Tipping posts- also a stupid trick

[Use]

Three samples from one thread

Code:

http://www.gaiaonline.com/tipping/give?post_id=85321813_1&n=998111099.1364523876.757250196
http://www.gaiaonline.com/tipping/give?post_id=85321813_2&n=1289954699.1364523876.1182158091
http://www.gaiaonline.com/tipping/give?post_id=85321813_3&n=683251226.1364523876.1579870454

-------------------------------------------------

Three samples from another thread


http://www.gaiaonline.com/tipping/give?post_id=36828231_1&n=165075917.1364524013.261867015
http://www.gaiaonline.com/tipping/give?post_id=36828231_9&n=265989427.1364524013.88180486
this one is from a different page---
http://www.gaiaonline.com/tipping/give?post_id=36828231_16&n=1050888142.1364524056.459776189

now from the first three (A,B and C) I'll take away any um important info.
1&n=998111099.1364523876.757250196
2&n=1289954699.1364523876.1182158091
3&n=683251226.1364523876.1579870454
The first number is the post number in the thread, I'm not sure what each string of numbers after that is, though...
The middle blue string is always the same on each page, though it varies from different pages even in the same thread.

here are the 3 different samples of blue string I took
D)1364523876
E)1364524013
F)1364524056
the variation is marked with dark orange, the E and F strings are from the same thread but different pages so only the last two numbers changed.

That's all the useless info I found.
Anyways here's the stupid trick.
1. make a post with your desired account.
2. Go onto a mule and right click tip post with that account, copy the link location.
3. link people to what you just copied and when they click they will automatically donate 25 gold to you
doesn't work

[323]

The trick is a good idea o: Also, I can give you some more info on that number, haha.

683251226.1364523876.1579870454 = your session ID. It's randomly generated each time you visit a page, and I believe there's a GSI function you can use to fetch it o: Now, if we could figure out how they're GENERATED, that would be a whole nother thing.

EDIT: After some research, I believe the blue string could be a timestamp. It would make sense that the last digits change when changing pages, because the seconds and minutes may change.

EDIT2: I am correct about that assumption. Converting one of your blue strings into unix time produces this: "Fri, 29 Mar 2013 02:246 GMT" which would make sense, because you probably did this today, haha. Now to figure out how the other numbers are generated.

[Tree]

The trick is a good idea o: Also, I can give you some more info on that number, haha.

683251226.1364523876.1579870454 = your session ID. It's randomly generated each time you visit a page, and I believe there's a GSI function you can use to fetch it o: Now, if we could figure out how they're GENERATED, that would be a whole nother thing.

EDIT: After some research, I believe the blue string could be a timestamp. It would make sense that the last digits change when changing pages, because the seconds and minutes may change.

That is not your session ID, that is a nonce, which is basically just from my short time of looking at it basically a randomly generated sequence based off the current time. It depends on the part of the site it's on really. And once a Nonce is used it normally can't be used again, so linking to others might work for the first person to click it, but I don't think it would work for anyone else after unless the check for nonce is just broke.
There is a GSI page and another page to generate Nonces but they don't apply to forums or elsewhere.

Cryptographic nonce - Wikipedia, the free encyclopedia

[323]

That is not your session ID, that is a nonce, which is basically just from my short time of looking at it basically a randomly generated sequence based off the current time. It depends on the part of the site it's on really. And once a Nonce is used it normally can't be used again, so linking to others might work for the first person to click it, but I don't think it would work for anyone else after unless the check for nonce is just broke.
There is a GSI page and another page to generate Nonces but they don't apply to forums or elsewhere.

Cryptographic nonce - Wikipedia, the free encyclopedia

Whoops, you're right.

Also, what the fucking fuck, I just found a second differently-formatted nonce. PM me for more info.

Also, you could probably just remove the "?nonce=" part of the URL and have it be automatically populated by Gaia, submitted by your session or something of that sort.

[Artificial]

Also, you could probably just remove the "?nonce=" part of the URL and have it be automatically populated by Gaia, submitted by your session or something of that sort.

Er, no. Read up on what a nonce is used for.

[323]

Er, no. Read up on what a nonce is used for.

Well I know it's used as a one-time cryptographic handshake or whatnot, but most forms on Gaia have a hidden input field that's automatically populated with it.

[Kitsune]

I have a function i can use in VB.NET to generate a timestamp but how would we convert it to the "blue" String?

EDIT: It could also have something to do with the page number? I say this because the nonce on that page doesn't change when re-visited correct?

[Use]

Oh thanks for the info guys
So I guess I can't use that trick to steal peoples gold lol.
I was trying to find a way to change the amount of gold donated.

[323]

Oh thanks for the info guys
So I guess I can't use that trick to steal peoples gold lol.
I was trying to find a way to change the amount of gold donated.

Unfortunately not, all of that's probably handled server-side

I could try to make a tip-raper in HTML, but I'm not sure how well it would work o: You might get banned for botting because it wouldn't be very advanced.

[Kitsune]

@Above post, LOL
Yeah nonce must be submitted it's a part of the security an incorrect nonce will not receive action/grant/login/whatever.

[Artificial]

Is it in the same format? If so, I'm guessing all they'd change is the key. In either case, the particular snippet I released was tested on the forums, and I simply assumed it would work elsewhere.

