well,as we all know the server prolly uses a file to store all the data,right?if we scanned some ports of the server,use a server id(the ports for pharos and the ip then plz) then we could log in,and gain passwords and usernames,right?or isnt it this easy?i saw the bruteforcing thread and i thought id make one with my thaught
goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will.
this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?)
p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot ( nler of belg btw ?)
Originally posted by n0b0dYsB3tT3r@Jun 18 2006, 19:47 goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will.
this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?)
p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot ( nler of belg btw ?)
lol, I know someone who hacked the TQ server because his char got deleted.
Originally posted by Glenn_De_Zot@Jun 18 2006, 18:34 well,as we all know the server prolly uses a file to store all the data,right?if we scanned some ports of the server,use a server id(the ports for pharos and the ip then plz) then we could log in,and gain passwords and usernames,right?or isnt it this easy?i saw the bruteforcing thread and i thought id make one with my thaught
you cant just scan a server for open ports and then just login a port is like a door you can go to it and knock and if there is a programm on the other side it can reply but you dont know what programm is on the other side of the door and not every to tell you the truth nearly no programm lets you get files from the server
so what you could do is write a programm that can communicate with the login server of conquer bruteforce or use a wordlist on account names and passwords but this would take alot of time realy realy alot we dont talk about hours or days we talk about hundreds of years if you dont know the acc name and the password
and they would find you through your ip before you find even one acc and maybe put you in prison
just as co was written to communicate with the server, you could make a program, based on conquer, because as conquer can read the files, something similar should do the same, if it has the same protocol and sutff
Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database
Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port.
Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.
Originally posted by Neuropath+Jun 18 2006, 23:55--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Neuropath @ Jun 18 2006, 23:55)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--n0b0dYsB3tT3r@Jun 18 2006, 19:47 goodluck lol, i don't think any1 hacked in tq servers before, don't think any1 ever will.
this isen't as easy as bruteforcing a account, and when you try to hack into something, try to keep it small so they won't start hunting you...(got any id what they will do to yo when they find out who hacked into tq servers ?)
p.s @ glenn_de_zot...hmm mss zijn we allemaal een beetje zot ( nler of belg btw ?)
lol, I know someone who hacked the TQ server because his char got deleted. [/b][/quote]
sure ya do
Originally posted by iliveoncaffiene@Jun 18 2006, 20:43 Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database
Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port.
Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.
im pretty sure they use chinese windows, and they dont use any sql... i think they store their data in .ini files lol... my opinion is based on their game coding
Originally posted by XtremeX-CO+Jun 19 2006, 04:33--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (XtremeX-CO @ Jun 19 2006, 04:33)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--iliveoncaffiene@Jun 18 2006, 20:43 Get brutus AE2 (brute forcer) it has a built in proxy. Find out if the server runs SQL databases, brute force for a pass and username to the SQL port, login with PostgreSQL, voilah... there's a database
Now without SQL, all files are stored on the server, therefore requiring a backdoor implanted server-side to let you in through the port.
Another way -> There are main packets sent at login that send the username and password. Find out a way to simply log packets from a remote computer to the server, decrypt the password in the packet (it's even encrypted clientside), and then you have a username and pass.
im pretty sure they use chinese windows, and they dont use any sql... i think they store their data in .ini files lol... my opinion is based on their game coding [/b][/quote]
.ini files for local system use. The only other location for any .ini files would be on the web server for directory paths and so on.
You would have to know a few things before attempting to target a server directly.
1. The type of database (FrontBase, MySQL, OpenBase, Oracle, PostgreSQL, SQL Server, Sybase etc... the list goes on.)
2. Is this database located on a dedicated server or is it shared with other types of servers?
Dedicated: This means the the server that runs the DB does not run any other server type functions. This limits the available ports but expands the possible exploits to try depending on the type of DB used
Shared: This means the DB server is also running other server functions, possiby web server or login etc... This means on this system there are more open ports and more vulnerable however this does give you numerous possabilities and the issue is how much time do you want to waste?
3. What type of Server are they running?
Wich one do they use where? (Unix,NT4, Win2k, 2003)
This brings again the issue of what type of process are you to take to try and gain access to the server. Also with every server there's patches. What patch is the server running? Whats exploits exist for that patch?
Yes its possible, highly illegal but doubtfull that any average to intermediate user can do it. You need time patience and brains. Not hard to log such activities on a server and activate another level of security.
I sadly had the pain of working for building such machines and cloaking them from users.
Originally posted by Tw3ak+Jun 18 2006, 22:20--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Tw3ak @ Jun 18 2006, 22:20)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--Neuropath@Jun 18 2006, 23:55
lol, I know someone who hacked the TQ server because his char got deleted.
sure ya do [/b][/quote]
Those were my thoughts too
hacking conquer 08/30/2007 - Conquer Online 2 - 2 Replies ok..im quite new to hacking so im using linux 10.2, and nmap for port scanning, im currently scanning......can anyone give me any pointers as to were to go once ive gained acces...and if anynes ever tried before can they give me some tips and i know elitepvpers does not condone server hacking i'am just doing it to get a look at the server files for private servers.
please pm me if you would like ot help
Hacking server in Conquer 07/14/2007 - Conquer Online 2 - 4 Replies Does any1 know how to hack into the conqueer servers.
Hacking Conquer 07/04/2007 - Conquer Online 2 - 12 Replies Hey everyone
Im wondering if this will work.
If you use a packet sniffer and decrypt the packet found in the conquer server to find registered data on items in conquer, could u change the register number (for a normal neck) and change its registered number to a DB register number and send the packet back and thus switching a normal item into a DB.
Just curious!?!
Hiyoal
Conquer Hacking 11/17/2005 - Conquer Online 2 - 18 Replies Ein Freund von mir hat sich hingesetzt und ein bischen was gecodet darunter fallen:
Infinit clients
High Jump / Long Jump
Jump ins Meer etc. ( braucht noch bissel tweaking)
Und einen Taobot. der Attackt, und Manaregent.
Alles Cliendside codet.
Da er für die Analyse der Packeges für den Bot (Items usw.) aber nicht die nötige zeit hat werden wir eine Hackinggroup für co erstellen ( bord geht in den nächsten tagen on)
Also falls ihr intress habt meldet euch schon mal.
building such machines and cloaking them from users.
