Is this possible?

knightm4r3 · Post by **knightm4r3** » 28 Dec 2006, 21:03

okay, I'm new to suck-o but it looks like a pretty damn sweet place.

Here is my question .. Is there anyway to hack websites like kingsofchaos.com or any of these other MMORPGs to ive yourself a certin number of weapons or men with out "paying" for them?

I dont target KOC, just using it as an example.

Thanks.

KM43

Chaos1986 · Post by **Chaos1986** » 28 Dec 2006, 21:07

I'm Sorry But I Can't Help You There.

The Reasons Is It Is Against The Rules. 3. No explicit questions, such as 'can someone hack www.somesite.com' or 'how do i hack www.blah.com', etc. We are not here to do work for you, but to help you on your way to learn how to do it yourself. Nor do we support the defacing, or hacking of websites. Nothing Personal Just Want To Help You Stay Out Of Trouble. Enjoy Your Stay At Suck-o.

knightm4r3 · Post by **knightm4r3** » 28 Dec 2006, 21:13

and I understand and respect that rule and thats why it says that I don't want to hack this site inperticular, but some friends and I (actually my roommate) would like to create a site similar to KOC, and I wanted to know if there were any such exploits. Im not asking how, Im asking if there are.

If this question is still not appropriate, by all means please lock!

KM43

Post by **CommonStray** » 28 Dec 2006, 23:01

Well if your interested in setting up a similar type of entertainment site, and you want to know this for security purposes there are many different types of exploitations for sites that have people signing in and out and having to register etc...

Most sites when you have a login use either sessions or cookies or both, these are used to authenticate a user while he/she browses the particular site, basically they are used to remember someone for a certain amount of time or until they leave the site for a certain amount of time.Sessions are pretty much a bunch of interactions between two end points within the span of a connection. Sessions start when a person logs in and are destroyed when they logout and/or after a given timeframe.

Session information is stored on the server side, and will usually contain the important stuff, cookies are stored on the users computer and shouldnt have the important info stored in it, but nonetheless sometimes thats not always the case...

hackers can hijack this session information by a few different methods such as brute forcing where they try many different ID's in hope of getting one, calculation(youd be surprised how many sites create session ID's based on algorithms that use a users IP address or the time or the time they registered) XSS or Cross site scripting where code is simply injected and it redirects a users info. Referral attacks where you create a link and it sends the HTTP referral header information to an attackers site (in site statistics if you run a site you look at your referrals to see where your traffic is coming from...same thing pretty much, just more indepth info is sent, like the session ID), even sniffing network traffic can lead to session hijacks.

this just talks about sessions, now hacking a site is a bit more complicated, the attacker needs to know what type of server is running, what operating system and services are also running on the server, what ports are open etc... with a MMORPG user info such as as what weapons etc may be stored in a text file based database, hacking into that server would be a way to change the information in that database the attacker would want...as well there are better storage means for information like that instead of a text file based database bigger sites use enterprise or community type databases such as MySQL , dBASE etc... each all have there various exploits and weaknesses which im not going to get into...
SQL Injection is the most popular form of gaining access to a sites database...

if you know how to prevent an attack, you usually know how to create one

anyways man i hope this info helps

Lyecdevf · Post by **Lyecdevf** » 29 Dec 2006, 14:35

knightm4r3 wrote:okay, I'm new to suck-o but it looks like a pretty damn sweet place.
KM43

You are right about that!

Post by **Gogeta70** » 29 Dec 2006, 21:52

Most of the time, it doesn't take much to secure code. As long as you know the ins and outs of xss and sessions, you're good to go.

Remember to always filter HTML input from forms and anything else considered inputted by the user, that is being displayed or saved to a file for later.

In PHP, this command would be either

Code: Select all

<?PHP

$var = htmlentities($var);
//or
$var = strip_tags($var);

Also, apache servers automatically assign session id's, so that's not really a problem for me. Just remember: ALWAYS filter your input.

knightm4r3 · Post by **knightm4r3** » 30 Dec 2006, 09:52

Thank you guys, CircuitB0mB and gogeta70 especially.

I was more or less trying to figure out what type of things to be concerened with.

Thanks again for your help!

killzone · Post by **killzone** » 03 Jan 2007, 18:22

if u want to hack the game u will get caught and banned if u hack the server u will gt caught and put i jail bad idea there is a another post on this see

http://www.suck-o.com/modules.php?name= ... pic&t=1756

Is this possible?

Is this possible?

Re: Is this possible?