[Tutorial] Getting GM on MOST Private Servers

[Phygar]

Read below first pic

As far as I can tell, it is not real, or patched on most servers. Here is an example of one I did:





OK! CONFIRMED FAKE. That "Account field is really the lost password field at the bottom. I filled that text input with an text sting, and the "account" thing in tamper data came up there with the text string. Try it yourself Gastric, before you rep him x6 again.

[Troys]

yea most sites look like that above but once n awhile ull get a server that has the gm flags showing

[Troys]

there always other way tho =] if you know how to hack a site

[Phygar]

If you know how to hack a site you don't need to read these tutorials. These are supposed to be extreme vulnerability exploit tutorials, not where hardcore hackers work for days straight after years of practice to attack a site. I'm just explaining that the OP is not very smart for posting such a clearly misleading guide on how to be a GM. He must have been going, "OOOOO I'm a hacker now! I've got tamper data! WHAAAT! An account field! OMG! It's the GM field! I've got to post this on MMOwned right now!"

[QQmore]

if you know how to hack a site you don't need to read these tutorials. These are supposed to be extreme vulnerability exploit tutorials, not where hardcore hackers work for days straight after years of practice to attack a site. I'm just explaining that the op is not very smart for posting such a clearly misleading guide on how to be a gm. He must have been going, "ooooo i'm a hacker now! I've got tamper data! Whaaat! An account field! Omg! It's the gm field! I've got to post this on mmowned right now!"

<<<<<<<< this

[Troys]

any wow server sites could be hacked in under a hour there basicly is no security .. so not days =]

[Patchumz]

He needs a -10Rep for posting this bullshit on here, stupid leechers.

[pixie12]

there always other way tho =] if you know how to hack a site

we should arrange ddos and bandwidth raep attacks on wowscape -_-

[Gastricpenguin]

Wolfe contributed and had a great tutorial. So I gave him some reputation for it. Also, there's more than one way to get Gm on a server if you can't edit the "account" field. Just requires knowledge and the proper tools

[Phygar]

A good tutorial if you need to recover the passwords for account names "az", and "3" that is.

[Wolfe]

Posted ToxicWoW's Reg Source code.

Enjoy!

[Patchumz]

Posted ToxicWoW's Reg Source code.

Enjoy!

Congratulations, you put js/register.js at the end of the toxic wow URL.. Wtf are you supposed to be getting +Rep for again? I refuse to give you any until you show me something I don't already know.

It's not hard to view the page source and get the JavaScript URL to the register system.

EDIT: It would be much nicer if you use the code tags, or leave the formatting the same.. It makes it much easier to read.

Code:

var xmlHttp

function RegisterAccount(username, password, password2, email, question, answer)
{ 
	xmlHttp=GetXmlHttpObject()
	if (xmlHttp==null)
	{
		alert ("Browser does not support HTTP Request")
		return
	}
	var url="accountregister.php"
	url=url+"?username="+username+"&password="+password+"&password2="+password2+"&email="+email+"&question="+question+"&answer="+answer
	url=url+"&sid="+Math.random()
	xmlHttp.onreadystatechange=DisplayRegisterResult 
	xmlHttp.open("GET",url,true)
	xmlHttp.send(null)
}

function ResetRegisterFields()
{
	document.getElementById('username').value = '';
	document.getElementById('password').value = '';
	document.getElementById('password2').value = '';
	document.getElementById('email').value = '';
	document.getElementById('question').value = '';
	document.getElementById('answer').value = '';
	//REWARD CHOICE RESET
}

function DisplayRegisterResult() 
{ 
	if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
	{ 
			ResetRegisterFields();
			alert(xmlHttp.responseText);
	} 
}

function GetXmlHttpObject()
{
	var xmlHttp=null;
	try
	{
		// Firefox, Opera 8.0+, Safari
		xmlHttp=new XMLHttpRequest();
	}
	catch (e)
	{
		//Internet Explorer
		try
		{
			xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
		}
		catch (e)
		{
			xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
		}
	}
	return xmlHttp;
}

[Wolfe]

Haha, ok have I ONCE asked for rep?

Please correct me if I'm wrong, but no I haven't.
Be calm and you might get something, but im not gonna post hard work for idiots like you that just insult until they see something.

So either wait or you **** yourself.

[Patchumz]

Haha, ok have I ONCE asked for rep?

Please correct me if I'm wrong, but no I haven't.
Be calm and you might get something, but im not gonna post hard work for idiots like you that just insult until they see something.

So either wait or you **** yourself.

So you just posted random junk just to have random junk on the forum? Usually you get rewarded for posting useful material, which leads me to believe you would want to do that but if it isn't useful then you don't get rewarded. They tend to go hand in hand.. you know, usefulness and rewards. I never said you asked for a reward though.

The fact that you scrapped the entire OP just shows you've backtracked more than gone forward on this 'exploit'. It was an interesting concept but if you're just posting to say "Later i'll show you how" then you might as well have waited to post the entire thread.

EDIT: I just don't see what you're getting at when you post something, didn't really work, you scrap that then post come JavaScript that anyone can easily obtain if they know their way around HTML (Just so that they know it's there to look at) and end up telling us something along the lines of "If you guys are good we'll go to disney land next year!". Just don't see the point your trying to get across making a thread that tells the reader nothing.

[Wolfe]

But thats the thing, they link together. They go hand in hand ^^