[EXPLOIT!] How to log any account

[dany3l89]

Dont work on L2Revenge :(

[Miki]

I do this :

1. Load hlapex and script

2. Run L2

3. Login with my account sniffing and taking my PlayKey2

4. (i do this for see if it's fixed or not) i put my playkey2 in the script

5. i put my user and password and try to login.

There are 2 things that i don't understand :

1st is that when i put my playkey (eg. 231B0000) hlapex says that there's an error in the syntax;is normal? or i have to cancel the letter?

2nd problem is that when i put the playkey (also mine) and login with my account,i reach the server list and then i can't go to the character selection; it means that is fixed?

thanks a lot

 

[azzario]

u must convert that from hex to dec

[Miki]

putting the playkey in HEX field and take that in integer?

[killer_007]

Xmmmm maybe i didn't tell it clearly enough... (lol ok hlapex2008, it works even if you press CALL INIT, even if not, i didn't look at the script to see that it is executed normally on login :P)

 

1. LOAD hlapex

2. RUN l2.exe

3. GO TO scripts tab and LOAD the script (you must create it first, to do so, open one of these scripts there, delete the code in it, paste this code, save as... loginhack.pst or whatever)

4. AT account=1; EDIT the account=1; and add for example account=252; (1 should be the administrator's account, maybe not, try it first...)

5. LEAVE hlapex ALONE and go to client

6. LOGIN NORMALLY as you do with your account everytime... I suggest nor to use your main account, neither have the same IP as your main, as latest version of amped (damn Cypher x.x) tracks you down...

 

VOILA!!! You PWNED THEM (if it works, you will see some chars, or an empty account, if this account is empty.....)

If you:

 

1. Can't even pass the select server screen

2. See your char

3. Hlapex isn't loading

 

then:

 

1. Fixed, leave it for this server...

2. Maybe fixed, maybe you did something wrong...

3. Server's patch is protected against l2w/hlapex/etc...

 

Now let me explain some things...

 

(before this, @ miki: It will help you to estimate where to search (you will find your account's id, do you want to hack it? :P You will find an ID and say: This may be around here...) Put it in integer ~> hex to normal and you will find it.

 

It works like this (or i suppose so):

 

Login server simply gets you in your account. After you login and you want to get into GS, login sents again a packet so it says to the db server: Hey dude, load the account xxx, the user logged in successfully. Now, this scripts changes this pack, and says: Hey dude, load the account xxx, the user logged in successfully (but you logged in from anoter account :P But, nobody knows that, db don't have the power of human brain....)

 

Just some thoughts while looking the script/the login packs...

 

Also, the account=x; SAYS: Hey mr DB, load account which is NUMBERED as 15th in your db... It doesn't say: load killer's account. When you registered, you was for example the 454554 user who made an account there. Now in db, there are other 454553 rows, from other accounts. So, add a number, and see if that noob just created an account there and left the server or he did some cool things for you... SO YOU ADD A NUMBER NOT A NAME.

 

The third thing is...

 

This DOESN'T WORK to l2j, isn't it clear? ONLY official servers...

 

---------OFF TOPIC MODE /on-----------

 

@ Those who speak for revenge (GMs, admins, noobs that say that are gms/admins)

 

If i had donated (i would never do) and log in one day, and BOUM, wtf my char is NAKED??? I would never trust you again for donate (yes, i gave you my money, and that's the security you offer me???). Even if you could see that they were stolen, and you could gimme them back, i would leave... Personal opinion, NOTHING TO FLAME, just consider...

 

And as for the phraze that we are noobs who steal other people's work, (items on 1x servers etc), we aren't supposed to ask you before, YOU DO THAT, by offering such a low quality protection on your servers (lol 2 week after it was actually published, and it is still working???). Also, these <<players>>, shouldn't be so noobs to play on private servers... FBI, NCSOFT, hackers, exploits, some admins that want donations (weeeeee, do you think that a man with +25 can be got owned by a man with a +10??? If it was like this, there would be no donations, so the whole <<DONATIONS HERE>> tag is setted up, just a trick, to get money, not to have your server hosted etc.

If they want to have safety and l2 experience ~> www.lineage2.com

If they want exploits and etc. ~> www.xxxPRIVATESERVERxxx.com

 

Personal opinion.......................

[Miki]

thanks a lot killer,now i know that the server that i've tried are fixed :)

however i don't want to hack my account..is a sort of test in order to know if xploit is fixed or not :P

[MewMew]

well i see that the maxbastards community needs topics like that.....i mean look at the views and the posts..so we could make a specific sector for l2 3rd party progs developping so that we could start making progz dedicated to l2 with the signatre of maxbastards.eu :)

[ismael66]

hm...its fun though to see ppl not even to know how to run hlapex to -f u c k- up servers.

Free to try it on www.cosmosl2.com < Cosmos Destiny , surprise

[Miki]

if i did the procedure exactly cosmosl2 is fixed..isn't it?

[ismael66]

Excactly, and the admin is around here

and this is your ip Miki: 88.156.32.71

[killer_007]

hihihihi... Some exploits are for newbies admins we said, not good ones... The fix is just a command that needs to be executed in db (or just upgrade amped ~.~)

 

Anyway, still working on a bunch of servers (atm i have found 3).

 

Why was TG server protected against bots & hlapex from the patch, damnit??? x.x

[ismael66]

You are wrong killer the admin of cosmos is me, and its not a db proccedure, its a dll that fixes the problem, the db proccedure is just a "fake" fix which will not work correctly and make the server crash

 

And yeah, TG has installed a new antibot system (la2guard) its one of the best antiexploit,antibot systems

[killer_007]

I know it's a fake fix (and that you are the admin).

 

But as long as i know it works x.x Just for getting rid of some newbies who try 1 account and leave :P

 

Yes but if e-global hadn't sold it (with full support for installing it :P) static would be ~> O.o

[ismael66]

if this was for l2j would you provide support on how this works?:P

 

I don't know how Static was provided by it, neither i have it from e-global, but for a server like TG its useful and might Static has bought it. www.la2guard.com

[killer_007]

Of course not ^^ (without thinking about it a lot..)

 

 

But just because of lack of hardware (i setted up once, but... My pc was a hell) i like l2j.. fully customized (off is too, and better) (as you have more options than .xml files). And as it is legal (L2j)