Jump to content

Just wondering

0aiden0

By 0aiden0
in Questions

 Share

Recommended Posts

0aiden0 Newbie

0aiden0

Posted
Posted

Hello everyone, this is i think my first post on here I've been reading a lot and i enjoy the community.  But i do have a question, today i stumbled upon the myspace chatrooms.  While i was on this unnamed guy got on and started talking about crashing the chatroom and then gave us a countdown, and actually did.  then repeated this in  several chatrooms  i was in.  It was starting to piss me off i was just wondering how he did it and if theres a way to stop him. . .  Hes just tryin to show off lol thx guys

Link to comment
Share on other sites
manuel Newbie

manuel

Posted
Posted

uh well umm gee hmmmm..... /me goes back to rock he crawled out from and buries his head in sand. 

BTW, that wasn't a flame... it was just a spark...  :wink:

and as moonlit said, I'm just the typical school admin who has to stab at every possible myspace/ social networking site mention....

Link to comment
Share on other sites
0aiden0 Newbie

0aiden0

Posted
  • Author
Posted

nothing really his was hitting on these girls in the chatroom. i asked him old he was he said forty i called him a pedaphile, he got mad and just crashed it i couldnt type, kinda like it was lagging really bad.i waited for like 5 minutes then i just shut it.

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted

Well I don't know exactly what the guy did but I just took a look at the chat, which seems to have been made be in Flash, and I did nothing but enter the room and it crashed harder than a caffeine addict on cold turkey. I'm guessing it's either coincidence or there's a particular exploit that kills the client dead, perhaps a particular character or string of characters. I noticed that very long messages choke it too.

Link to comment
Share on other sites
Deveant Newbie

Deveant

Posted
Posted

few bits of info, by knowing the exact address of the channel, you are able to sign on, with out having a name, some friends have talked about a bot network, which allows a style of attack that DDOS's the chat rooms, but ive never seen it done b4, so not much credibility to go on.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Curious how a flash based chat would work, I never used the MySpace chat, but I might just try to get on and download the swf file and do a decompile to look at the ActionScript. It might give a clue to what they are doing to exploit the chat functions and even show what is going on server side. I would bet there are probably moderator functions in there to punt people or something and they figured it out.

Link to comment
Share on other sites
Deveant Newbie

Deveant

Posted
Posted
Curious how a flash based chat would work, I never used the MySpace chat, but I might just try to get on and download the swf file and do a decompile to look at the ActionScript. It might give a clue to what they are doing to exploit the chat functions and even show what is going on server side. I would bet there are probably moderator functions in there to punt people or something and they figured it out.

hmm sounds easy... dont quite think it will be though. To be honest i dont think the Flash side is the Chat Channel at all, to me its simply just a client side interface, much like FlashIRC.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

If all else fails, fuzz it.

[me=Sparda]translates:[/me]

Throw every ASCII/Uni Code character at it until it dies

:lol:

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

I have the action script to the Flash based chat. There is a line of code in there which makes me think they have the ability to punt users at will:

else if (type_str == "User.SuperKick")

I can post the entire action script for the main movie file, but there are a total of 113 seperate ActionScripts all together.

Would posting the main ActionScript here post a problem with anyone?

EDIT: Looks like the chat program is from http://www.userplane.com/

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Well, A few things. I havent figured outhow to get the admin panel to load yet, or punt users, but I managed to make it so that nayone can have a myspace chat on their webpage using a modified user id string and empty chat room.

Now, the first file I tested I left my user id in the file and emailed the file to my wife. Upon opeing it, she was able to get on as me, without my cookie to authnticate her, just by using the html file I sent her.

Then, I edited the user data and changed the chat room. If I leave the chat room what it was it tells me I have to log back on. BUT, when I make it chat room 99, it loads up perfectly. The only thing left to test is if everyone else using this code can see every one else at the same time and chat or will it put each person in an empty chat room.

Here is the code to have you own myspace chatroom on your desktop or in your website. The only problem is at this point, you cannot set the user name you want to sign on with.

<!--//original chat space: param name="movie" value="http://swf.userplane.com/CommunicationSuite/ch.swf"//-->

<!--// anonymous chat//-->


<object 
        classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
        codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
        width="100%" 
        height="100%" 
        name="uS"
        id="uS" 
        align="">
        <param name="movie" value="http://swf.userplane.com/CommunicationSuite/ch.swf"> 
        <param name="quality" value="best"> 
        <param name="scale" value="scale"> 
        <param name="bgcolor" value="#FFFFFF">
        <param name="menu" value="1">
        <param name="salign" value="LT"> 
        <param name="FlashVars" value="strServer=flashcom-chat.myspace.userplane.com&strSwfServer=swf.userplane.com&strDomainID=chatRoom99.myspace.com&strSessionGUID=mvtE932nctAPXZT0bB0VMq2aoe%2ByH8c1x%2FJxGy8hZLIPGhlcaSwcP9LnM7PoDzVf&strKey=&strLocale=english&strInitialRoom=Poop">
        <embed 
            src="http://swf.userplane.com/CommunicationSuite/ch.swf"
            quality="best"
            scale="scale"
            bgcolor="#FFFFFF"
            menu="1"
            width="100%" 
            height="100%"
            name="uS" 
            align=""
            salign="LT"
            type="application/x-shockwave-flash" 
            pluginspage="http://www.macromedia.com/go/getflashplayer"
            flashvars="strServer=flashcom-chat.myspace.userplane.com&strSwfServer=swf.userplane.com&strDomainID=chatRoom99.myspace.com&strSessionGUID=mvtE932nctAPXZT0bB0VMq2aoe%2ByH8c1x%2FJxGy8hZLIPGhlcaSwcP9LnM7PoDzVf&strKey=&strLocale=english&strInitialRoom=Poop">
        </EMBED>
    </object>

EDIT: It works with multiple users across the internet. The only problem is you can't tell who is who until they tell you what there signon is. And the only way to know that is to type somehting to find out your signon.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...