Legendary Gold Scam

[Saaen]

Well, lately I've had a an idea, that in theory would never fail, I just can't exactly test it b/c I can't get one of the programs needed to be fully functional, but it works nonetheless. Here it is (note, I cannot be held responsible for anything you do)
Also, I coped a guide on how to set it up from hackforums.net, surprised no one else has bothered to. (some of the things I changed) By the end of this guide, you will have multiple order IDs with gold for your character!

What you need!!!
Netcat- SourceForge.net: Files

Nmap- Download the Free Nmap Security Scanner for Linux/MAC/UNIX or Windows

For Exploits- milw0rm - exploits : vulnerabilities : videos : papers : shellcode (thing that can get in websties)

Alright, here's where I start to copy the guide on hackforums.

Step One.First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)

I suggest choosing a gold selling site that is very popular, for this example, I will use mmoinn/thsale.(you can use w/e you want)

Code:

nmap -PN -sS www.siteyouwanttohackgoeshere.xxx -p 1-1000 -r -sV -O -D www.siteyouwanttohackgoeshere.xxx

So if I were doing thsale it would look like this:

Code:

nmap -PN -sS www.thsale.com -p 1-1000 -r -sV -O -D www.thsale.com

Then put that into target in Nmap. You would get something along this

Code:

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-05 16:05 Eastern Daylight Time
Initiating Parallel DNS resolution of 1 host. at 16:05
Completed Parallel DNS resolution of 1 host. at 16:05, 0.13s elapsed
Initiating SYN Stealth Scan at 16:05
Scanning thsweb07.thsale.com (67.228.160.108) [1000 ports]
Discovered open port 80/tcp on 67.228.160.108
Completed SYN Stealth Scan at 16:05, 25.70s elapsed (1000 total ports)
Initiating Service scan at 16:05
Scanning 1 service on thsweb07.thsale.com (67.228.160.108)
Completed Service scan at 16:05, 6.17s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against thsweb07.thsale.com (67.228.160.108)
Retrying OS detection (try #2) against thsweb07.thsale.com (67.228.160.108)
Initiating Traceroute at 16:06
67.228.160.108: guessing hop distance at 13
Completed Traceroute at 16:06, 10.47s elapsed
Initiating Parallel DNS resolution of 19 hosts. at 16:06
Completed Parallel DNS resolution of 19 hosts. at 16:06, 8.09s elapsed
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 16:06
SCRIPT ENGINE DEBUG: showHTMLTitle.nse: Title got truncated!
Completed SCRIPT ENGINE at 16:06, 0.56s elapsed
Host thsweb07.thsale.com (67.228.160.108) appears to be up ... good.
Interesting ports on thsweb07.thsale.com (67.228.160.108):
Not shown: 998 filtered ports
PORT    STATE  SERVICE VERSION
80/tcp  open   http    Microsoft IIS httpd
|_ HTML title: Buy WOW Gold, Warcraft Gold, World of Warcraft Gold, FFXI Gil,...
113/tcp closed auth
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|2000|XP (97%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (97%), Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows 2000 Server SP4 (91%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows XP Home SP1 (French) (89%)
No exact OS matches for host (test conditions non-ideal).
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: Randomized

TRACEROUTE (using port 80/tcp)
HOP RTT    ADDRESS
1   0.00   192.168.1.1
2   16.00  96.175.116.1
3   ...
4   15.00  te-0-1-0-4-ar01.taylor.mi.michigan.comcast.net (68.87.190.141)
5   15.00  pos-0-7-0-0-cr01.cleveland.oh.ibone.comcast.net (68.86.85.49)
6   31.00  pos-0-8-0-0-cr01.chicago.il.ibone.comcast.net (68.86.85.50)
7   16.00  xe-9-3-0.edge1.Chicago2.Level3.net (4.71.248.21)
8   16.00  ae-32-54.ebr2.Chicago1.Level3.net (4.68.101.126)
9   32.00  ae-68.ebr3.Chicago1.Level3.net (4.69.134.58)
10  46.00  ae-3.ebr2.Denver1.Level3.net (4.69.132.61)
11  78.00  ae-1-100.ebr1.Denver1.Level3.net (4.69.132.37)
12  78.00  ae-2.ebr2.Dallas1.Level3.net (4.69.132.106)
13  78.00  ae-62-62.csw1.Dallas1.Level3.net (4.69.136.138)
14  62.00  ae-2-79.edge3.Dallas1.Level3.net (4.68.19.72)
15  109.00 te2-1.cer01.dal01.dallas-datacenter.com (4.71.198.18)
16  94.00  po1.dar02.dal01.dallas-datacenter.com (66.228.118.203)
17  78.00  po2.fcr04.dal01.dallas-datacenter.com (66.228.118.218)
18  62.00  208.43.13.254-static.reverse.softlayer.com (208.43.13.254)
19  63.00  thsweb07.thsale.com (67.228.160.108)

Read data files from: C:Program FilesNmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 62.828 seconds
           Raw packets sent: 4212 (195.488KB) | Rcvd: 103 (5531B)

Ok So, next thing you need to do is download netcat
Then, type this is :P.

Code:

nc -vv www.thsale.com 80

Then, when something pops up, you may need to type

Code:

GET Test

Finally, we have most of what we need.


Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22).

Code:

SSH-2.0-OpenSSH_4.7

(that was just an example)

So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.

Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY ecample would be.

Code:

Apache

Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.

And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want. (What I suggest doing is editing the Order ID's to your character names and things along those lines, or just copyign the order IDs
The sky is the limit.

Don't get caught.

I am not responsible to whatever happens to you.

How to hack a website. Video included is link to site that I got idea from.

Btw, in theory, this scam could never fail, I have only tested this once, but got 7k gold. I am almost certain this isn't a repost, if it is, flame away!

[Saaen]

12 views and no responses? C'mon!

[keksius]

I'm reping you tilll the end of my life.

[sylv100]

How save's this considering I use a proxy?

[Saaen]

lol thanks to above poster, and I don't think you can incorporate a proxy into netcat/nmap

[Saint-Pasdoy]

im not sure it will work

[Shanc]

very nice. i will def try this!

[Saint-Pasdoy]

well need linux lol only for ppl dont know

[Saaen]

Actually it's for linux and windows, theres a windows version(which is what i'm using for this), would upload but it's somewhat broken, I will find a program similar to netcat, anyone know or one? or one that is similar.

[sylv100]

lol thanks to above poster, and I don't think you can incorporate a proxy into netcat/nmap

I just wanted to know how save this is.
The idea was to use a proxy to access the internet while doing this.

[Saaen]

Trying to find a good windows version that isn't broken, corrupted, anyone have one that is similar to netcat or the same

[lolkekbye]

Sorry i dont understand the netcat part :S where do i need to type nc -vv http://ww w.thsale.com 80?? thanks in regards...
To be honest i dont understand the whole netcat at all lol. nice guide anyway hope i can get it work + rep

[Saaen]

Alright, until I figure out how to use this for wireshark or find a netcat for windows that works and is not from 98 this can only work for linux. some one pm me if you can help.

[Xronis]

Used this a while ago on Backtrack for exploiting diffrent things, . Thanks

[Rockerfooi]

The only thing that guide explains is how to get scan ports and get the apache version, nothing more, nothing less... But yeh, its true that there are exploits in some apache versions.