!! Download from microsoft get the latest version

With installer !!!

Extreme_FlashChat-X_public_test_Installer.zip

(276.68 KiB) Downloaded 1048 times

Without installer

Extreme_FlashChat-X_public_test_No-Installer.zip

(80.52 KiB) Downloaded 1082 times

please leave feedback..

Working on having the release in less than 24hrs..

[Sethioz]

as before i took a quick look, logged into my chat with it and tested messages and few other things, seem to be working, but it lags a lot for me. like huge lag spikes. 1-3 secs lag spikes, i wonder is it because of my ZoneAlarm's 'program control' ?!
need to test it again later without zonealarm.

> PM attachment fixed on site.


EDIT:
how about adding proxy support ? i know i can use proxyfirewall or sockscap or something like that, but if it has proxy support, its better.

[dark_lord_tnt]

Yeah .. but its not a lag .. It updates every 1.9763540745 seconds ,, 3 seconds is an overkill,, i'll look into that.. Consider that the public version.. It had no bugs !!!!! It ran error fee for 24 hrs straight. Feel free to add that to the downloads..


Proxy support will be avilabe in the Ultimate version.

[Sethioz]

Public version has been added into Downloads > Programs, you can see them here:
Extreme Flashchat-X public w/ installer
Extreme Flashchat-X public w/o installer
- Downloads section can be accessed directly from Forum, look above into the menu.

refreshing has no lag, but when it recieves info, then it spikes. like when i right click the user, then whole client freezer for 1-2 secs.

you can pm me the ready member's version and ill add that too then, which will be available for registered users.

[dark_lord_tnt]

Yeah thats the 1-2 seconds i was speaking about when it verifys everything so that connection wont teminate. it sends a keep alive packet every 2 seconds and verifys all users and msg's with that data. That lag i can maybe reduce it to a second or so but it will hog internet resources. I'll put an option for it.

[dark_lord_tnt]

Ok some people have probles installing and running cause of missing files.. I hope this fixes that.. full packge!!!

WITH INSTALLER

ALLFILES.zip

(1.76 MiB) Downloaded 1333 times

[dark_lord_tnt]

Hey all 1 quick update

Found a way to chat as a user!!! well kinda its like hijacking that user and making people think that ,,, that person really said that.. (its called mock user)

Inplemented Sethioz LARGE TEXT.. yep make your messages larger that the rest. Really freaks admins out.

Found a way to freeze admin;'s pc. I forced one to shut down his chat room, SIB couldnt even moderate his own chat room.

Found take town to kill the chat room, well actually everyone thats logged into the same room as you are.

MASS ATTACKS function as DDOS however it kills that chat room server (comp its hosted on) as well as the user your attacking.

Will lower the effects of it for private release but full for ultimate.

BTW with the app admins cant gag you.. Pissed one off so bad he tried to ban and kick and tht didnt work eighter. couldnt get my ip eighter. seems like the app has some unforseen benefits. not sure yet have to test it out. but now http://www.trinishack.com has no more chat room.. Really pissed the admins off. They were jerks and abused their roles anyway.

BOTH PRIVATE AND ULTIMATE WILL BE RELEASED BY WEEKEND..

PS. ULTIMTE VERSIONWILL BE DISTRIBUTED BY Sethioz solely. Only contributors will have axcess to it.

Private is avilable for members only.

[Sethioz]

this sounds cool. how does it kill the hosting server lol ? i wanna test this on some chatroom :)
can you pm me that one ?
the large text one i knew before, just never tried in flashchat, however the text works basically in every chatroom.

[dark_lord_tnt]

ok lets say it creates 1000 random users,, and 1000 random users send 1000' mass unignores per second ,, thats 1000 * 1000 * 1000 commands it has to process, your victims pc will be hith with A DDOS the flash client on the computer will freeze together with explorer ... the side effect is that ther server has to process all these commands, bringing it to ts knees and the one i tested on crashed...

