Welcome, guest! Please login or register.

    * Shoutbox

    RefreshHistory
    • stCky: Palidinho is your OpenGL (was it OpenGL?) stuff open source anywhere?
      August 16, 2017, 09:07:22 PM
    • Travas:BUILD THE WALL
      August 15, 2017, 09:28:49 PM
    • Travas: i have ass cancer
      August 15, 2017, 09:23:29 PM
    • stCky: what are the fudge are you tryna ask?
      August 15, 2017, 08:21:35 PM
    • bader: what are the rsps community alive ?
      August 15, 2017, 05:46:16 PM
    • bader: yo guys
      August 15, 2017, 05:46:08 PM
    • Spacehost:[link] Updated our thread :)
      August 15, 2017, 09:40:34 AM
    • Adaro: The client is in Download section at Homepage
      August 15, 2017, 01:09:20 AM
    • FaTe_Of_GoDs: where do i get the client?????????????
      August 14, 2017, 05:23:14 PM
    • stCky: can anyone help me? I cant login to the shoutbox
      August 13, 2017, 05:45:15 PM
    • drubrkletern: appeal denied
      August 13, 2017, 02:35:27 PM
    • King_Trout:[link]
      August 13, 2017, 11:17:12 AM
    • Cole1497: no sorry
      August 13, 2017, 10:27:14 AM
    • ayz: yo can anyone explain something to me
      August 13, 2017, 08:08:51 AM
    • coolking12: Hi
      August 13, 2017, 04:16:06 AM
    • stCky: n+1
      August 11, 2017, 06:09:24 PM
    • PalidinoDH: How many more pages are going to show errors before this dude gets on and fixes shit
      August 11, 2017, 04:57:00 PM
    • stCky: it is made by the wonderful people at jetbrains
      August 10, 2017, 10:00:06 PM
    • Zoravon: what's the difference between that and eclipse?
      August 10, 2017, 05:59:52 PM
    • stCky: use an IDE like IntelliJ or shitclipse
      August 10, 2017, 05:33:01 PM

    Author Topic: Private Server Exploits  (Read 18295 times)

    0 Members and 2 Guests are viewing this topic.

    Offlinesk8rdude461

    • MOPARSCAPE WAS HACKED
    • Member
    • ****
    • *
    • Posts: 12,471
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #200 on: July 16, 2014, 09:17:48 PM »
    So lets get back on topic here.. I figured out how to open bank anywhere on a server.
    [img ]http://puu.sh/ae17a/0eb51e0acf.jpg[/img]
    Code samples go into this thread.
    Lol it was basically like what Silab did with banks, but a different ID.
    (I wasn't reading the thread I was just toying around)
    Code: [Select]
    p1isaac(252) //Object Action 2
    isp2(2213) // Bank stall object
    ip2(3442) // y coord
    sp2(2738) // X coord

    OfflinePure_

    • Member
    • ****
    • *
    • Posts: 4,687
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #201 on: July 16, 2014, 09:32:10 PM »
    So lets get back on topic here.. I figured out how to open bank anywhere on a server.
    [img ]http://puu.sh/ae17a/0eb51e0acf.jpg[/img]
    Code samples go into this thread.
    Lol it was basically like what Silab did with banks, but a different ID.
    (I wasn't reading the thread I was just toying around)
    Code: [Select]
    p1isaac(252) //Object Action 2
    isp2(2213) // Bank stall object
    ip2(3442) // y coord
    sp2(2738) // X coord
    Good job!


    One thing me and the squad managed to do was look into a server's cache, find a donator interface (by string search) then open it up and gg. Most servers seem to just have point-based stores though so it's not all that useful.
    i won the forum

    Offlineimthenull

    • Member
    • ****
    • Posts: 2,511
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #202 on: July 17, 2014, 02:14:48 AM »
    trinity scape

    * bank anywhere
    * withdraw/deposit from anywhere
    * wield any item

    Need some more ideas on what to test...


    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #203 on: July 17, 2014, 02:46:33 AM »
    Oh damn thats smart, equip items and then press the move equipment to bank button. Niiicee.

