Welcome to AC Web.
Results 1 to 13 of 13
  1. #1

    How to hack donations in hereos-wow?


    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    How to hack donations in heroes-wow?

  2. #2
    You're probably not going have much luck doing that, sorry to say.

  3. #3
    If you route through the mainframe, drop the packets, and hijack the GUI, then you should be able to hack the .XML files, and delete system32 on the mainframe, and backdoor access through the .txt files you can get access to free donations.

  4. #4
    By donating or SQL injection to add points.

  5. #5
    U're fully aware that the devs/Owners of Heroes-wow read this forum?

  6. #6
    Quote Originally Posted by XExpressionX View Post
    U're fully aware that the devs/Owners of Heroes-wow read this forum?
    Perfect! That way they can fix it

  7. #7
    Quote Originally Posted by Darkrogue View Post
    Perfect! That way they can fix it
    They can't fix it if he uses money to *hack donate* )

  8. #8
    It wouldn't really be considered "hacking" then, would it? lol

  9. #9


    Join Date
    Feb 2015
    Location
    Noggit Level Designer
    Posts
    312
    You cant hack Donations, thats serverside settings. The only way to hack it, get the database login informations.

    No chance to hack anything on Heroes-WoW like donationcoins or votecoins.. this CMS has a brilliant security software.
    Last edited by Senix; 11-24-2017 at 06:45 AM.

  10. #10
    I really do not know how there server is set up. But, what I tell people all the time when they say there system can not be hacked is, there is no such thing as an un-hackable system. If it is online by any means, it is hack-able. When people seem to forget, and NO, I am not trying to dis anyone here or any thing like that, just making a statement, is the fact it's all built on programs, written by people. Codes, coding and the such. One person creates the code, another can and likely will break it. No matter the situation, any and ALL programs ARE indeed able to be hacked regardless if it's on a server thousands of miles away or next door.

    Yes, many many people have written programs that are very secure, this is true, however, that does not diminish the fact that it can still be broken, or hacked, no matter how strong the security is. Once again, its ALL programming, codes, text. No matter what was used to program it, it is ALL hackable. Perhaps not today, but it still can be broken. There is no way to make some thing completely secure when it is online in any way. Some say this particular hardware can block ANY and all attacks of any kind, and by particular hardware I refer that in general, yet, it CAN still be hacked. Why? because is ALL based on coding, programs. Which again, IS in fact fallible.

    No, I am not trying to dis any one, nor trying to create a problem, however, I do mean to remind people that nothing, is in fallible.

  11. #11


    Join Date
    Jul 2010
    Location
    https://www.getmangos.eu/members/krill/
    Posts
    461
    Of course anything and everything can be hacked and broken, IMO that's apart of the challenge, ultimately the fun.

    Take this commit for Instance, https://github.com/mangoszero/server...23076c90829540

    Some one made a custom hack that would inject into the game client and send a invite packet with a GUID of -1 or NULL on your self, which would crash the server. The attack become known rather quickly by the MaNGOS team and we sent out the fix the next day.

    It's all about thinking outside the box.. you could attempt to look through the source of their website, if a query is not properly sanitized, then maybe you could inject into it?, perhaps they have something you can search with (Item DB/User List) and return a list of what ever data you wish (though i think this falls under sanitation/checking)

    If you are able to obtain user account info you could ATTEMPT to reverse the password hash with this tool.

    https://www.dcode.fr/sha1-hash

    The Hash formula follows as USERNAME : PASSWORD (All caps and no spaces, that's important)

    Though according to the Head Lead of MaNGOS, he says there is a random seed included in the calculations, so you would need to some how predict the seed and crack it. (Which he says will be quite some time)
    Last edited by krill; 12-01-2017 at 12:23 AM.

  12. #12
    Web/SQL Dev & 3D Artist

    Join Date
    Oct 2010
    Location
    somewhere between <?php and ?>
    Posts
    3,204
    Quote Originally Posted by krill View Post
    Of course anything and everything can be hacked and broken, IMO that's apart of the challenge, ultimately the fun.

    Take this commit for Instance, https://github.com/mangoszero/server...23076c90829540

    Some one made a custom hack that would inject into the game client and send a invite packet with a GUID of -1 or NULL on your self, which would crash the server. The attack become known rather quickly by the MaNGOS team and we sent out the fix the next day.

    It's all about thinking outside the box.. you could attempt to look through the source of their website, if a query is not properly sanitized, then maybe you could inject into it?, perhaps they have something you can search with (Item DB/User List) and return a list of what ever data you wish (though i think this falls under sanitation/checking)

    If you are able to obtain user account info you could ATTEMPT to reverse the password hash with this tool.

    https://www.dcode.fr/sha1-hash

    The Hash formula follows as USERNAME : PASSWORD (All caps and no spaces, that's important)

    Though according to the Head Lead of MaNGOS, he says there is a random seed included in the calculations, so you would need to some how predict the seed and crack it. (Which he says will be quite some time)
    That website wont be able to decrypt the passwords in the DB. You can still crack the password but to do that you need some insane graphic cards otherwise it take ages to crack a password. Md5 is probably one of the easiest encryptions to crack. Sha1 is harder to crack but still easy compared to hashing and salting.

    Here is two videos that could give more information about cracking password encryptions.
    The first video is just some information about the encryptions that is usefull to know. The second video shows how you can decrypt the passwords


    Next Video:
    https://www.youtube.com/watch?v=7U-RbOKanYs

    - - - Updated - - -

    But all encryptions is possible to crack
    Last edited by Tok124; 12-01-2017 at 02:33 AM.

  13. #13
    Quote Originally Posted by Tok124 View Post
    <snip>
    Hey, I remember this from my Networking class 10/10 favourite section was exploiting|hacking

  14. #14


    Join Date
    Jul 2019
    Location
    United States Florida
    Posts
    2

    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    If you route through the mainframe, drop the packets, and hijack the GUI, then you should be able to hack the .XML files, and delete system32 on the mainframe, and backdoor access through the .txt files you can get access to free donations.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •