Sethioz Forum

Posted: **Sat Oct 03, 2009 5:22 pm**

you do not need packet for those, i have explained all that in earlier posts.
you just add this s=7 (or whatever it was) to get admin privileges. if you include that in the packet, you can sucessfully use /kick command (should work on gag too, but never tested and i even dont know gag command).

Posted: **Sat Oct 03, 2009 5:36 pm**

Just s=7? I always had that in my ban packet and whenever I tried the command, didn't work.

Do you mean using it from tamper data, or using the privileges from the commands themselves if you add s=7?

Posted: **Sat Oct 03, 2009 9:13 pm**

ugh honostly i don't like when ppl don't read earlier posts and then ask stupid questions, but in same i understand how annoying it is to read thru 100 or more posts.
look at the page 2 and post 10 (think its 10th). i have explained there, with examples, how to get admin privileges.

and yes, you replace it and do /kickout noob1 and user "noob1" will be kicked out. its been over year when i last dealed with it, so i maybe wrong about this /kickout command, but you can either do it with /kickout command or by tampering with the packet directly and replacing whole data.

Posted: **Sun Oct 04, 2009 3:31 am**

I know, I've read, but I'm wondering when I'll be able to execute the command and when it's able to work.

Like for example, with the ban packet, I used it to ban a user off of the chat, am I then able to use the full command?

Posted: **Sun Oct 04, 2009 3:41 pm**

ugh .. IT IS on the 2nd page. i do not understand what you are after. i have explained there how and when.
i have clearly explained how and where it works.

Posted: **Sun Oct 04, 2009 7:54 pm**

I'm sorry for the confusion and irritation, but it doesn't seem to work for me after I used the packet with tamper data. (The command won't work after I submit the tamper and ban/gag/kick someone, and s=7 was added.)

I'm only wondering do I need paros proxy for them to actually work? By reading the first page, I believe you're saying to use the commands after submitting a tamper with s=7 added, but they're still not available for me.

Posted: **Sun Oct 04, 2009 8:03 pm**

no. s=7 does not give you admin rights permanently, it is only per packet. it needs to be present in the packet while you send kick or gag command.
paros proxy can put s=7 automatically into each packet, thats why i used it.
if you want to ban somebody, then you need to have s=7 in the same packet with the /kickout command.

Posted: **Sun Oct 04, 2009 8:35 pm**

Oh, all right. I see now.

Although, on paros, I'm using 3.2.13, and on tools-filter, I enable "Replace HTTP request body using defined pattern", and the response body, right?

Posted: **Sun Oct 04, 2009 8:42 pm**

im not so sure about paros anymore, i used it long time ago. you can test and see what works, then you can use commview or something to capture the packets and see if it is replaced.

Posted: **Sun Oct 04, 2009 9:30 pm**

Ah, all right, thanks, now I get it.

All that's left is to get the kickout packet, I tried getting it from a default chat but it was interpreted as a message because I had to use the command.

Posted: **Mon Oct 05, 2009 2:12 am**

you are making mess.
there is no kickout packet, it is command, which can be used if you have s=7 in the packet.
you make permanent filter with paros and then you just do "/kickout noob"
where "noob" is name of the user you want to kick.

Posted: **Wed Oct 07, 2009 3:07 am**

Ahh, now I see, finally get it now..

I'm guessing this should work with any of the other admin commands.

Posted: **Wed Oct 07, 2009 3:16 am**

i can't remember, but some needed the direct packet and some worked if you made a filter like this.

Posted: **Wed Oct 07, 2009 8:14 pm**

True, some need direct packet and some don't from my testing.

Is there a way to add permanent rooms?

Posted: **Wed Oct 07, 2009 11:55 pm**

im quite sure that room add was also in config. only admin can add perm rooms and not from chatroom, but in settings.

Posted: **Sun Oct 11, 2009 6:21 am**

Looks like someone's been having too much fun banning.. (not me)..

Someone on the chat I usually go to banned me, and I tried tampering with the login but have no clue what I can do to unban myself or even if I'm doing it right..

Posted: **Sun Oct 11, 2009 4:55 pm**

unban yourself ?
as far as i know, bans are either account based (if chat requires you to make account, no guests) or IP based.
so its simple, you either make new account or change your ip.

Posted: **Sat Oct 31, 2009 8:38 pm**

Sethioz wrote:unban yourself ?
as far as i know, bans are either account based (if chat requires you to make account, no guests) or IP based.
so its simple, you either make new account or change your ip.

If you can access the FlashChat room with another username and know the UserID of the banned account, you can unban it using the c=nbanu command in a spoofed admin string.

