0aiden0 Posted October 17, 2007 Share Posted October 17, 2007 Hello everyone, this is i think my first post on here I've been reading a lot and i enjoy the community. But i do have a question, today i stumbled upon the myspace chatrooms. While i was on this unnamed guy got on and started talking about crashing the chatroom and then gave us a countdown, and actually did. then repeated this in several chatrooms i was in. It was starting to piss me off i was just wondering how he did it and if theres a way to stop him. . . Hes just tryin to show off lol thx guys Quote Link to comment Share on other sites More sharing options...
manuel Posted October 17, 2007 Share Posted October 17, 2007 I demand 0aiden0 to write a Million times on the school chalk board in CHALK, "I will not be a myspace wanna be hacker n00b." DON'T Write it here, becasue we don't want it. Quote Link to comment Share on other sites More sharing options...
0aiden0 Posted October 17, 2007 Author Share Posted October 17, 2007 lol i honestly don't care how...i just want it to stop...why flame me when you dont know my intentions? Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 17, 2007 Share Posted October 17, 2007 Don't mind him, he's our resident school admin and part time voice in your head... Can't think how the guy could've done that though, got any more info? What happened? Quote Link to comment Share on other sites More sharing options...
manuel Posted October 17, 2007 Share Posted October 17, 2007 uh well umm gee hmmmm..... /me goes back to rock he crawled out from and buries his head in sand. BTW, that wasn't a flame... it was just a spark... and as moonlit said, I'm just the typical school admin who has to stab at every possible myspace/ social networking site mention.... Quote Link to comment Share on other sites More sharing options...
0aiden0 Posted October 17, 2007 Author Share Posted October 17, 2007 nothing really his was hitting on these girls in the chatroom. i asked him old he was he said forty i called him a pedaphile, he got mad and just crashed it i couldnt type, kinda like it was lagging really bad.i waited for like 5 minutes then i just shut it. Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 17, 2007 Share Posted October 17, 2007 Well I don't know exactly what the guy did but I just took a look at the chat, which seems to have been made be in Flash, and I did nothing but enter the room and it crashed harder than a caffeine addict on cold turkey. I'm guessing it's either coincidence or there's a particular exploit that kills the client dead, perhaps a particular character or string of characters. I noticed that very long messages choke it too. Quote Link to comment Share on other sites More sharing options...
Deveant Posted October 17, 2007 Share Posted October 17, 2007 few bits of info, by knowing the exact address of the channel, you are able to sign on, with out having a name, some friends have talked about a bot network, which allows a style of attack that DDOS's the chat rooms, but ive never seen it done b4, so not much credibility to go on. Quote Link to comment Share on other sites More sharing options...
digip Posted October 17, 2007 Share Posted October 17, 2007 Curious how a flash based chat would work, I never used the MySpace chat, but I might just try to get on and download the swf file and do a decompile to look at the ActionScript. It might give a clue to what they are doing to exploit the chat functions and even show what is going on server side. I would bet there are probably moderator functions in there to punt people or something and they figured it out. Quote Link to comment Share on other sites More sharing options...
Deveant Posted October 17, 2007 Share Posted October 17, 2007 Curious how a flash based chat would work, I never used the MySpace chat, but I might just try to get on and download the swf file and do a decompile to look at the ActionScript. It might give a clue to what they are doing to exploit the chat functions and even show what is going on server side. I would bet there are probably moderator functions in there to punt people or something and they figured it out. hmm sounds easy... dont quite think it will be though. To be honest i dont think the Flash side is the Chat Channel at all, to me its simply just a client side interface, much like FlashIRC. Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 17, 2007 Share Posted October 17, 2007 If all else fails, fuzz it. Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 17, 2007 Share Posted October 17, 2007 If all else fails, fuzz it.[me=Sparda]translates:[/me] Throw every ASCII/Uni Code character at it until it dies Quote Link to comment Share on other sites More sharing options...
digip Posted October 18, 2007 Share Posted October 18, 2007 If all else fails, fuzz it.[me=Sparda]translates:[/me] Throw every ASCII/Uni Code character at it until it dies Quote Link to comment Share on other sites More sharing options...
digip Posted October 18, 2007 Share Posted October 18, 2007 I have the action script to the Flash based chat. There is a line of code in there which makes me think they have the ability to punt users at will: else if (type_str == "User.SuperKick") I can post the entire action script for the main movie file, but there are a total of 113 seperate ActionScripts all together. Would posting the main ActionScript here post a problem with anyone? EDIT: Looks like the chat program is from http://www.userplane.com/ Quote Link to comment Share on other sites More sharing options...
digip Posted October 18, 2007 Share Posted October 18, 2007 Well, A few things. I havent figured outhow to get the admin panel to load yet, or punt users, but I managed to make it so that nayone can have a myspace chat on their webpage using a modified user id string and empty chat room. Now, the first file I tested I left my user id in the file and emailed the file to my wife. Upon opeing it, she was able to get on as me, without my cookie to authnticate her, just by using the html file I sent her. Then, I edited the user data and changed the chat room. If I leave the chat room what it was it tells me I have to log back on. BUT, when I make it chat room 99, it loads up perfectly. The only thing left to test is if everyone else using this code can see every one else at the same time and chat or will it put each person in an empty chat room. Here is the code to have you own myspace chatroom on your desktop or in your website. The only problem is at this point, you cannot set the user name you want to sign on with. <!--//original chat space: param name="movie" value="http://swf.userplane.com/CommunicationSuite/ch.swf"//--> <!--// anonymous chat//--> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="100%" height="100%" name="uS" id="uS" align=""> <param name="movie" value="http://swf.userplane.com/CommunicationSuite/ch.swf"> <param name="quality" value="best"> <param name="scale" value="scale"> <param name="bgcolor" value="#FFFFFF"> <param name="menu" value="1"> <param name="salign" value="LT"> <param name="FlashVars" value="strServer=flashcom-chat.myspace.userplane.com&strSwfServer=swf.userplane.com&strDomainID=chatRoom99.myspace.com&strSessionGUID=mvtE932nctAPXZT0bB0VMq2aoe%2ByH8c1x%2FJxGy8hZLIPGhlcaSwcP9LnM7PoDzVf&strKey=&strLocale=english&strInitialRoom=Poop"> <embed src="http://swf.userplane.com/CommunicationSuite/ch.swf" quality="best" scale="scale" bgcolor="#FFFFFF" menu="1" width="100%" height="100%" name="uS" align="" salign="LT" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="strServer=flashcom-chat.myspace.userplane.com&strSwfServer=swf.userplane.com&strDomainID=chatRoom99.myspace.com&strSessionGUID=mvtE932nctAPXZT0bB0VMq2aoe%2ByH8c1x%2FJxGy8hZLIPGhlcaSwcP9LnM7PoDzVf&strKey=&strLocale=english&strInitialRoom=Poop"> </EMBED> </object> EDIT: It works with multiple users across the internet. The only problem is you can't tell who is who until they tell you what there signon is. And the only way to know that is to type somehting to find out your signon. Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 18, 2007 Share Posted October 18, 2007 That sounds highly flawed to say the very least... can't say I'm surprised, though... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.