Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
Spot Ify
Don't belive that you can login to all users without a password because of the limit 1 but its true that you can login to accounts some accounts because the set of the auth_ticket after login.
You can fix that simply by replacing the SSOTICKET EVENT:
Code:
public class SSOTicketEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
string ticket;
if (Session?.RC4Client == null || Session.GetHabbo() != null || string.IsNullOrEmpty((ticket = Packet.PopString())))
return;
Session.TryAuthenticate(ticket);
}
}
I don't see anything special by the mute time so I doubt the legitime of this post (It could also be clientside so it looked like he bypassed the flood times)
If your hotel got hacked with this method and you are sure of that just pm me then we look togheter I like mysteries :P
Nice, but still easy to bypass. I recommend to create a check which check if the connection IP and user IP are the same if not destroy/disconnect the connection.
I also recommend to create a table for the user tickets just like Butterfly emu.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
TehMud
Nice, but still easy to bypass. I recommend to create a check which check if the connection IP and user IP are the same if not destroy/disconnect the connection.
I also recommend to create a table for the user tickets just like Butterfly emu.
Its not easy to bypass because it is possible to login to users without a authticket because of this qeury after the login:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
but yeah it is a idea to add a check of the ip is the same but it is not needed
I also don't think you can do much with this bug because it is so random wich user you get.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
My clients loading to 59% then im getting disconnected any help ?
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
SageRP
My clients loading to 59% then im getting disconnected any help ?
This isn't help thread....here it is: http://forum.ragezone.com/f333/offic...hread-1090581/
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
Spot Ify
Its not easy to bypass because it is possible to login to users without a authticket because of this qeury after the login:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
but yeah it is a idea to add a check of the ip is the same but it is not needed
I also don't think you can do much with this bug because it is so random wich user you get.
Wouldn't it be possible to delete the SET auth_ticket = '' too, so that it will never become empty and so the security issue is solved?
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Thanks for the release only I have some problems with the database can you help me with this?
Screenshot by Lightshot
Thanks in advance!
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
Seat Ibiza
Wouldn't it be possible to delete the SET auth_ticket = '' too, so that it will never become empty and so the security issue is solved?
No not really because it is a "bot" protection because it is empty they need to do a new request to get the auth ticket and if you have cloudflare with a browser check is that much harder to do.
But I don't think also that it is really a big exploit because it is pretty random wich account you get.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
For a better more secure Authenticate you can leave the contents in "SSOTicketEvent.cs" as they are (the check for the empty string wont be needed, but you can keep it if you choose to).
In UserDataFactory.cs look for the function:
Code:
public static UserData GetUserData(string SessionTicket, out byte errorCode)
Change the first query:
Code:
dbClient.SetQuery("SELECT `id`,`username`,`rank`,`motto`,`look`,`gender`,`last_online`,`credits`,`activity_points`,`home_room`,`block_newfriends`,`hide_online`,`hide_inroom`,`vip`,`account_created`,`vip_points`,`machine_id`,`volume`,`chat_preference`,`focus_preference`, `pets_muted`,`bots_muted`,`advertising_report_blocked`,`last_change`,`gotw_points`,`ignore_invites`,`time_muted`,`allow_gifts`,`friend_bar_state`,`disable_forced_effects`,`allow_mimic`,`rank_vip` FROM `users` WHERE `auth_ticket` = @sso LIMIT 1");
To this:
Code:
dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
Then further down look for:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
and change it to:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
Inside PlusEnviroment.cs look for this function:
Code:
public static void PerformShutDown()
Change:
Code:
dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");
To:
Code:
dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
Finally run this database query:
Code:
-- ----------------------------
-- Table structure for `user_auth_ticket`
-- ----------------------------
DROP TABLE IF EXISTS `user_auth_ticket`;
CREATE TABLE `user_auth_ticket` (
`user_id` int(11) NOT NULL,
`auth_ticket` varchar(60) NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
This way you'll only be creating a session ticket when the user connects to the hotel and removing it straight after (not setting the ticket to null or empty), thus making it impossible to "randomly" sign in onto other users accounts, unless you manually set the ticket ofc :love:
All you need to do is change how your SSO tickets get created to insert them into that table and you're good to go.
Hopefully this helped.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
If anyone of you plan on using the above thing Damien has so kindly given to us all
go to class.users.php and search for the Create SSO auth_ticket section and replace it all with this
PHP Code:
final public function createSSO($k)
{
global $engine;
$sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
$engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
} else {
$engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");
}
return $sessionKey;
unset($sessionKey);
}
Then go to your class.core.php and look for the case "client";
and replace it with this
PHP Code:
$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
Damien Jolly
For a better more secure Authenticate you can leave the contents in "SSOTicketEvent.cs" as they are (the check for the empty string wont be needed, but you can keep it if you choose to).
In UserDataFactory.cs look for the function:
Code:
public static UserData GetUserData(string SessionTicket, out byte errorCode)
Change the first query:
Code:
dbClient.SetQuery("SELECT `id`,`username`,`rank`,`motto`,`look`,`gender`,`last_online`,`credits`,`activity_points`,`home_room`,`block_newfriends`,`hide_online`,`hide_inroom`,`vip`,`account_created`,`vip_points`,`machine_id`,`volume`,`chat_preference`,`focus_preference`, `pets_muted`,`bots_muted`,`advertising_report_blocked`,`last_change`,`gotw_points`,`ignore_invites`,`time_muted`,`allow_gifts`,`friend_bar_state`,`disable_forced_effects`,`allow_mimic`,`rank_vip` FROM `users` WHERE `auth_ticket` = @sso LIMIT 1");
To this:
Code:
dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
Then further down look for:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
and change it to:
Code:
dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
Inside PlusEnviroment.cs look for this function:
Code:
public static void PerformShutDown()
Change:
Code:
dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");
To:
Code:
dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
Finally run this database query:
Code:
-- ----------------------------
-- Table structure for `user_auth_ticket`
-- ----------------------------
DROP TABLE IF EXISTS `user_auth_ticket`;
CREATE TABLE `user_auth_ticket` (
`user_id` int(11) NOT NULL,
`auth_ticket` varchar(60) NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
This way you'll only be creating a session ticket when the user connects to the hotel and removing it straight after (not setting the ticket to null or empty), thus making it impossible to "randomly" sign in onto other users accounts, unless you manually set the ticket ofc :love:
All you need to do is change how your SSO tickets get created to insert them into that table and you're good to go.
Hopefully this helped.
Awesome and outstanding developer, glad to be hes partner and learn from him!
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Sulake.cc is down, the download links don't work !
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
Alexandre Fadox
Sulake.cc is down, the download links don't work !
Will be back up soon, he's sorting stuff out.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486
Quote:
Originally Posted by
sagem57
Everything suck RAM trololol.
Re: PlusEMU - Habboon Edit - PRODUCTION-201601012205-226667486