Tipping posts- also a stupid trick

[Use]

Three samples from one thread

Code:

http://www.gaiaonline.com/tipping/give?post_id=85321813_1&n=998111099.1364523876.757250196
http://www.gaiaonline.com/tipping/give?post_id=85321813_2&n=1289954699.1364523876.1182158091
http://www.gaiaonline.com/tipping/give?post_id=85321813_3&n=683251226.1364523876.1579870454

-------------------------------------------------

Three samples from another thread


http://www.gaiaonline.com/tipping/give?post_id=36828231_1&n=165075917.1364524013.261867015
http://www.gaiaonline.com/tipping/give?post_id=36828231_9&n=265989427.1364524013.88180486
this one is from a different page---
http://www.gaiaonline.com/tipping/give?post_id=36828231_16&n=1050888142.1364524056.459776189

now from the first three (A,B and C) I'll take away any um important info.
1&n=998111099.1364523876.757250196
2&n=1289954699.1364523876.1182158091
3&n=683251226.1364523876.1579870454
The first number is the post number in the thread, I'm not sure what each string of numbers after that is, though...
The middle blue string is always the same on each page, though it varies from different pages even in the same thread.

here are the 3 different samples of blue string I took
D)1364523876
E)1364524013
F)1364524056
the variation is marked with dark orange, the E and F strings are from the same thread but different pages so only the last two numbers changed.

That's all the useless info I found.
Anyways here's the stupid trick.
1. make a post with your desired account.
2. Go onto a mule and right click tip post with that account, copy the link location.
3. link people to what you just copied and when they click they will automatically donate 25 gold to you
doesn't work

[323]

The trick is a good idea o: Also, I can give you some more info on that number, haha.

683251226.1364523876.1579870454 = your session ID. It's randomly generated each time you visit a page, and I believe there's a GSI function you can use to fetch it o: Now, if we could figure out how they're GENERATED, that would be a whole nother thing.

EDIT: After some research, I believe the blue string could be a timestamp. It would make sense that the last digits change when changing pages, because the seconds and minutes may change.

EDIT2: I am correct about that assumption. Converting one of your blue strings into unix time produces this: "Fri, 29 Mar 2013 02:246 GMT" which would make sense, because you probably did this today, haha. Now to figure out how the other numbers are generated.

[Kitsune]

I have a function i can use in VB.NET to generate a timestamp but how would we convert it to the "blue" String?

EDIT: It could also have something to do with the page number? I say this because the nonce on that page doesn't change when re-visited correct?

[Tree]

The trick is a good idea o: Also, I can give you some more info on that number, haha.

683251226.1364523876.1579870454 = your session ID. It's randomly generated each time you visit a page, and I believe there's a GSI function you can use to fetch it o: Now, if we could figure out how they're GENERATED, that would be a whole nother thing.

EDIT: After some research, I believe the blue string could be a timestamp. It would make sense that the last digits change when changing pages, because the seconds and minutes may change.

That is not your session ID, that is a nonce, which is basically just from my short time of looking at it basically a randomly generated sequence based off the current time. It depends on the part of the site it's on really. And once a Nonce is used it normally can't be used again, so linking to others might work for the first person to click it, but I don't think it would work for anyone else after unless the check for nonce is just broke.
There is a GSI page and another page to generate Nonces but they don't apply to forums or elsewhere.

Cryptographic nonce - Wikipedia, the free encyclopedia

[323]

That is not your session ID, that is a nonce, which is basically just from my short time of looking at it basically a randomly generated sequence based off the current time. It depends on the part of the site it's on really. And once a Nonce is used it normally can't be used again, so linking to others might work for the first person to click it, but I don't think it would work for anyone else after unless the check for nonce is just broke.
There is a GSI page and another page to generate Nonces but they don't apply to forums or elsewhere.

Cryptographic nonce - Wikipedia, the free encyclopedia

Whoops, you're right.

Also, what the fucking fuck, I just found a second differently-formatted nonce. PM me for more info.

Also, you could probably just remove the "?nonce=" part of the URL and have it be automatically populated by Gaia, submitted by your session or something of that sort.

[Use]

Oh thanks for the info guys
So I guess I can't use that trick to steal peoples gold lol.
I was trying to find a way to change the amount of gold donated.

[323]

Oh thanks for the info guys
So I guess I can't use that trick to steal peoples gold lol.
I was trying to find a way to change the amount of gold donated.

Unfortunately not, all of that's probably handled server-side

I could try to make a tip-raper in HTML, but I'm not sure how well it would work o: You might get banned for botting because it wouldn't be very advanced.

[Artificial]

Also, you could probably just remove the "?nonce=" part of the URL and have it be automatically populated by Gaia, submitted by your session or something of that sort.

