The Hacker Project - a free online game

Hacker Project Café => Whatever => Topic started by: norill on January 09, 2012, 11:20:40 AM



Title: servers id
Post by: norill on January 09, 2012, 11:20:40 AM
i discovered that you could find out unique id of each server on ip db page. with this i could assign each server to his owner by scanning it only once, even if it changed ip. it didnt allow to get someone's ip right after he changed ip as jager said (at least w/o real hacking) - it is ip dealer's fault. its also useful for finding out which secret servers do you have in you db, and which are missing. and thats was the main use of it for me, i cant really remember using it against other players, so i didnt reported it as an exploit. after all there were exploits like baron injects in hp history that gave massive advantage and no one reported them too, so why would i report my exploit, if im not abusing it to gain advantage? things changed when others started to use it, but it quickly become public knowledge and was fixed after that.


Title: Re: servers id
Post by: Exousia on January 09, 2012, 03:40:43 PM
I believe that SGP policy was to report a bug/exploit immediately and if Emi didn't respond within 24 hours, it was considered fair game until it was corrected. Perhaps LMAO (and other groups) could and should adopt a similar policy, even if it doesn't seem like an actual cheat or isn't used as one, as clearly this one could and did lead to actual hacking. It's hard to tell how far some people will take any particular weakness in the code, even if it just makes things more convenient for one player, another may know how and be willing to use it for more nefarious purposes.

Just my two cents.


Title: Re: servers id
Post by: norill on January 09, 2012, 04:13:15 PM
even if it doesn't seem like an actual cheat or isn't used as one, as clearly this one could and did lead to actual hacking. It's hard to tell how far some people will take any particular weakness in the code,
it wasnt the thing allowing bugshunter to hack hp, it was some unprotected text field, but im not 100% sure, you should ask emi


Title: Re: servers id
Post by: Exousia on January 09, 2012, 04:54:48 PM
Well, bugs was doing something else, but it was along similar lines, yes, but I was just trying to make the point that even a seemingly minor exploit or shortcut might be twisted so we should be reporting everything. There were a lot of things Emi just shrugged at and said, "go for it" and others he wanted to fix so we avoided using them and disseminating the information.