Code: Select all

sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=****&c=nbanu&cid=1&id=

There are other case commands in the actionscript that can also be used with the admin rights of the "s=7" string if you use the proper syntax in the replaced Post_Data submission. Some of the more useful ones are:

c=gag to Gag
c=ngag for Ungag
c=notf for user Notifications
c=rmu to Remove a user without banning them
c=mvu to Move them to a different room

Posted: **Sat Oct 31, 2009 10:40 pm**

ah nice. i havent tried, but basically if you are planning to seriously screw with some chatroom you should get the userID first ?!
so if you get banned you can login with other user and unban yourself ?

Posted: **Sun Nov 01, 2009 5:01 pm**

Sethioz wrote:ah nice. i havent tried, but basically if you are planning to seriously screw with some chatroom you should get the userID first ?!
so if you get banned you can login with other user and unban yourself ?

Yeah, and register three or four accounts too just in case, especially if the place has active admins/moderators.

Also noticed that some of the places with the chat integrated into a forum use the same UserID numbers for their forum, so clicking on the user's forum profile will bring up a URL that ends in "u=****" -- no need to load up Flashchat Extreme-X to get UserIDs in those cases.

Posted: **Sun Nov 01, 2009 8:45 pm**

ah totally forgot that flashchat-x can get userID, but again it only works for active users. blah i cant even remember. if it was possible to get userID by simply viewing profile or not.

one flashchat i seriously screwed with is now down and gone. so i dont really have interest in it atm.

Posted: **Tue Nov 03, 2009 1:17 am**

I'm getting the following error (translated) when attempting to connect to server using FlashChat Extreme.

There was a non-executed exception in the program. If you click Continue the program will ignore the error and attempt to continue. If you click Cancel the program will close immediately.
Start code 'PARAM' in the line 35 does not match the end code 'OBJECT'. Line 35, position 711.

After that there's an entire list of what's going on, I can post it if you need it. I'm running the program in Windows 7 Ultimate. Is there anything you know about compatibility issues or similar or ways to get it to run anyway?

Posted: **Tue Nov 03, 2009 8:45 am**

most likely it's because of win 7. ive been saying that since vista and win 7 came out. that those two OSs simply suck big time, nothing works in there.
however i did not made flashchat-x, so i can't tell you what is the exact problem.

Posted: **Tue Nov 03, 2009 3:46 pm**

I'm aware. I tried PMing the creator, but it wouldn't allow me to send it.

Posted: **Tue Nov 03, 2009 4:07 pm**

Mizeen wrote:I'm aware. I tried PMing the creator, but it wouldn't allow me to send it.

Windows 7 has a feature called XP Mode that you may download here:

http://www.microsoft.com/windows/virtua ... nload.aspx

This should allow you to run FlashChat Extreme-X on a virtualized copy of XP through Windows 7 without any further issues, assuming the issue really is with Windows 7.

That being said, I run FCE-X on Windows 7 Home Premium 64-bit with no problems. Post the contents of the error if you'd like.

Posted: **Tue Nov 03, 2009 5:37 pm**

I tried PMing the creator, but it wouldn't allow me to send it.

pay attention, i have explained PMing in IMPORTANT. pm on forum doesnt work. only on site.

never heard about some virtual xp in win 7. it also might be admin rights or whatever.
i never had any problems running it on xp.

Posted: **Tue Nov 03, 2009 6:32 pm**

Sethioz wrote:
I tried PMing the creator, but it wouldn't allow me to send it.
pay attention, i have explained PMing in IMPORTANT. pm on forum doesnt work. only on site.

never heard about some virtual xp in win 7. it also might be admin rights or whatever.
i never had any problems running it on xp.

The virtual XP Mode in 7 works very well for programs that you know worked on XP but aren't working on 7, but I really doubt this guy's (girl's?) issue has anything to do with the OS. It sounds like the syntax of the URL they're entering isn't right, or that the getxml.php file isn't in the default location on that server...

Posted: **Tue Nov 03, 2009 6:45 pm**

blah .. just post the error message as a screenshot.
i guess i didnt pay much attention :S
use "attachment" option to upload screenshot ! .. not some upload site.

Posted: **Tue Nov 03, 2009 11:22 pm**

Se slutningen af denne meddelelse, hvis du vil have detaljer om,
hvordan du starter JIT-fejlfinding i stedet for denne dialogboks. (look at the end of this message to see details on how to initiate JIT-debugging instead of this dialog)