Er, no. Read up on what a nonce is used for.

[323]

Er, no. Read up on what a nonce is used for.

Well I know it's used as a one-time cryptographic handshake or whatnot, but most forms on Gaia have a hidden input field that's automatically populated with it.

[Kitsune]

@Above post, LOL
Yeah nonce must be submitted it's a part of the security an incorrect nonce will not receive action/grant/login/whatever.

[Artificial]

Well I know it's used as a one-time cryptographic handshake or whatnot, but most forms on Gaia have a hidden input field that's automatically populated with it.

That's the very point. Certain requests (i.e. new forum posts) check for both the existence and validity of that nonce field. You can't just ignore it.

[323]

That's the very point. Certain requests (i.e. new forum posts) check for both the existence and validity of that nonce field. You can't just ignore it.

Oh that's a good point, you would have to grab the nonce from the page that the form was on and THEN submit the form, it wouldn't be auto-populated on the page that you post the data to. I see what you mean now.

[Artificial]

Oh that's a good point, you would have to grab the nonce from the page that the form was on and THEN submit the form, it wouldn't be auto-populated on the page that you post the data to. I see what you mean now.

That is why it's there...

I released a snippet in to the programming team forum a while ago with an algorithm on how to generate those nonce fields, so you weren't required to first visit those intermediary pages. For the life of me though I can't find it. I'll have a look for it on various old HDs or see if anyone who used to be on the team may have saved it. From memory it was a combination of the server's current timestamp, your sid and salted with some random key they chose.

[Tree]

That is why it's there...

I released a snippet in to the programming team forum a while ago with an algorithm on how to generate those nonce fields, so you weren't required to first visit those intermediary pages. For the life of me though I can't find it. I'll have a look for it on various old HDs or see if anyone who used to be on the team may have saved it. From memory it was a combination of the server's current timestamp, your sid and salted with some random key they chose.

A lot of Gaia uses different variations on generating the nonce from my experience, like shops have their own which you can't use elsewhere, forums have own etc.

[323]

That is why it's there...

I released a snippet in to the programming team forum a while ago with an algorithm on how to generate those nonce fields, so you weren't required to first visit those intermediary pages. For the life of me though I can't find it. I'll have a look for it on various old HDs or see if anyone who used to be on the team may have saved it. From memory it was a combination of the server's current timestamp, your sid and salted with some random key they chose.

Oh wow, that's awesome. Well if you find it, feel free to throw it in the Underground, that sounds awesome. I used to have a rip of all of LG's private forums before (I think I got it off of Aleena or something) that included the programming forum, so if I can find that rip I'll see if it's in there.

[Artificial]

Is it in the same format? If so, I'm guessing all they'd change is the key. In either case, the particular snippet I released was tested on the forums, and I simply assumed it would work elsewhere.

[Tree]

Oh wow, that's awesome. Well if you find it, feel free to throw it in the Underground, that sounds awesome. I used to have a rip of all of LG's private forums before (I think I got it off of Aleena or something) that included the programming forum, so if I can find that rip I'll see if it's in there.

http://www.gaiaonline.com/api/v1/cashshop/generatenonce
http://www.gaiaonline.com/chat/gsi/?v=json&m=[[898,[]]]

Normally only work for stores etc, but there you go if any of you ever need something like that, or want to look into it. Haven't really tested where they do and don't work in all honesty.

[Artificial]

Oh wow, that's awesome. Well if you find it, feel free to throw it in the Underground, that sounds awesome. I used to have a rip of all of LG's private forums before (I think I got it off of Aleena or something) that included the programming forum, so if I can find that rip I'll see if it's in there.

I physically removed all sensitive threads from our server a while when they were threatening with legal action, and that would have been one of them. I backed them up somewhere though (though hid them well so if they ever did pursue anything, they'd be unlikely to find it). Now I just have to think where I'd hide my backups if I were super paranoid :p

Either way, if you have it, feel free to post it.

[Tree]

I physically removed all sensitive threads from our server a while when they were threatening with legal action, and that would have been one of them. I backed them up somewhere though (though hid them well so if they ever did pursue anything, they'd be unlikely to find it). Now I just have to think where I'd hide my backups if I were super paranoid :p

Either way, if you have it, feel free to post it.

They haven't tried to sue me in ages it feels like. Last time they tried was like 7 years ago?

[Use]

They haven't tried to sue me in ages it feels like. Last time they tried was like 7 years ago?

What do you mean tried to sue you?
just a threat?

[Tree]

What do you mean tried to sue you?
just a threat?

