Author Topic: website or game?  (Read 2157 times)

0 Members and 1 Guest are viewing this topic.

Offline zhangbob

  • Serf
  • *
  • Posts: 20
  • Cookies: 0
    • View Profile
website or game?
« on: July 01, 2011, 03:37:07 pm »
I already brought this topic up in the wrong area before (sorry), but I has a question.

I want to get an account password from a website, that shares usernames and passwords with their associated game.

Now I'm new to this (trying to get my focus on)

Should I go after trying to hack the game or the website?

After I know that I should be able to learn how to do it :D

Kenpachi Fried Chicken

iMorg

  • Guest
Re: website or game?
« Reply #1 on: July 01, 2011, 04:06:22 pm »
I dont understand. Is it like a portal login system that redirects you to the correct game once you sign in?

Offline zhangbob

  • Serf
  • *
  • Posts: 20
  • Cookies: 0
    • View Profile
Re: website or game?
« Reply #2 on: July 01, 2011, 04:37:36 pm »
well im actually talking about Second life, theres is a game run by a 3rd party viewer, where you can log into the game and there is official website where you can log in to see how your account is doing and its stats, both use the same username and passwords
Kenpachi Fried Chicken

Offline Tsar

  • Peasant
  • *
  • Posts: 126
  • Cookies: 10
  • turing-recognizable
    • View Profile
Re: website or game?
« Reply #3 on: July 01, 2011, 10:28:33 pm »
So it's a game within a game?

And you want to steal passwords from the game?

Probably beyond your level, but depending on how secure the website is you could try either SQLi or a XSS.

Offline zhangbob

  • Serf
  • *
  • Posts: 20
  • Cookies: 0
    • View Profile
Re: website or game?
« Reply #4 on: July 02, 2011, 12:21:57 am »
oh lol no you get on the game from the viewer

the website you can access your account info kind of like WoW and blizzard.com

Kenpachi Fried Chicken

Offline theellimist

  • Knight
  • **
  • Posts: 371
  • Cookies: 17
    • View Profile
    • TheEllimist's Game
Re: website or game?
« Reply #5 on: July 02, 2011, 09:47:45 am »
If you can log into your account on the website then I am sure that that would be the way to go.

Offline zhangbob

  • Serf
  • *
  • Posts: 20
  • Cookies: 0
    • View Profile
Re: website or game?
« Reply #6 on: July 02, 2011, 03:04:12 pm »
okay thanks so website it is. I just got an idea as well though

would something like this explained in 2007, still be viable with php today with IE9?
http://www.gnucitizen.org/blog/ie-pwns-secondlife/

for those who dont want to read the whole thing, basically would it still be possible to use php to make it so it steals their passwords (since the clients you use to log onto the actual game, save your username and password) just by going to your webpage?

like could you use the webpage you made they are visiting to essentially make them attempt a login to the point where it sends their information to your page

then even maybe use the encrypted hash of a password you got and forge a request to the (offical) authentication server?

If this is all possible then I would definately go this route instead of hacking the website

lastly is there a way to check if this is still possible other than learning and trying it out first hand?
« Last Edit: July 02, 2011, 03:04:50 pm by zhangbob »
Kenpachi Fried Chicken

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: website or game?
« Reply #7 on: July 02, 2011, 04:02:34 pm »
The secondlife protocol bug is fixed long time ago aint it?

Either way, as in any hacking situation. Go for the easiest target, if you are just doing it to get access anyway.

And, dont think of it as a game or a website. Its all servers and services. Website being one of the services.

Now, to get things clear. Is the secondlife thingy a browser plugin like flash or is it a executable you run on your computer and you login from there?

Either way, get an understaind og protocol fuzzing and manipulation. Find what type of info is being sent back and forth from you and the server and take it from there.

Really, I cant help you a whole lot more, you just have to know the basics of penetration testing.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline zhangbob

  • Serf
  • *
  • Posts: 20
  • Cookies: 0
    • View Profile
Re: website or game?
« Reply #8 on: July 02, 2011, 05:46:47 pm »
the client is completely seperate from the IE or firefox its open source and can be user made. but yes thank you for for explaining that. I have a point of reference to start at now >:D~ <3
Kenpachi Fried Chicken