Code: Select all

************** Undtagelsestekst ************** (exception text)
System.Xml.XmlException: Startkoden 'PARAM' i linje 35 svarer ikke til slutkoden 'OBJECT'. Linje 35, position 711.
   ved System.Xml.XmlTextReaderImpl.Throw(Exception e)
   ved System.Xml.XmlTextReaderImpl.ThrowTagMismatch(NodeData startTag)
   ved System.Xml.XmlTextReaderImpl.ParseEndElement()
   ved System.Xml.XmlTextReaderImpl.ParseElementContent()
   ved WindowsApplication1.Form1.GetLogINinfo(String t, User bot) i C:\Documents and Settings\Administrator\My Documents\Visual Studio 2005\Projects\flash\flash\Form1.vb:linje 723
   ved WindowsApplication1.Form1.RetreiveInfo(User Bot) i C:\Documents and Settings\Administrator\My Documents\Visual Studio 2005\Projects\flash\flash\Form1.vb:linje 196
   ved WindowsApplication1.Form1.Button2_Click(Object sender, EventArgs e) i C:\Documents and Settings\Administrator\My Documents\Visual Studio 2005\Projects\flash\flash\Form1.vb:linje 71
   ved System.Windows.Forms.Control.OnClick(EventArgs e)
   ved System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   ved System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   ved System.Windows.Forms.Control.WndProc(Message& m)
   ved System.Windows.Forms.ButtonBase.WndProc(Message& m)
   ved System.Windows.Forms.Button.WndProc(Message& m)
   ved System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   ved System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** IndlÃ¦ste assemblies ************** (leaded assemblies)
mscorlib
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
Extreme FlashChat-X
    Assemblyversion: 1.0.0.0
    Win32-version: 1.0.0.0
    CodeBase: file:///C:/Users/Mizeen/AppData/Local/Apps/2.0/WN314V0M.QQD/GJZNQDHD.R9O/extr..tion_144c5564419d635f_0001.0000_21cf55fe090fa44c/Extreme%20FlashChat-X.exe
----------------------------------------
Microsoft.VisualBasic
    Assemblyversion: 8.0.0.0
    Win32-version: 8.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
mscorlib.resources
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
System.XML.resources
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml.resources/2.0.0.0_da_b77a5c561934e089/System.Xml.resources.dll
----------------------------------------
System.Windows.Forms.resources
    Assemblyversion: 2.0.0.0
    Win32-version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_da_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** JIT-fejlfinding ************** (JIG-debugging - I assume you know what this thing means)
Hvis du vil aktivere JIT-fejlfinding, skal vÃ¦rdien jitDebugging indstilles
i afsnittet system.windows.forms i konfigurationsfilen
for programmet eller computeren.
Programmet skal desuden kompileres med fejlfinding
aktiveret.

Eksempel:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

NÃ¥r JIT-fejlfinding er aktiveret, bliver alle ikke-afviklede
undtagelser sendt til den JIT-fejlfindingsfunktion, der er registreret pÃ¥ computeren, i stedet for
at blive afviklet af denne dialogboks.

Edit: I ran the program with a non-existing website as target and it came up with a 404 error instead. So presumably it has something to do the with target. Might be the version of the Flashchat?

Posted: **Wed Nov 04, 2009 9:52 am**

next time use the code block if you post it like this (i already edited your post and put it into code)

have you tried it on other flashchats ?
have you got it working somewhere else at all ?

Posted: **Sun Nov 08, 2009 8:44 pm**

Can I get the full version of Extreme FlashChat-X? I have now figured out the way to hack... thx.

Posted: **Sun Nov 08, 2009 9:31 pm**

honostly i dont care are they douchebags or not. if you wanna fuck them up, go ahead, but try reading the topic.
i have explained everything, you do not need flashchat-x to ban somebody. you need to get their ID and then send the ban packet/message.
honostly i cant even remember my own, was it just the command or whole packet, but it works just fine.
if im correct you need their ID to ban, which you can get easily. as i said, everything is explained here, i know its LONG, but look only my posts.

Posted: **Sun Nov 08, 2009 11:59 pm**

astro wrote:I've got these two douchebags hacking a flashchat client and I want to ban them both. How can I get the full version of Extreme FlashChat-X? I promise I won't abuse it. Or can someone maybe ban them for me please? You'll be my hero. Thanks for any help.

And if you're too lazy for that, I'll do it if you give me a link and their usernames.

Posted: **Mon Nov 09, 2009 12:06 am**

Cool thanks, I'll read the posts and I'll PM you digitaltelepath.

Edit 2: Nevermind I figured it out I think...

Posted: **Mon Nov 09, 2009 12:58 am**

@ astro:
look page 2, somewhere in middle. you can easily find it by the code block. just scroll over the posts and code is in green, like so:

Code: Select all

CODE CODE CODE

there you will find the banning and kicking and such. its very easy to do. you can ip ban those bastards.

PM - pm on forum does not work, use the one on site (sethioz.com)

ATTENTION plz. i have done so much, now its time for you guys to help me out a lil and have fun while doing so :)
http://chat.maxu.eu/ < plz crash this chatroom as much as you can. abuse it, ban admins/mods, kick users, do anything you can and want. destroy it, leave none alive ! take no prisoners !
thanks guys :)

Luigi's flashchatz still works on it. so have fun.

