Anykind of character creating

I haven't test this but this should work at private servers, Since when you are creating account the information must be send into server, SO the registering page has the password and other information for the SQL database, If there just would be easy way to get the orginal file players could login into the SQL database and edit their character information

Some servers require special made exploit and into others you can get with simply using FTP to download the account creating page.

After you have got the information you need SQL client to login and edit the information at the SQL database, Now this part requires knowenge from the spefic server so you know where is your character information, You can add items to your character, edit your character or make it even gm if needed - but if you don't want to get caught you probably don't want to do this.

Remember to use proxy so they cannot track you if you use exploit to get the
SQL information.

Using common sense while doing this is required, you don't want to run around in the game yelling that you have the SQL server password.

HÄ?

also ich kann übers ftp mein charackter uploaden veränder und wieder hochladen ?

Quote:

Originally Posted by Klarmach3r HÄ? also ich kann übers ftp mein charackter uploaden veränder und wieder hochladen ?

same in english please.

jop du kannst wenn du es hinbekommst aus der Account Creation Page den Username und des Passwort herauszubekommen in die SQL databse vom Server reinkommen und dort deine gesammten Daten verändern wie zb auhch deinen Status das heist Admin Gm oder noramler Player ;) so kannst du auch admins einen niedrigeren Rank machen und das passwort zur SQL databse ändern so das die admins nicht mehr drauf zugreifen können wobei das unklug wäre weil dann der Server erstmal down is :)

Die ACcountCreation PAge sende ja informationen von deinem eben gemachten Account an die Databank also muss diese eine direkte Verbindung zur Datenbank haben und in der Seite bzw in den Seiteninformationen irgendwo versteckst sitzt das paswort und der accountname :) viel spass beim Suchen heheh

greez

Quote:

he registering page has the password and other information for the SQL database

lol, not too easy , code of registering page dont show this info, it retrieves from sql server using variables

Quote:

After you have got the information you need SQL client to login

even with server ip and login, pass and database name for sql database you cant login because sql server only acceps conections from localhost (127.0.0.1)

possible methods:

SQL inyection, but you need know some working exploit if server has a webpage..

a vulnerability for OS and use an exploit wich gives a shell...

sry for english.- ;P

The easiest way is to get the SAME Privatserverprogramm and read the original code.

After that you can just change some date in the account regestration form.

It sends something like:

blablabla.php?accountname=blabla&accountpwd=blabla &ACCOUNTLEVEL=0&...

you chould change this part to:

blablabla.php?accountname=blabla&accountpwd=blabla &ACCOUNTLEVEL=5&...

You can do this if you take your page from the Privatservertools you downloaded and change the address to the value of the server you want to play on as a GM.

sounds cool .. would be very helpfull if someone got that to work ..
and write a good tutorial with screenshots :)

Das währ nice wenn man sich items geben kann und lvl 70 machen könnte.

Quote:

Originally Posted by Garonte lol, not too easy , code of registering page dont show this info, it retrieves from sql server using variables even with server ip and login, pass and database name for sql database you cant login because sql server only acceps conections from localhost (127.0.0.1) possible methods: SQL inyection, but you need know some working exploit if server has a webpage.. a vulnerability for OS and use an exploit wich gives a shell... sry for english.- ;P

But that would be prety hard and there's high chance that you get banned from the network if you start to literially break into the server.

EDIT:

Quote:

Originally Posted by Garonte lol, not too easy , code of registering page dont show this info, it retrieves from sql server using variables even with server ip and login, pass and database name for sql database you cant login because sql server only acceps conections from localhost (127.0.0.1) possible methods: SQL inyection, but you need know some working exploit if server has a webpage.. a vulnerability for OS and use an exploit wich gives a shell... sry for english.- ;P

If SQL server accepts only connections from home IP then how gms who have SQL access can login? I mean probably servers that don't have gms or gms dont have access to SQL accepts connections only from home but how about the servers that have peoples who are connecting from different IP? Is it limited only to their IP range or you think it's globally open for everyone?

Quote:

Originally Posted by Sordi The easiest way is to get the SAME Privatserverprogramm and read the original code. After that you can just change some date in the account regestration form. It sends something like: blablabla.php?accountname=blabla&accountpwd=blabla &ACCOUNTLEVEL=0&... you chould change this part to: blablabla.php?accountname=blabla&accountpwd=blabla &ACCOUNTLEVEL=5&... You can do this if you take your page from the Privatservertools you downloaded and change the address to the value of the server you want to play on as a GM.

ok, What a shame that i have only 7gig left on my harddrive so i really would't want to download new server programs.

Could someone link into this thread registering pages?

being a noob when it comes to sql .. i asked a friend who is into those things and he told me that it s a good idea but really hard ( impossible ) to realize .. ;(

da ich sehr nooby bin wenn es um sql geht hab ich einen freund gefragt , der sich mit sowat auskennt und der musste mir mit bedauern mitteilen , dass dies ein ding der unmöglichkeit ist .. *traurig in seine ecke zurückzieh*

hoffe dass mich jemand eines besseren belehren kann :)

Quote:

Originally Posted by headshotjoe ok, What a shame that i have only 7gig left on my harddrive so i really would't want to download new server programs. Could someone link into this thread registering pages?

[Only registered and activated users can see links. Click Here To Register...]

here is one :)

Quote:

Originally Posted by RuBiiRuBe [Only registered and activated users can see links. Click Here To Register...] here is one :)

That doesn´t help. ;)
Cause you have to get the code from the original php-site for the account creation.
And it must fit to the privateserver you wanna play on.

Lets say if you play on a Mangos server you can download the mangos server by your own install it on you system an look at the registration page sourcecode.

Otherwise you won´t see anything caus php only creates a html site for you without the needed information.

Warum ist so ein Mist im Exploit Forum?

berechtigte frage .. :rolleyes: