Hacking a conquer server

well,as we all know the server prolly uses a file to store all the data,right?if we scanned some ports of the server,use a server id(the ports for pharos and the ip then plz) then we could log in,and gain passwords and usernames,right?or isnt it this easy?i saw the bruteforcing thread and i thought id make one with my thaught

1 against the law
2 passwords are encrypted
3 against the law(btw so is bruteforcing)

i dont know about you but i dont wanna have any stuff on my record...so i say screw that..

well,with a good decryptor,using a program that constantly changes ur ip, and netbus i think it should work:p

goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will.
this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?)

p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot :p ( nler of belg btw ?)

yip i would never hack server cuz mayb IP bann <_<

Quote:

Originally posted by n0b0dYsB3tT3r@Jun 18 2006, 19:47 goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will. this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?) p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot :p ( nler of belg btw ?)

lol, I know someone who hacked the TQ server because his char got deleted.

Quote:

Originally posted by Glenn_De_Zot@Jun 18 2006, 18:34 well,as we all know the server prolly uses a file to store all the data,right?if we scanned some ports of the server,use a server id(the ports for pharos and the ip then plz) then we could log in,and gain passwords and usernames,right?or isnt it this easy?i saw the bruteforcing thread and i thought id make one with my thaught

you cant just scan a server for open ports and then just login a port is like a door you can go to it and knock and if there is a programm on the other side it can reply but you dont know what programm is on the other side of the door and not every to tell you the truth nearly no programm lets you get files from the server

so what you could do is write a programm that can communicate with the login server of conquer bruteforce or use a wordlist on account names and passwords but this would take alot of time realy realy alot we dont talk about hours or days we talk about hundreds of years if you dont know the acc name and the password
and they would find you through your ip before you find even one acc and maybe put you in prison :rolleyes:

just as co was written to communicate with the server, you could make a program, based on conquer, because as conquer can read the files, something similar should do the same, if it has the same protocol and sutff

Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database

Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port.

Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.

Quote:

Originally posted by Neuropath+Jun 18 2006, 23:55--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Neuropath @ Jun 18 2006, 23:55)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--n0b0dYsB3tT3r@Jun 18 2006, 19:47 goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will. this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?) p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot :p ( nler of belg btw ?)

lol, I know someone who hacked the TQ server because his char got deleted. [/b][/quote]
sure ya do :rolleyes:

Quote:

Originally posted by iliveoncaffiene@Jun 18 2006, 20:43 Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port. Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.

im pretty sure they use chinese windows, and they dont use any sql... i think they store their data in .ini files lol... my opinion is based on their game coding

Quote:

Originally posted by XtremeX-CO+Jun 19 2006, 04:33--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (XtremeX-CO @ Jun 19 2006, 04:33)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--iliveoncaffiene@Jun 18 2006, 20:43 Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port. Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.

im pretty sure they use chinese windows, and they dont use any sql... i think they store their data in .ini files lol... my opinion is based on their game coding [/b][/quote]
.ini files for local system use. The only other location for any .ini files would be on the web server for directory paths and so on.

You would have to know a few things before attempting to target a server directly.
1. The type of database (FrontBase, MySQL, OpenBase, Oracle, PostgreSQL, SQL Server, Sybase etc... the list goes on.)

2. Is this database located on a dedicated server or is it shared with other types of servers?

Dedicated: This means the the server that runs the DB does not run any other server type functions. This limits the available ports but expands the possible exploits to try depending on the type of DB used

Shared: This means the DB server is also running other server functions, possiby web server or login etc... This means on this system there are more open ports and more vulnerable however this does give you numerous possabilities and the issue is how much time do you want to waste?

3. What type of Server are they running?
Wich one do they use where? (Unix,NT4, Win2k, 2003)

This brings again the issue of what type of process are you to take to try and gain access to the server. Also with every server there's patches. What patch is the server running? Whats exploits exist for that patch?

Yes its possible, highly illegal but doubtfull that any average to intermediate user can do it. You need time patience and brains. Not hard to log such activities on a server and activate another level of security.

I sadly had the pain of working for [Only registered and activated users can see links. Click Here To Register...] building such machines and cloaking them from users.

Quote:

Originally posted by Tw3ak+Jun 18 2006, 22:20--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Tw3ak @ Jun 18 2006, 22:20)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--Neuropath@Jun 18 2006, 23:55 lol, I know someone who hacked the TQ server because his char got deleted.

sure ya do :rolleyes:[/b][/quote]
Those were my thoughts too ;)

well, i know for sure u can hack it without gettin caught.... we just need the right gears....

PS at n0b0dYsB3tT3r:Belg lol,jij ok?