Posted: **Mon Nov 09, 2009 1:49 am**

Yeah thanks I nearly got it I think... but for some reason the chat won't load when I'm using Paros Proxy :(. I don't really know why. Help?

Posted: **Mon Nov 09, 2009 2:02 am**

does other sites load fine thru paros ? if that's the case, then try using something else. if nothing loads, then your settings are wrong.
tamper data - firefox addon, works perfectly, but lil bit annoying to change each packet.
wpe pro - not sure if it works, never tested with browser/s
webscarab (very good one)
burp suite - seems good, but i have never used it in real action

Posted: **Mon Nov 09, 2009 2:12 am**

Yeah it works with the other sites, just not the .php I think for some reason.

Posted: **Mon Nov 09, 2009 2:36 am**

i had problems too with paros, on certain sites. i have no clue what is this.
try using something else.
i have just added another cool gadget into my downloads, called rPE
it might work too, i have never tried it before, test it out !

Posted: **Mon Nov 09, 2009 3:24 pm**

@Astro: Check PMs

@Sethioz: Is rPE a standalone Windows program?

Posted: **Mon Nov 09, 2009 3:28 pm**

Sethioz wrote:does other sites load fine thru paros ? if that's the case, then try using something else. if nothing loads, then your settings are wrong.
tamper data - firefox addon, works perfectly, but lil bit annoying to change each packet.
wpe pro - not sure if it works, never tested with browser/s
webscarab (very good one)
burp suite - seems good, but i have never used it in real action

WPE Pro works, but isn't the most efficient way to go about it, especially if you have a lot of non-browser related things going on (BitTorrenting, IM clients, etc) because you have to filter through all those packets too. That being said, it's the best for more advanced PE'ing... WebScarab and TamperData are both good for the little admin spoofing trick in FlashChat, but not for some of the other things I'm working on right now.

Posted: **Mon Nov 09, 2009 3:55 pm**

WPE pro attaches to a specific process only, so how can you capture all at once ?
you open firefox.exe as process and it will only capture packets sent/recieved by firefox.exe.
it did not work for me, because there was lenght problems. im using webscarab, tamper data and paros.

Posted: **Mon Nov 09, 2009 4:23 pm**

Sethioz wrote:WPE pro attaches to a specific process only, so how can you capture all at once ?
you open firefox.exe as process and it will only capture packets sent/recieved by firefox.exe.
it did not work for me, because there was lenght problems. im using webscarab, tamper data and paros.

You're right, I was confusing it with Packet Analyzer Pro for some reason... Morning brainfail.

I just use TamperData for FlashChat.

Posted: **Sat Dec 19, 2009 2:34 pm**

Code: Select all

http://www.100hala.com/chat

I could not penetrate this site
Please help and explanation

Programs that use the tamperdata
Works

Code: Select all

Bell
    sendAndLoad=%5Btype%20Function%5D&b=13355&c=ring&cid=1&id=
admin icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Aadmin%3A&u=0&b=13862&c=ravt&cid=1&id=

    mod icon:
    sendAndLoad=%5Btype%20Function%5D&a=%3Amod%3A&u=0&b=13862&c=ravt&cid=1&id=
whois packet:    
    sendAndLoad=%5Btype%20Function%5D&s=7&t=%2Fwhois%20teele&r=2&u=0&b=20309&c=msg&cid=1&id=

Please.. Please.. Please.. Please.. help me

Posted: **Sun Dec 20, 2009 1:16 pm**

bro i want 2 ban chatterz frm one chatroom bt i dont noe hw 2 get the user id..plzzz tell me hw 2 get the user id 2 ban...plzzzz i really need it

Posted: **Sun Dec 20, 2009 4:32 pm**

http://www.100hala.com/chat < this does not look like flashchat to me. when i tried to press this button that could be login, it said page not found. makes no sense.

bro i want 2 ban chatterz frm one chatroom bt i dont noe hw 2 get the user id..plzzz tell me hw 2 get the user id 2 ban...plzzzz i really need it

how about you try reading this thread again. it has been explained several times. or you can just use extreme flashchat-x

Posted: **Sun Dec 20, 2009 5:02 pm**

Well, unfortunately this new link
http://www.100hala.com/chat/100hala.php
user name :hi
password :123

Thank you for quick response to the appeal

Unfortunately, I'm not good in English

Posted: **Sun Dec 20, 2009 8:42 pm**

i tested flashchatz on it, but it doesn't seem to send fake users in there. can't do more research atm.
you can try to sniff packets and see, you can always get the id when you log into chat or open pm with 'victim'

Posted: **Mon Dec 21, 2009 8:23 am**

I do not understand all the same lines you are
Can I get an explanation of the program flashchatz

Posted: **Mon Dec 21, 2009 9:23 am**

do u f the other easy way 2 get the user id??

Sethioz Forum

Flashchat exploits, hacks, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more

Re: Flashchat exploits, tools & more