• entries
    32
  • comments
    50
  • views
    45502

Down with the FastCall22 reign!

Sign in to follow this  
CulDeVu

1651 views

So FastCall22 has figured out how to kick himself in the gdchat. Well, he hath prowess over us no more!

Here's how to go about it:

Step 1:
Pull up the developer tools that show you incoming and outgoing packets. On Chrome, you hit F12 and click Network, and Firefox has a similar thingy.

Step 2:
Post a single thing.The object of this is to see the session's unique id and verification key for you. This changes every time you enter the room. I'm pretty sure that you can get that value off of your entrance, but oh well.

Anyways, do that, and you'll send a POST packet, followed by a GET packet with your exact message in it. The GET one is the one you want. You can quickly filter through the packets to find the right one by looking in the Preview tab under Network on Chrome.

Step 3:
Scroll down to the bottom of the packet header where it talks about the Query String Parameters. Those are the things in the url with all the &'s after the .php. Yeah, you need those.

Screenshot 2015-05-11 03.15.12.jpg

Step 4:
You need something that will send arbitrary packets to places. Postman for Chrome is a good choice. I'm sure there's something similar for Firefox. And maybe for Opera. Maybe AOL too, if you're thusly inclined.

Step 5:
Fill in the packet data.
You want to paste this into the field that says "Enter request URL here"

http://server05.ips-chat-service.com/moderate.php?room=FILL_ME_IN&user=FILL_ME_IN&access_key=FILL_ME_IN

The URL params that say "FILL_ME_IN" need to be filled in with the info from step 3.

Down under form-data, there's 2 fields that need to be made.
against: YOUR_USER_VALUE
_: [leave this value blank. i dont know why its here, or if it's even necessary, but do it anyways]

Screenshot 2015-05-11 03.53.10.jpg

Step 6:
Send. You should get a response that looks like:
1
If you get something different, you did something wrong.

Step [font=arial]

?:

[/font]

Profit.



Screenshot 2015-05-11 03.20.23.jpg

Let the GDchatting commence!
Sign in to follow this  


9 Comments


Recommended Comments

I wonder how else the chat's security systems can be subverted. Does this work for plain members (no privileges) as well or is there some server-side checking?

Share this comment


Link to comment
so over complicated, just use javascript injection to do it:
javascript:void(ipb.chat.sendMessageToChild("action=kick&server="+serverHost+"&path="+serverPath+"&user="+userId+"&access_key="+accessKey+"&against="+11055+"&room="+roomId));
all you have to do is find the target user's id, and put it in there!

Share this comment


Link to comment

The chat is broken as hell (lots of bugs), so I'm sure it can be exploited in other ways.  An embedded and exclusive IRC based chat would likely be more sufficient, but staff told me that it will never happen.

 

I'll have to try this later.

Share this comment


Link to comment

All the old school GDNet members have been chatting on #gamedev (irc.afternet.org) for going fifteen YEARS now. Not sure why they felt the need to embed a crappy broken webchat thing.

Share this comment


Link to comment

Actually, yeah, I've been on there a few times. Everyone there is super chill, unlike all the childish kicking that happens on the official gdchat. You have to go wayyyy out of the way to find it though. It's almost like they've hidden it from the rest of us

Share this comment


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now