-
Authentication bypass exploits for 1.12.1, 2.4.3, 3.3.5a, and 4.3.4 servers
In early November of 2016, I privately disclosed to any private server developer who would listen to me two different authentication bypass issues. One was discovered by Chaosvex, the other by Daemon. A week or two later, I pushed public fixes for these issues to cmangos.
It is now the middle of March 2017 and some private servers have not fixed their servers. I have decided to release an open-source exploit for these issues. That exploit is here: GitHub - namreeb/wowned: Authentication bypass for outdated WoW emulation authentication servers
There are pre-compiled binaries for this exploit under 'Releases' here: Releases * namreeb/wowned * GitHub
Enjoy!
Edit: Now also supports Cataclysm
Last edited by namreeb; 04-24-2017 at 05:59 PM.
-
Post Thanks / Like - 8 Thanks
-
Legendary
-
Originally Posted by
jimmys96
So, what's it do? :P
On a vulnerable server, it lets you login to any account without knowing the password.
-
Hmm, looks like it needs to be patched.
Last edited by Teryaki; 08-02-2018 at 12:08 PM.
-
Post Thanks / Like - 1 Thanks
TimReschke (1 members gave Thanks to Teryaki for this useful post)
-
Member
So, after inject the dll in to client, how do we log in other's account ? how to know their account, first, i think we only know their in game name ?
-
Originally Posted by
squall1989
So, after inject the dll in to client, how do we log in other's account ? how to know their account, first, i think we only know their in game name ?
Yes. You obviously have to know the name of the account you want to access.
-
Member
So, after injecting, you just logging in the game normally, but with just account name, no need for password ?
-
Originally Posted by
squall1989
So, after injecting, you just logging in the game normally, but with just account name, no need for password ?
I think the game requires that you input a password before it even tries logging in, but it won't matter what you type. If it doesn't work, it's because the server you're trying to connect to has fixed the method you chose when you ran the injector.
-
Member
After testing, can not be used, most private servers
-
Legendary
Originally Posted by
wei3470231
After testing, can not be used, most private servers
Most unprotected ones emergency updated after this was released. If you read the main post you can see that this has been given to server owners to be fixed since November last year.
-
-
Elite User
-
Post Thanks / Like - 3 Thanks
-
Member
Is wowned.exe supposed to close down instantly after you run it?
-
Originally Posted by
showstealer
Is wowned.exe supposed to close down instantly after you run it?
Yes. It's only purpose is to launch wow and make the changes it needs to make.
-
Member
How do you use this? Please help
I would write this wowned.exe -c -p "f:\wow 3.3.5\WoW.exe in cmd?