Request Tutorial To Find Backdoors

[colt]

Hello, I see some guys talking about find backdoor, that is easy to find.

So, I have medium knowledge in Java but not applied to Lineage servers, I am studying and I don't find NOTHING about clean code from backdoor.

Anyone know where I can find? At Google I don't find.

 

 

Thank you

[Tryskell]

About "backdoors" you got only 2 ways so far : SQL injection (which is supposed to be countered by the use of PreparedStatement) and a chat command (anything related to Say2 packet, chathandlers included).

 

But the easiest stays to use a pack with a legit author. Which means, stick to vanilla packs/projects and avoid children by any mean.

[Rootware]

If you don't know core, the chances to find backdoor are very small.

[Solomun]

A backdoor can be anything,anywhere...

[colt]

Thank you Rootware and Solomun, so I'm looking the source and find nothing (40% searched) and I was thinking that maybe are in mmocore.jar file or another .jar.

So, I'll check 100% of the code (take too much time but I am not lazy) but if anyone have some information about classes or functions that is common used by "invaders".

 

Thanks all

[Rootware]

You want to find the real door or missed check in some action/place? For last argument you need learn a server core and the Lineage 2 gameplay.

[colt]

You want to find the real door or missed check in some action/place? For last argument you need learn a server core and the Lineage 2 gameplay.

Thank you sir for your awesome reply!

About Lineage 2 gameplay I know 80% (I think).

About Server Core I know 8% (or minus).

 

About backdoors:

 

I don't find too much information but I understand that backdoor it's a possible variable or function used to connect in the server as administrator (GM) independent of database setup, by a secondary port for sure.

But if the "ADMIN" find the fake "Administrator" in the database and remove, when restart the server get access again by java files installed in the server that keep the information about the fake admin.

So I suppose that is this occurence, but I am not finding at the source these informations or codes, and I know that have backdoors in L2 Tales source shared here (I am using just to study because I'll not open a shitty server, I'll study and buy a source from a serious guy).

 

Maybe you can't understand what I mean in some words, please let me know if I am being understandable because I speak "self-learning" hahaha.

 

Thank you

[Reborn12]

Thank you sir for your awesome reply!

About Lineage 2 gameplay I know 80% (I think).

About Server Core I know 8% (or minus).

 

About backdoors:

 

I don't find too much information but I understand that backdoor it's a possible variable or function used to connect in the server as administrator (GM) independent of database setup, by a secondary port for sure.

But if the "ADMIN" find the fake "Administrator" in the database and remove, when restart the server get access again by java files installed in the server that keep the information about the fake admin.

So I suppose that is this occurence, but I am not finding at the source these informations or codes, and I know that have backdoors in L2 Tales source shared here (I am using just to study because I'll not open a shitty server, I'll study and buy a source from a serious guy).

 

Maybe you can't understand what I mean in some words, please let me know if I am being understandable because I speak "self-learning" hahaha.

 

Thank you

Backdoored is somethink like this... http://i.imgur.com/zrFwcvz.png

I found to reports

[Rootware]

Ohh man, i see you love the "The project of One day" from noname developers or reselling projects. I think, it's stupid idea for researching the backdoors in the potential shit.

[colt]

Backdoored is somethink like this... http://i.imgur.com/zrFwcvz.png

I found to reports

Thanks Reborn12, that logic is strange but set accesslevel to 1. Thanks I will see if are some things that send accesslevel commands to the server. Thanks

 

But is very hard huh?

 

Ohh man, i see you love the "The project of One day" from noname developers or reselling projects. I think, it's stupid idea for researching the backdoors in the potential shit.

 

Rootware  thanks again, but I think that I will buy the source from NeverMore but I want to learn about this things, I need be carefull to all things that I put in my network/servers, so I buy but I check all the code. I am studying based on L2Tales because I am sure that have backdoors like the guys said and to create solutions we need problems right?

If you have a better suggestion to buy, please if you want send a PM to me.

But I really need learn about this, my real knowledge base is C# but I am studying Java specific to Lineage 2 servers.

 

Thanks

[SweeTs]

If you want to buy the sources from legit guy, then you must not to worry. Simply abandon what you are doing

[Reborn12]

You can search into voicedcommandhandler if is there any command for access level..

Edited November 6, 2015 by Reborn12

[colt]

If you want to buy the sources from legit guy, then you must not to worry. Simply abandon what you are doing

 

Yes it's my case, BUT I am trying to not be lazy and study this case, safety. Legit it's my father, my mother and my brother because I can see they all days, guys from internet are not legit before proof (with my own analisys), so I'll continue this "work" studying and asking for help from good guys that have here, thank you for your help anyway.

 

You can search into voicedcommandhandler if is there any command for access level..

 

Thank you again, you help me a lot.

[SweeTs]

There could be even a hidded bypass on some npc, some sort of 'text', but yeah. Searching for accesslevel / database info mostly.

 

 

Legit it's my father, my mother and my brother because I can see they all days, guys from internet are not legit before proof.

You did not watch a Breaking Bad serial, do you? :dat:

 

:happyforever:

Edited November 6, 2015 by SweeTs

[colt]

About "backdoors" you got only 2 ways so far : SQL injection (which is supposed to be countered by the use of PreparedStatement) and a chat command (anything related to Say2 packet, chathandlers included).

 

But the easiest stays to use a pack with a legit author. Which means, stick to vanilla packs/projects and avoid children by any mean.

really, really, really thanks, you help me a lot dude, thank you.

 

There could be even a hidded bypass on some npc, some sort of 'text', but yeah. Searching for accesslevel / database info mostly.

 

 

You did not watch a Breaking Bad serial, do you? :dat:

 

:happyforever:

hahaha, so, I trust them because I can make some meth with my parents! HAHAHAHA  :dat:

 

Thank you, this info was very important bypasses. I am learning an will buy from serious guys, for sure.

 

So, I can mark as solved if any moderator want to close.

 

Thank you all!

[SweeTs]

Okay, locked then.