No it will not crash your pc as the pc actually only sends 1 packet every second
that 1 packet contains the 1000 unignores .. basically its
/unignore user
/unignore user
/unignore user

etc etc etc /... /unignore user <br> /unignore user

well you get the point..

I have it seperately havet worked it in yet but i will try to get one out to you!!

[Sethioz]

as i said back then, flashchat is like a swiss cheese, so many 'holes' in it.
yeah would be great to see this exploit (in detail), but i also guess that you are right about the part that its not a good idea to post it out in public.

[TeamRetox]

best thing to do with new finds is keep em to yourself, as one day or another one of the tards will tell it to a friend and then it leaks all over the place & suddenly everyone knows about it

[Sethioz]

indeed it happens if you tell to wrong ppl. specially if it's something that can lag the whole hosting. i know where i want to test it, netsons.org. they are such bastards. i will make a free site there, upload chat and hit it. then ill see how much it effects netsons.org and my hosted site there.

specially what i hate is when some of the tards who got it from that 'leak' starts to brag with it and says that he made/discover it.

[public.enemy]

Hi guys...can anyone teach me on how to actually do this..I really want to exploit this flashchat room...

Thanks
:P
Danielle

[Sethioz]

i agree that its a mess in this topic, but if you read thru all the posts (mostly mine), then its all here.
all the exploits are posted here, if somebody can do this for me, would be great.
do what ? < collect all the exploits i have posted in this topic and put them into notepad, like this:
1. kickout anybody
2. crash chatroom
..etc. then i will update my first post so whoever comes and reads, will be able to find what he/she is looking for easily.

so yeah, just start reading from beginning. everything is here, how to get most of the admin rights, how to crash it, how to flood it..etc
if you need help with specific exploit, then ask away.

also now i suggest using Luigi's proxocket, instead of tamper data, which i mentioned earlier.

[public.enemy]

Thank you very much Sethioz! I really appreciated. I will look through this forum.. lol..

Sorry..I just hate this site that ruined my reputation, now it's revenge! ugh! I wish I was like you people who can hack and all...

Nonetheless, I love this site!

Danielle

[Laqueum]

Hello, Sethioz. I've been "tampering" with flashchat recently, and I know currently how to ring the bell, and how to change my symbol to admin-mod, the only problem I have is, how can I retrieve someone's ID?

[Sethioz]

honostly i can't remember it so well anymore, but i think it is on the index of chat, so when you start loading the chatroom, it loads all the IDs too.
if you mean the individual ID, which you can use to pm them, but if you mean the ID to talk under their name, then you can't. well you can, but you would need a cookie stealer.
so it should be enought if you just monitor the packets while connectin into chatroom, it should appear as soon as you enter login info and click login, then it retrieves all IDs (who are currently in chat).

you can also use Extreme Flashchat-X.

[Laqueum]

All right, from a little googling and looking back, I found that using this exploit can work for banning:
http://www.derkeiler.com/Mailing-Lists/ ... 00138.html

First, you log in as ROLE_ADMIN with password $req['s'] == 7

Then, go into tamper data, type a message, hit start tamper and enter it, then tamper, edit post data into this ban code :

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=(You NEED your ID here, a simple way to get it is by clicking the "Save" button near the bottom of the chat and message box, and it's in the address.)

Replace the 5581 (after 0&u=) with victim's ID, which you can get using Extreme Flashchat-X

Then hit ok, and the ban popup alert should show up, and they get banned!

The first time the alert showed up and the second time I did it I got disconnected, but the victim WAS banned as well.

Go for it! ;)

And, if you want an easy way to talk under someone's name, (only in main chat, without tamper data, just HTML codes) all you do is log in as </b> and use this in your messages:

/me <font color="#000000">[] 0:00 xm: </font>

Just change the "000000" to the desired victim's color and the 0:00 xm to the time (ex. 4:15 pm) and their name in between the brackets, and it should look exactly as if they sent the message. And if they're also using bold or italic lettering, just put <i></i> or <b></b> in between xm: and </font> but don't forget to put your message in between <i> and such.

Enjoy!