    OfflineRuneAgent

    • wololo
    • Member
    • ****
    • *
    • *
    • Posts: 7,516
    • Thanks: +0/-0
      • View Profile
      • MITB FORUMS
    Re: Private Server Exploits
    « Reply #204 on: July 17, 2014, 12:48:22 PM »
    Code: [Select]
    stream.p1isaac(214)
    stream.isp2(3214)
    stream.np1(0)
    stream.isp2(0) //slot 0
    stream.ip2(1) //slot 1
    stream.p1isaac(87)
    stream.sp2(1321) // item id
    stream.p2(3214)
    stream.sp2(0) // slot 0

    move item drop dupe works on mist x moves the items from slot 0 to slot 1 while dropping fast

    Offlineimthenull

    • Member
    • ****
    • Posts: 2,511
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #205 on: July 17, 2014, 01:28:44 PM »
    Code: [Select]
    stream.p1isaac(214)
    stream.isp2(3214)
    stream.np1(0)
    stream.isp2(0) //slot 0
    stream.ip2(1) //slot 1
    stream.p1isaac(87)
    stream.sp2(1321) // item id
    stream.p2(3214)
    stream.sp2(0) // slot 0

    move item drop dupe works on mist x moves the items from slot 0 to slot 1 while dropping fast
    neet, doesn't work on trinityscape :\

    Offlinesk8rdude461

    • MOPARSCAPE WAS HACKED
    • Member
    • ****
    • *
    • Posts: 12,471
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #206 on: July 18, 2014, 06:11:05 AM »
    [img]http://i.imgur.com/6Ss019s.png[/im g]
    I just patched this, thanks for the idea on actually checking if it's an item you should actually be able to wear. ^.^


    Code: [Select]
    stream.p1isaac(214)
    stream.isp2(3214)
    stream.np1(0)
    stream.isp2(0) //slot 0
    stream.ip2(1) //slot 1
    stream.p1isaac(87)
    stream.sp2(1321) // item id
    stream.p2(3214)
    stream.sp2(0) // slot 0

    move item drop dupe works on mist x moves the items from slot 0 to slot 1 while dropping fast
    This one doesn't seem to work on my server either. Could I be doing it wrong or maybe it just doesn't work?

    Offlinedrubrkletern

    • Absolute Legend
    • Member
    • ****
    • Posts: 9,373
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #207 on: July 18, 2014, 06:23:32 AM »
    [img]http://i.imgur.com/6Ss019s.png[/im g]
    I just patched this, thanks for the idea on actually checking if it's an item you should actually be able to wear. ^.^


    Code: [Select]
    stream.p1isaac(214)
    stream.isp2(3214)
    stream.np1(0)
    stream.isp2(0) //slot 0
    stream.ip2(1) //slot 1
    stream.p1isaac(87)
    stream.sp2(1321) // item id
    stream.p2(3214)
    stream.sp2(0) // slot 0

    move item drop dupe works on mist x moves the items from slot 0 to slot 1 while dropping fast
    This one doesn't seem to work on my server either. Could I be doing it wrong or maybe it just doesn't work?
    Keep item you want to dupe in first slot, and another random item in the second (e.g dragon spear) then try again, spam click execute script.
    Quote
    "Moparscape is the oldest Runescape private server community. We have been active since 2007.

    - Mitb, Founder"
    ez   infraction king

    Offlineohokay

    • Member
    • ****
    • Posts: 1,214
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #208 on: July 18, 2014, 08:20:38 AM »
    trinity scape

    * bank anywhere
    * withdraw/deposit from anywhere
    * wield any item

    Need some more ideas on what to test...



    This seems to work in most, but can any exploit come of it?



    Allstar castlewars smuggle, should work on most servers as they don't predict someone will get out of the minigame

    Code: Javascript
    1. stream.p1isaac(132);
    2. stream.isp2(x);
    3. stream.p2(9293);
    4. stream.sp2(y);
    5.  

    Die to an npc, go back to loot your items, relog. Can also be used to force yourself out of the wilderness
    « Last Edit: July 18, 2014, 11:10:03 AM by ohokay »
    I don't think sk8r could be wrong because he is a god, But what do i need to do then?

    Offlinemit03

    • Member
    • **
    • Posts: 96
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #209 on: November 13, 2014, 09:36:36 AM »
    wait i don't get it, couldn't you have just done a netstat and see where port 43594 was connected?

    Yeah that was my thought too, I guess they don't understand that. But hey! That hiding_method.txt



    :>

    Arios is programmed and managed by incompetent people. Vexia by far is the worst person on the Arios team. I wouldn't be surprised if I or anyone for that matter could find vulnerabilities and exploit them. Whether or not they use my shitty #498 server from years ago is irrelevant. But they use the client, and the cache I packed that was bundled with my shitty server. They have the audacity to deny it 100% and not bother even giving me even 0.0000001% credit.

    If something happens to their server, karma serves Vexia and Emperor well.

    Looooool, are you retarded? We used a 498 client and corrupt cache available for download on r-s, the source was made from scratch and you earned exactly 0.0% credits because you had nothing to do with development, why on earth would we use your shit 498 lmfao.

