A Traitor in our mist

Awww Kitsunepaws, you felt like you had to tell conquer but not us?!?

Kitsunepaws post : [Only registered and activated users can see links. Click Here To Register...]

Can you share with us or is it too late now ;)

Sorry, this hack is wayyyy to serious to release here.
I won't have any script kiddies ripping the server apart.

Also, This site from what I have seen is mostly macros. And little exploits. Unless you have linux, knowledge of mysql, and a security scanner, and the IP of the server. This hack is useless to you

Oh man, If I got ahold of details I could definatly make something out of it =D

Well, f**k it...
Stupid GMs..
Here
Those of you that can read this
Have fun
There 2 services that are running on all
the servers
One is an OLD exploitable version of
mySQL. It can have all sorts of shit
done to it... DoS attackes, and most
importantly... It accepts 0 length passwords
so you could log into root
with no password, have fun trying to get ahold
of a client that will let you send one though.

Second thing that is a big security risk
Is all the game servers are running
Terminal Services
For those of you that don't know what
that is....
It's also called REMOTE DESKTOP CONNECTION
=) Have fun with those brute force programs kiddies!

Edit: No vulgarities xP

So someone could run port scanners on them and determine what services are open. Then depending on what the results are they could try default passwords and brute forceing on and of the remote connections.

And what is being held on the server with MySQL?

can u help me get some acc from my server?.. i dnt like some ppl..:(

any joy in brute forcing it? when i get back from my office i'll have a play ;)

When I get home today I will do a full port and vulnerablity scan on the login server, game server and site server.

Have fun :)
And I am going to guess
that mysql
probably holds
err I dont know..
all the player info
monster data?

Well say I find a vulnerablity in the the MySQL and I somehow get it to pull up a list of player accounts and then I would have to download their encrypted password file for any one account and proceed to crack it.

hey kitsunepaws, you could make quite a buisness out of this, lots of people get hacked, and since half of the people who were hacked arnt the original owners, theres now way for them to get there password back. since there not original owners GM's wont do a damn thing, you could charge like a db for each account u get back.

HINT HINT WINK WINK ;)

wifes account was hacked the other day, shes not original owner so now shes screwd......

HINT HINT WINK WINK ;)

lmao, I could.. But Knowledge is free.
:)
So I won't be charging anything for anything I discover
*HACK THE PLANET!*

Karma to anybody who knows where that's from :P
Anyways..
Mysql is pretty much open from what I understand
You pull the playernames in plain text, you pull the passwords in plain text :)

Be careful though... massive exploitation with this, will cause server roll back ^.~

i dunno what mysql is or any other programs that people use, im not that great with using programs, so im offerin a db to whoever tells me what her password is :)

*HACK THE PLANET!*

isnt that from the movie hackers?????