[Sethioz]

i know the ban, its already been done by me. you don't need id at end at all, it is enought to add s=7 and it will give you admin rights, you can make a permanent filter with proxocket, so it is enought to type in the ban command and user gets banned.

/me < quite brilliant idea actually, </b> is blank name or something ?
cuz "/me" is used if you wanna talk about yourself in 3rd person, so if </b> is blank name, then yeah it works.
ill test it someday in some big chat and hopefully make a big confusion :)

[Sethioz]

quite offtopic, but being annoyed and bored i wanted to annoy ppl in extamil.com chatroom. what i found out is that they don't use flashchat anymore.
why ? ..use your imagination :) this is the second site that has to change their system cuz of me. just on the record, i did not fuck up extamil, i just tested bell and some bans there (only once, until they banned me).

[Laqueum]

/me < quite brilliant idea actually, </b> is blank name or something ?

Yep, </b> logs you in as a blank name so it's perfect for impersonating others.

[Sethioz]

somebody post some site's that use flashchat, im bored :)

[Laqueum]

Here's one that I like to tamper about with often.

http://tailedfox.com/chat/flashchat.php

They use 4.7.11, which means HIGHLY screw able.

And there's also at least 30 users on a day on the flashchat alone, pretty popular place.

:)

[dark_lord_tnt]

Hey guys,, I know i promised a new release and i havent done that yet with good reason as well. It appears TUFAT took a new direction with flashchat and most (almost all) these exploits will be useless once the server is upgraded to the newer versions.. Anyway it looks like Flashchat Extreme needs to be transfered to version 2.0 (YES U READ RIGHT) The new system will involve java and action script with a php frontend. I aint sure what and what is up with new concept yet but I'm sure darren and his gang will be putting a better foot foward.

Dont think that this means its unexploiatable cause nothing is.. Indeed its a different turn of direction but I for one look foward to this. The FlaschatX will still connect, but some of the features wont work (AS IS). if anyone owns a chat room please upgrade it, post link here and soyce code.

well Sethioz, it looks like u wont be bored much longer!!!

Will still upload the final version of Flashchat X 1.0 but i wont bother inplementing all the features i planned on integrating.

Version 2.0 has started!!!

[Sethioz]

im not sure which version you mean, but your flashchatX will still work in all chatrooms that use the older versions.
about year ago i did try the new version of flashchat and it was total failure. as soon as you changed ANY settings, it become corrupt and did not load into chatroom. im talking about settings in the config.ini or whatever it was.
so i don't think they have done anything better in this 'new' version.
i don't have much interest in it atm, but i guess ill take a look at it and if its good ill install it on my site too.

[Laqueum]

Ok, by inviting someone on a chat while tamper data is started, you can get the person's ID where it says "u=" on the post data, what I just figured out.

But now to figure out, how can you set the amount of time the person's banned for?

EDIT: Here's an awesome code, whoever clicks your name gets redirected to this link or any other you change it to.

<fontsize="13"></i><a href="http://bringvictory.com">Name</a></b>

Change "Name" to the desired name, when they click exactly on the name, they're redirected.

[Sethioz]

id can be optained when you send pm to the person too. for sniffing use commview, not tamper data.
tamper data is only useful if you want to tamper with your sent data, before it reaches server.

you can not select the time, it is set in the chatroom's config file by admin. it can only be changed in the config file directly, there is no command for that as far as i know. you would have to download the config file from FTP, then edit it and reupload.

awsome work with the name btw, thanks. do you even realize what it means ? it means you can get malicious code into ppls computer or steal their cookie. for example you can steal admin's cookie, then you can use cookie editor and use admin's cookie to get his privileges. im not sure if flashchat's cookie contains md5 hash of password, but if it does, then you can even crack admin's password like this.

huh ? well yes, you can use cookie stealer. usually it can be done with pictures or something like that, but this name method is nice. basically it is good way to execute your own code inside of somebody's site.

[Laqueum]

Yeah, very true about the cookie stealing and such..

Now, does anyone here know a gag or kick packet for tamper data? Trying to get one of those.