[Artificial]

They never directly tried to sue us, it was just the same process of sending cease and desist letters, DMCA infringement notices, demands to remove content etc. Either way, we stopped checking our inbox a while ago, and if they really want to pursue legal action now, they're 100% welcome to. It'd be an incredibly expensive process for them and because of how we're structured, ultimately wouldn't be worth it

[-0- D i o r -0-]

They never directly tried to sue us, it was just the same process of sending cease and desist letters, DMCA infringement notices, demands to remove content etc. Either way, we stopped checking our inbox a while ago, and if they really want to pursue legal action now, they're 100% welcome to. It'd be an incredibly expensive process for them and because of how we're structured, ultimately wouldn't be worth it

Webhost in Russia?

[323]

Webhost in Russia?

Bulletproof hosting, like Cyberbunker! (But seriously, Cyberbunker is a good choice, they're defending their customers with a 300 GIGABIT DDOS ATTACK RIGHT NOW. Largest Cyber War in history. Link to an article on it, it's caused a 1-2 megabit per second slowdown on tons of internet backbones and shit apparently. Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps | Computerworld Blogs )

[Kitsune]

That cyberwar was on the news here this morning O_O

[Artificial]

I've been following that situation quite closely. It's fairly cloudy, and there's a bit of misinformation flying around. Either way though, I wouldn't want to associate with an organisation that actively protects those sort of clients. :p

[Kitsune]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

[Use]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

dang lol

this was my first try at finding something useful though

[Kitsune]

dang lol

this was my first try at finding something useful though

Nice try though, A for effort.
I miss gaia in the year 2003

[Use]

Nice try though, A for effort.
I miss gaia in the year 2003

because it was easier to hack? xD
or other reasons?

[Tree]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

[323]

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

[Tree]

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

The nonce isn't store in your cookies, it is generated for each page. It is account independent, you can use the nonce from the generate nonce pages I linked to, and use that nonce on any other account in any store. So with tipping, each tip has it's own nonce generated by the server. A nonce is almost definitely never account dependent. All you would have to do if you really want to make a tip bot is just make a page scraper to get the nonce value for each tip or something, there is no need to complicate something as simple as a Nonce.
I think a lot of you are thinking waaaayyy too much into this nonce thing, when it's extremely simple.

• A nonce is not stored in your cookies, it has no reason to be.
• A nonce is generated on a per page basis, and often only works on a per section basis.
• A nonce is not your session it is just a randomly generated string, sometimes using keys, such as SID, time stamps etc to generate the nonce.
• A website cannot just grab cookies from any domain the user has been to, that would be an incredible security flaw. In order to do this, you would have to find an XSS which supplies the SID in the cookies, redirect to whatever script etc you want for cookie grabbing. However this is fairly useless in most scenarios, and as I said would have no bearing on a nonce.
• Why would you go so far as to wanting to cookie grab etc just to get people to tip your posts when it'd be a million times easier just to make a bot that uses the database my account gen makes, and have each account tip your post by scraping the HTML of the page for the nonce, and posting the tip?

[323]

-snip-

Oh okay, I see what you mean. Also, random question, any idea how to go to a store by it's store #? I got an error: "Wrong store [Store: -store#-|Item: -itemID-]"

so, for example:

Wrong Store: [Store: 1|Item: 52051]

Would be for store 1 (The barton boutique) and Item # 52051, teh Easter Event 2010 Chickey.

I tried putting &store= in the URL and stuff, but that didn't work either. Any idea how to access stores by store number?

Lol just a random question.

[Kitsune]

Indeed, sooooooo much easier to exploit back then.... the memories D:

[Use]

I had to make fake birthdates in 2003
>_>
<_<

[Kitsune]

One of the exploits i liked was with the Daily Chance, you could just change the number at the end of the link as many times as you wanted.

[Use]

One of the exploits i liked was with the Daily Chance, you could just change the number at the end of the link as many times as you wanted.

so you could get infinite items?

[323]

Just because this exploit doesn't work doesn't mean you should stop searching for more! :D find as many exploits as you can, we can make bots for them, and be the best Gaia hacking site again!

[ya bish]

Best recent exploit was the one "To Give To You This Gun" found.

[323]

Best recent exploit was the one "To Give To You This Gun" found.

Nah man, nowhere near. I would say either Tree's inventory viewer exploits, his gender changer, or one of the exploits we have in the UG.

[Use]

What do you mean by store numbers?
In the url all's I see are the strings of letters

[323]

You can't. If you look around on Gaia you'll find a JSON return which gives a list of stores with their keys, and IDs. I forgot if it's GSI or elsewhere, never had a use of it.

Never mind, I found out how to access stores via their number. It's a crappy method, though it's proven to have some cool results. Nothing useful though.

What do you mean by store numbers?
In the url all's I see are the strings of letters

Yeah, it was a hidden parameter I found. I got it all figured out though.

[Use]

Oh, do you know if the http://www. gaiaonline.com /gaia/shopping.php?key=hbjdcjkygqwygbqw
if the blue has anything to do with anything? or if it's just random?

[Tree]

Oh, do you know if the http://www. gaiaonline.com /gaia/shopping.php?key=hbjdcjkygqwygbqw
if the blue has anything to do with anything? or if it's just random?

The blue part is the store key, it never changes.

[323]

Oh, do you know if the http://www. gaiaonline.com /gaia/shopping.php?key=hbjdcjkygqwygbqw
if the blue has anything to do with anything? or if it's just random?

What tree said. I'm not sure how they GENERATE they keys, but somehow they get that random string of text haha. They never change though.