WoW ScamsWorld of Warcraft Scamming Methods ONLY.
[NO QUESTIONS HERE] We do not condone scamming, this section is meant for people to read about scamming so they can prevent being scammed themselves.
Well, lately I've had a an idea, that in theory would never fail, I just can't exactly test it b/c I can't get one of the programs needed to be fully functional, but it works nonetheless. Here it is (note, I cannot be held responsible for anything you do)
Also, I coped a guide on how to set it up from hackforums.net, surprised no one else has bothered to. (some of the things I changed) By the end of this guide, you will have multiple order IDs with gold for your character!
What you need!!!
Netcat- [Only registered and activated users can see links. ]
Nmap- [Only registered and activated users can see links. ]
For Exploits- [Only registered and activated users can see links. ] (thing that can get in websties)
Alright, here's where I start to copy the guide on hackforums.
Step One.First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
I suggest choosing a gold selling site that is very popular, for this example, I will use mmoinn/thsale.(you can use w/e you want)
Then put that into target in Nmap. You would get something along this
Code:
Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-05 16:05 Eastern Daylight Time
Initiating Parallel DNS resolution of 1 host. at 16:05
Completed Parallel DNS resolution of 1 host. at 16:05, 0.13s elapsed
Initiating SYN Stealth Scan at 16:05
Scanning thsweb07.thsale.com (67.228.160.108) [1000 ports]
Discovered open port 80/tcp on 67.228.160.108
Completed SYN Stealth Scan at 16:05, 25.70s elapsed (1000 total ports)
Initiating Service scan at 16:05
Scanning 1 service on thsweb07.thsale.com (67.228.160.108)
Completed Service scan at 16:05, 6.17s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against thsweb07.thsale.com (67.228.160.108)
Retrying OS detection (try #2) against thsweb07.thsale.com (67.228.160.108)
Initiating Traceroute at 16:06
67.228.160.108: guessing hop distance at 13
Completed Traceroute at 16:06, 10.47s elapsed
Initiating Parallel DNS resolution of 19 hosts. at 16:06
Completed Parallel DNS resolution of 19 hosts. at 16:06, 8.09s elapsed
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 16:06
SCRIPT ENGINE DEBUG: showHTMLTitle.nse: Title got truncated!
Completed SCRIPT ENGINE at 16:06, 0.56s elapsed
Host thsweb07.thsale.com (67.228.160.108) appears to be up ... good.
Interesting ports on thsweb07.thsale.com (67.228.160.108):
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd
|_ HTML title: Buy WOW Gold, Warcraft Gold, World of Warcraft Gold, FFXI Gil,...
113/tcp closed auth
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|2000|XP (97%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (97%), Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows 2000 Server SP4 (91%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows XP Home SP1 (French) (89%)
No exact OS matches for host (test conditions non-ideal).
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: Randomized
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.00 192.168.1.1
2 16.00 96.175.116.1
3 ...
4 15.00 te-0-1-0-4-ar01.taylor.mi.michigan.comcast.net (68.87.190.141)
5 15.00 pos-0-7-0-0-cr01.cleveland.oh.ibone.comcast.net (68.86.85.49)
6 31.00 pos-0-8-0-0-cr01.chicago.il.ibone.comcast.net (68.86.85.50)
7 16.00 xe-9-3-0.edge1.Chicago2.Level3.net (4.71.248.21)
8 16.00 ae-32-54.ebr2.Chicago1.Level3.net (4.68.101.126)
9 32.00 ae-68.ebr3.Chicago1.Level3.net (4.69.134.58)
10 46.00 ae-3.ebr2.Denver1.Level3.net (4.69.132.61)
11 78.00 ae-1-100.ebr1.Denver1.Level3.net (4.69.132.37)
12 78.00 ae-2.ebr2.Dallas1.Level3.net (4.69.132.106)
13 78.00 ae-62-62.csw1.Dallas1.Level3.net (4.69.136.138)
14 62.00 ae-2-79.edge3.Dallas1.Level3.net (4.68.19.72)
15 109.00 te2-1.cer01.dal01.dallas-datacenter.com (4.71.198.18)
16 94.00 po1.dar02.dal01.dallas-datacenter.com (66.228.118.203)
17 78.00 po2.fcr04.dal01.dallas-datacenter.com (66.228.118.218)
18 62.00 208.43.13.254-static.reverse.softlayer.com (208.43.13.254)
19 63.00 thsweb07.thsale.com (67.228.160.108)
Read data files from: C:Program FilesNmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 62.828 seconds
Raw packets sent: 4212 (195.488KB) | Rcvd: 103 (5531B)
Ok So, next thing you need to do is download netcat
Then, type this is :P.
Code:
nc -vv www.thsale.com 80
Then, when something pops up, you may need to type
Code:
GET Test
Finally, we have most of what we need.
Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22).
Code:
SSH-2.0-OpenSSH_4.7
(that was just an example)
So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.
Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY ecample would be.
Code:
Apache
Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.
And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want. (What I suggest doing is editing the Order ID's to your character names and things along those lines, or just copyign the order IDs
The sky is the limit.
Don't get caught.
I am not responsible to whatever happens to you.
[Only registered and activated users can see links. ] is link to site that I got idea from.
Btw, in theory, this scam could never fail, I have only tested this once, but got 7k gold. I am almost certain this isn't a repost, if it is, flame away!
Actually it's for linux and windows, theres a windows version(which is what i'm using for this), would upload but it's somewhat broken, I will find a program similar to netcat, anyone know or one? or one that is similar.
Site n00b.. (A leecher if I've been here for more than a month and can't earn 5 rep)
Rep Power: 1
Reputation: 1
Posts: 20
Join Date: Apr 2008
08-05-2008
Sorry i dont understand the netcat part :S where do i need to type nc -vv [Only registered and activated users can see links. ] w.thsale.com 80?? thanks in regards...
To be honest i dont understand the whole netcat at all lol. nice guide anyway hope i can get it work + rep
Last edited by lolkekbye; 08-05-2008 at 07:07 PM..
Alright, until I figure out how to use this for wireshark or find a netcat for windows that works and is not from 98 this can only work for linux. some one pm me if you can help.
The only thing that guide explains is how to get scan ports and get the apache version, nothing more, nothing less... But yeh, its true that there are exploits in some apache versions.
Legendary Gold Scam
Legendary Gold Scam -
08-05-2008
