Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers menu

User Tag List

Page 1 of 5 12345 LastLast
Results 1 to 15 of 65
  1. #1
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)

    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers

    In early November of 2016, I privately disclosed to any private server developer who would listen to me two different authentication bypass issues. One was discovered by Chaosvex, the other by Daemon. A week or two later, I pushed public fixes for these issues to cmangos.

    It is now the middle of March 2017 and some private servers have not fixed their servers. I have decided to release an open-source exploit for these issues. That exploit is here: GitHub - namreeb/wowned: Authentication bypass for outdated WoW emulation authentication servers

    There are pre-compiled binaries for this exploit under 'Releases' here: Releases * namreeb/wowned * GitHub

    Enjoy!

    Edit: Now also supports Cataclysm
    Last edited by namreeb; 04-24-2017 at 05:59 PM.

    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers
  2. Thanks jimmys96, Teryaki, NayKu, Jadd, brotalnia, warlock001, artemarkantos, injrd (8 members gave Thanks to namreeb for this useful post)
  3. #2
    jimmys96's Avatar Legendary
    Reputation
    757
    Join Date
    Aug 2008
    Posts
    1,170
    Thanks G/R
    224/210
    Trade Feedback
    2 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, what's it do? :P

  4. #3
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by jimmys96 View Post
    So, what's it do? :P
    On a vulnerable server, it lets you login to any account without knowing the password.

  5. #4
    Teryaki's Avatar Legendary Explorer CoreCoins Purchaser
    Reputation
    667
    Join Date
    Mar 2010
    Posts
    950
    Thanks G/R
    103/82
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm, looks like it needs to be patched.
    Last edited by Teryaki; 08-02-2018 at 12:08 PM.
    My Exploration Channel: Teryaki's Channel
    Teryaki#1806

  6. Thanks TimReschke (1 members gave Thanks to Teryaki for this useful post)
  7. #5
    squall1989's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, after inject the dll in to client, how do we log in other's account ? how to know their account, first, i think we only know their in game name ?

  8. #6
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by squall1989 View Post
    So, after inject the dll in to client, how do we log in other's account ? how to know their account, first, i think we only know their in game name ?
    Yes. You obviously have to know the name of the account you want to access.

  9. #7
    squall1989's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, after injecting, you just logging in the game normally, but with just account name, no need for password ?

  10. #8
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by squall1989 View Post
    So, after injecting, you just logging in the game normally, but with just account name, no need for password ?
    I think the game requires that you input a password before it even tries logging in, but it won't matter what you type. If it doesn't work, it's because the server you're trying to connect to has fixed the method you chose when you ran the injector.

  11. #9
    wei3470231's Avatar Member
    Reputation
    1
    Join Date
    Feb 2012
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    After testing, can not be used, most private servers

  12. #10
    jimmys96's Avatar Legendary
    Reputation
    757
    Join Date
    Aug 2008
    Posts
    1,170
    Thanks G/R
    224/210
    Trade Feedback
    2 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wei3470231 View Post
    After testing, can not be used, most private servers
    Most unprotected ones emergency updated after this was released. If you read the main post you can see that this has been given to server owners to be fixed since November last year.

  13. #11
    NayKu's Avatar Member NAYKU.COM CoreCoins Purchaser
    Reputation
    4
    Join Date
    Nov 2012
    Posts
    153
    Thanks G/R
    3/1
    Trade Feedback
    8 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good shit, Namreeb. ++

  14. #12
    brotalnia's Avatar Elite User
    Reputation
    497
    Join Date
    Apr 2009
    Posts
    473
    Thanks G/R
    26/300
    Trade Feedback
    0 (0%)
    Mentioned
    14 Post(s)
    Tagged
    2 Thread(s)
    You have no idea how much fun i had on Feenix the night namreeb posted this!

    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-fleisher-gif

    A bunch of people in Ironforge got free Rank 14 and legendaries.
    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenixvanilla-gif

    I told random players they won the server lottery and could get 1 item of their choosing.
    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenix-tbc1-gif

    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenix-tbc3-gif

    Oh, and it was the "server owner's birthday"
    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenix-tbc4-gif

    Then suddenly Thrall and his friends decided it's time to take Stormwind for the horde!
    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenix-tbc2-gif

    Lastly i invited a bunch of 70s and helped them clear a few raids.
    Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers-feenix-tbc5a-gif

    Some got "help from the gods" while doing arenas, and others had their leveling "accelerated".

    By the time they fixed this i had been up for 24 hours and not eaten anything for the past 8 cause i was afraid they might patch it while i was away. After they finally shut down the servers and i got up from my chair, i felt really tired and short on breath as if i had been running. Then the pain in my chest started and it wouldn't go away, so i had to go the hospital, but thankfully it was not a heart attack. I was just really exhausted. Thank you namreeb for making me feel like santa for a night, even if it had some consequences at the end
    Last edited by brotalnia; 03-17-2017 at 10:21 AM.

  15. Thanks warlock001, Ashoran, uzzy13u (3 members gave Thanks to brotalnia for this useful post)
  16. #13
    showstealer's Avatar Member
    Reputation
    1
    Join Date
    Jan 2013
    Posts
    6
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is wowned.exe supposed to close down instantly after you run it?

  17. #14
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by showstealer View Post
    Is wowned.exe supposed to close down instantly after you run it?
    Yes. It's only purpose is to launch wow and make the changes it needs to make.

  18. #15
    showstealer's Avatar Member
    Reputation
    1
    Join Date
    Jan 2013
    Posts
    6
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How do you use this? Please help

    I would write this wowned.exe -c -p "f:\wow 3.3.5\WoW.exe in cmd?

Page 1 of 5 12345 LastLast

Similar Threads

  1. [Release] Authentication bypass exploits for 1.12.1, 2.4.3 and 3.3.5a servers
    By namreeb in forum WoW Memory Editing
    Replies: 6
    Last Post: 07-30-2018, 12:59 PM
  2. New flight path exploit. for anyone! 2.0.3
    By corn674 in forum World of Warcraft Exploits
    Replies: 21
    Last Post: 01-15-2007, 04:55 PM
  3. WSG exploit for alliance!
    By 0mats0 in forum World of Warcraft Exploits
    Replies: 10
    Last Post: 12-28-2006, 03:21 PM
  4. Zul Farrak Exploit for Hunters
    By Matt in forum World of Warcraft Exploits
    Replies: 2
    Last Post: 06-18-2006, 07:08 PM
  5. 9k rep an hour exploit for argent dawn (1.11)
    By Lonsdale in forum World of Warcraft Exploits
    Replies: 1
    Last Post: 05-28-2006, 11:04 PM
All times are GMT -5. The time now is 12:26 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search