Resending packets

drixnak · 06/21/2010, 20:30

So I was able to use wireshark to capture packets and then I attempted to retransmit them after identifying which packets were being used. It appears that they're using SSL, but I'm not 100% sure. Anyway, resending the packets failed and gave me a TCP error message from their server. I tried editing the identification numbers on the packets and predict the next sequence numbers and stuff, but no go. Anyone know what they're using to identify a resent packet?

TheOnlyOne652089 · 06/22/2010, 05:36

Quote:

Originally Posted by drixnak

So I was able to use wireshark to capture packets and then I attempted to retransmit them after identifying which packets were being used. It appears that they're using SSL, but I'm not 100% sure. Anyway, resending the packets failed and gave me a TCP error message from their server. I tried editing the identification numbers on the packets and predict the next sequence numbers and stuff, but no go. Anyone know what they're using to identify a resent packet?

They "crypted" so you first need to decrypt the packets before you actual change anything.

And the "decrypt" part is kinda messy.

In the past i started like this:

Send "1" in the chat => read package.
Send "2" in the chat => read package.
Send "3" in the chat => read package.
.......

This way you can see what is different in the package, you can also send the same and just see what part is the actual ID of the package.

With enough packages you "can" decrypt the code, but its still messy.

drixnak · 06/22/2010, 07:20

Well what I did was I split items in inventory which creates a SSL packet to the server and then a SSL packet from the server. I used Wireshark to capture the packet and then I used a program called colasoft packet builder which gives a really nice break down of the packet with its ID number and everything. What programs did you use? Everything goes to port 4300 on the same server which leads me to believe it's some sort of proxy that then distributes the information to the other server. I'm guessing there's an IDS on that front server and there's some sort of verification of the packets being done. I'm going to do some research tomorrow on packet encryption and verification. I read about it before since I've been studying to become a penetration tester. I'll enumerate the server further tomorrow as well. It would be cool if we could redesign the bot to use packets instead of pixel searching with auto it.