This was back when Doc, Lain, and me where XSSing Towns for sessions, stealing admin accounts and cracking passwords etc (I forget the exact details of it), but Lain from what I remember ended up getting a letter or threat from Gaia for something with his site, and tried the same with me. Never really went far, just seemed like a temper tantrum from Gaia.

[Artificial]

They never directly tried to sue us, it was just the same process of sending cease and desist letters, DMCA infringement notices, demands to remove content etc. Either way, we stopped checking our inbox a while ago, and if they really want to pursue legal action now, they're 100% welcome to. It'd be an incredibly expensive process for them and because of how we're structured, ultimately wouldn't be worth it

[-0- D i o r -0-]

They never directly tried to sue us, it was just the same process of sending cease and desist letters, DMCA infringement notices, demands to remove content etc. Either way, we stopped checking our inbox a while ago, and if they really want to pursue legal action now, they're 100% welcome to. It'd be an incredibly expensive process for them and because of how we're structured, ultimately wouldn't be worth it

Webhost in Russia?

[323]

Webhost in Russia?

Bulletproof hosting, like Cyberbunker! (But seriously, Cyberbunker is a good choice, they're defending their customers with a 300 GIGABIT DDOS ATTACK RIGHT NOW. Largest Cyber War in history. Link to an article on it, it's caused a 1-2 megabit per second slowdown on tons of internet backbones and shit apparently. Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps | Computerworld Blogs )

[Kitsune]

That cyberwar was on the news here this morning O_O

[Artificial]

I've been following that situation quite closely. It's fairly cloudy, and there's a bit of misinformation flying around. Either way though, I wouldn't want to associate with an organisation that actively protects those sort of clients. :p

[Kitsune]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

[Use]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

dang lol

this was my first try at finding something useful though

[Kitsune]

dang lol

this was my first try at finding something useful though

Nice try though, A for effort.
I miss gaia in the year 2003

[Use]

Nice try though, A for effort.
I miss gaia in the year 2003

because it was easier to hack? xD
or other reasons?

[Kitsune]

Indeed, sooooooo much easier to exploit back then.... the memories D:

[Use]

I had to make fake birthdates in 2003
>_>
<_<

[Kitsune]

One of the exploits i liked was with the Daily Chance, you could just change the number at the end of the link as many times as you wanted.

[Use]

One of the exploits i liked was with the Daily Chance, you could just change the number at the end of the link as many times as you wanted.

so you could get infinite items?

[323]

Just because this exploit doesn't work doesn't mean you should stop searching for more! :D find as many exploits as you can, we can make bots for them, and be the best Gaia hacking site again!

[ya bish]

Best recent exploit was the one "To Give To You This Gun" found.

[323]

Best recent exploit was the one "To Give To You This Gun" found.

Nah man, nowhere near. I would say either Tree's inventory viewer exploits, his gender changer, or one of the exploits we have in the UG.

[Tree]

Going back to original topic, when i try to do above method i get this:
General Error
Sorry. No Hax.

Similar thing happened to me when i tried to hack HoC lol

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

[323]

Gives you that error because of invalid nonce, or invalid parameters in the GET/POST

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

[Tree]

This.

You have to supply your own nonce if you want to use that, which would require programming I believe.

Hey wait, I just had an awesome idea!

What if you supplied a URL that directed to a website under your control, and that page uses Javascript or something to grab the nonce from your cookies or a Gaia page or something like that, using the person's session, and then can redirect them to a properly-formatted tip URL that has their nonce and everything so the tip works?

The nonce isn't store in your cookies, it is generated for each page. It is account independent, you can use the nonce from the generate nonce pages I linked to, and use that nonce on any other account in any store. So with tipping, each tip has it's own nonce generated by the server. A nonce is almost definitely never account dependent. All you would have to do if you really want to make a tip bot is just make a page scraper to get the nonce value for each tip or something, there is no need to complicate something as simple as a Nonce.
I think a lot of you are thinking waaaayyy too much into this nonce thing, when it's extremely simple.

• A nonce is not stored in your cookies, it has no reason to be.
• A nonce is generated on a per page basis, and often only works on a per section basis.
• A nonce is not your session it is just a randomly generated string, sometimes using keys, such as SID, time stamps etc to generate the nonce.
• A website cannot just grab cookies from any domain the user has been to, that would be an incredible security flaw. In order to do this, you would have to find an XSS which supplies the SID in the cookies, redirect to whatever script etc you want for cookie grabbing. However this is fairly useless in most scenarios, and as I said would have no bearing on a nonce.
• Why would you go so far as to wanting to cookie grab etc just to get people to tip your posts when it'd be a million times easier just to make a bot that uses the database my account gen makes, and have each account tip your post by scraping the HTML of the page for the nonce, and posting the tip?