    OfflineAmbokile

    • Member
    • ****
    • Posts: 3,009
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #210 on: November 13, 2014, 09:50:40 AM »
    Is there no way to pack a stream class with the tool and simply make it latch onto the existing buffer? That way we wouldn't need to find out the individual method names

    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #211 on: November 13, 2014, 12:47:57 PM »
    I don't think you understand that all clients have different naming and analyzing manually each method is easier
    « Last Edit: November 13, 2014, 04:19:31 PM by sinisoul »

    Offlinesk8rdude461

    • MOPARSCAPE WAS HACKED
    • Member
    • ****
    • *
    • Posts: 12,471
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #212 on: November 13, 2014, 02:00:55 PM »
    Is there no way to pack a stream class with the tool and simply make it latch onto the existing buffer? That way we wouldn't need to find out the individual method names
    How would you manage that... Even if you did pack a stream class so you didn't have to get the names, how would you make the client use that stream class instead of the one it's already using. This way it's piggybacking off the already existing data...

    @Anyone: Any more exploits you can think of. I've honestly figured out some form of a patch for just about all these.

    OfflineAmbokile

    • Member
    • ****
    • Posts: 3,009
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #213 on: November 13, 2014, 02:43:55 PM »
    Ah yes... I forgot that the client must also send it's own data.

    OfflineVain_

    • Member
    • ****
    • Posts: 3,054
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #214 on: November 13, 2014, 09:01:51 PM »
    sweet jesus i can't seem to get my mac to run the agent/client.
    could anyone please help me out ?

    never messed around with .sh :L

    Offlinedoom_j

    • i like the company of men
    • Member
    • ****
    • *
    • Posts: 7,202
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #215 on: November 13, 2014, 09:30:40 PM »
    Anyone find any funny exploits lately?
    [12:18:14 21:04:45]<<Tom>>i dont care about your rights
    [12:18:14 21:04:49] <<Tom>> you have NO RIGHTS

    Offlinesk8rdude461

    • MOPARSCAPE WAS HACKED
    • Member
    • ****
    • *
    • Posts: 12,471
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #216 on: November 13, 2014, 09:47:33 PM »
    Anyone find any funny exploits lately?
    My most recent find was with shopping:
    Code: [Select]
    stream.p1isaac(117)// Packet
    stream.isp2(3900)// Interface/Frame
    stream.isp2(3511)// Item
    stream.ip2(1)// Slot
    So if you go into a shop and buy an item, you'd notice it prints out the packet as above (buy 1 item). On the average 317, however, they don't check if the slot you're buying from. Meaning if a server sold 500k runes in slot 0, but only 1 abyssal whip in slot 10, you could do:
    Code: [Select]
    stream.p1isaac(117)// Packet
    stream.isp2(3900)// Interface/Frame
    stream.isp2(4151)// Item
    stream.ip2(0)// Slot

    And you could buy 500k abyssal whips. Only downside: it doesn't cost the price of the item in the slot. So no whips for 1gp.

    Offlinedrubrkletern

    • Absolute Legend
    • Member
    • ****
    • Posts: 9,373
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #217 on: November 16, 2014, 03:50:37 AM »
    was p fun doing this
    Quote
    "Moparscape is the oldest Runescape private server community. We have been active since 2007.

    - Mitb, Founder"
    ez   infraction king

    Offlinehakam123.

    • Member
    • **
    • Posts: 50
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #218 on: September 24, 2015, 02:03:11 AM »
    How we can find the ? var clientModifier = new RuneTekFourClientTransformer("GameClient", "client", "org.silabsoft.runeagent.hook.GenericGameClient","ISAACRandomGen");

    The Client_Class_name

    and the ISAACRandomGen    name?

    help?

    Offlinesk8rdude461

    • MOPARSCAPE WAS HACKED
    • Member
    • ****
    • *
    • Posts: 12,471
    • Thanks: +0/-0
      • View Profile
    Re: Private Server Exploits
    « Reply #219 on: September 24, 2015, 02:39:31 AM »
    How we can find the ? var clientModifier = new RuneTekFourClientTransformer("GameClient", "client", "org.silabsoft.runeagent.hook.GenericGameClient","ISAACRandomGen");

    The Client_Class_name

    and the ISAACRandomGen    name?

    help?
    With how desperate you're being, I honestly cannot think that you're using this tool for it's "intended purposes". That being said..
    Silab and others have released tutorials on it.. You should take a look on her website.

    Here's a tip: The Client_Class_name is the name of the Clients main class..

    Don't know what a main class is? You may want to read up on java more, as that's one of your first things you learn.

     

    Copyright © 2017 MoparScape. All rights reserved.
    Powered by SMFPacks SEO Pro Mod |
    SimplePortal 2.3.5 © 2008-2012, SimplePortal