Hack eqDKP databases. Get emails to scam and more.

[angrykitty]

There is an exploit in eqDKP that lets you download the whole mySQL database. I think it was fixed in either 1.3.2 or 1.3.1 (most 1.3.1 still work). Most guilds use either 1.3.0 or 1.3.1. This exploit does not work with eqDKP Plus.
In case you don't know: eqDKP is the most commonly used online management system for DKP (Dragon Kill Points).

Stuff you will need:

• Firefox
• Refspoof, it's a firefox addon, google it.

Open up the eqDKP main page. Look at your address toolbar:

I censored mine for obvious reasons.
Now remove the viewnews.php part and replace it with:

Code:

admin/backup

Now it should look like:

Code:

www.guildwebsite.com/dkp/admin/backup

But do not press enter yet!
You need to spoof your 'referrer' to www.guildwebsite.com/dkp/admin
If you just installed refspoof you probably noticed a new toolbar.
Now type the '/admin' url into refspoof and click on 'spoof'

If it worked you should see something like this:

If it didn't work it will either say 404 Page Not Found, Access Denied or redirect you to the main page.
If it worked go to the backup section.

Select eqDKP database and click on the 'select' button. It will now show you all tables in the database. You're interested in the 'users' one. Select it and press select.

Download the .sql file and open it up in Notepad.

Now you have a copy of their login database. You got their email addresses, password hashes, usernames. Possibilities are endless. You can send fake wotlk keys to their emails, crack admin's password hash and change the dkp values (google Online Rainbow Tables).

[JD]

Wow... looks good... gunna check the internet if it isn't just a steal but it looks great

[angrykitty]

Wow... looks good... gunna check the internet if it isn't just a steal but it looks great

The exploit was found by folks at milw0rm.com but I made the guide myself.

I know that there will be a lot of 'lol didn't work' flame in this thread because it was fixed in the newest version. However many guilds still use the old versions (1.3.0 and 1.3.1 are really common). Best thing you could do is to go to a random realm forum on the official WoW forums. Go to the 'Guilds of X' sticky and try it on every site. Also according to milw0rm it was fixed in 1.3.2 not 1.3.1.

[Hofan]

repost of:

StrikerMikado: For his EQDKP thread (http://www.mmowned.com/forums/wow-sc...-accounts.html (How to hack EQdkp database for accounts))
SpikeeeN: His hash hacking guide (http://www.mmowned.com/forums/wow-sc...l-acc-you.html (Hack emails with database hashes.[Worth taking a look] (almost free email acc to you)))

and then of course theres my thing that came after too:

http://www.mmowned.com/forums/wow-sc...ain-eqdkp.html

All kinda had eqdkp in it not sure how you missed it when making this thread

[Gog123456]

repost repost repost repost repost, did i mention repost?