[Semi-Release...thing] Small sqlite3 database of up to about 30mil user's inventories

[Tree]

This is pretty old, from about the time I found out about viewing inventories, and was used as a means to protect myself if the inventory viewer was ever patched. Unfortunately it was patched, and this sqlite3 database was replaced by a 4gb database with even more items stored. This one only contains users with items such as items worth 5mil+ from 04 and 03, with the user id under a user_id column and the item id under an item_id column in the inventory table. If you are smart enough to make use of this, you will have a pretty nice time grabbing accounts, but if you don't understand how to use this or can't think up a good way to get access to the accounts, too bad. I won't be helping answer questions on stealing any of the accounts in this database. If you want to view it's contents, either use SQL, write up your own parser, or use SQLite Browser.

[323]

Seems cool. Too bad the old hotmail trick doesn't work anymore, I would have grabbed so many of these accounts, haha.

Well, actually, the grabbing of the user's email is what doesn't work anymore. The hotmail trick still works, I think, because didn't you post a login that re-activates dormant accounts?

[Tree]

Seems cool. Too bad the old hotmail trick doesn't work anymore, I would have grabbed so many of these accounts, haha.

Well, actually, the grabbing of the user's email is what doesn't work anymore. The hotmail trick still works, I think, because didn't you post a login that re-activates dormant accounts?

Gaia patched it within a day of release as I was expecting, which is why I removed my Towns bot link for now until I can be assed to add an HTML login or find a new method.
On the note of finding emails, either find yourself an exploit, or make yourself a smart spider bot that is able to make accurate guesses as to what a users email COULD be, and scan sites that are commonly used for emails etc, then cross reference with GSI. Though, you gotta be pretty decent at threading and efficient with parsing webpages or xml to be able to do this at a fast enough speed. For reference, when I made my spider it took about .4 seconds to create a list of possible emails based off the username, check for users that exist through the livejournal API with all those usernames, if there is a email in the xml page it returns and it's not in list, it's added to list, and then it would check deviantArt, and other places as well as trying each username guess on most used email domains.

[Use]

wow that list is so big, the program freezes when loading the next page xD
I'm not sure what to make of it though, since it's just a list of account ID's with the different items on them...?
anyways, I'm going to see what I can do
thanks

[Tree]

wow that list is so big, the program freezes when loading the next page xD
I'm not sure what to make of it though, since it's just a list of account ID's with the different items on them...?
anyways, I'm going to see what I can do
thanks

Yeah basically, if it found an item_id in a scan it would add the user_id with item_id to the database. It went up to about 30mil user range. My new one is about 4gb in size, and goes up to about 15mil users but has a lot more items stored, except for worthless junk.

[Use]

Yeah basically, if it found an item_id in a scan it would add the user_id with item_id to the database. It went up to about 30mil user range. My new one is about 4gb in size, and goes up to about 15mil users but has a lot more items stored, except for worthless junk.

Oh awesome
I'm searching for emails right now, just through google though because I don't know how to do anything else myself lol

some nice accounts I'm seeing though, I've seen a few of them already because I used to search through really old threads on gaia to find inactive players to take from

[Tree]

Oh awesome
I'm searching for emails right now, just through google though because I don't know how to do anything else myself lol

some nice accounts I'm seeing though, I've seen a few of them already because I used to search through really old threads on gaia to find inactive players to take from

Yeah, in my opinion anything that stops people from trying to steal from active users is good.

[Artificial]

orgasm.txt

[Use]

was there ever an email exploit? to see emails of users

[Tree]

orgasm.txt

I assume that's from the old exploit to view user emails?

[Use]

woah testing some of those right now arti

[Tree]

woah testing some of those right now arti

They are only from range 20,000,000 to 20,001,000. Probably not much of value on them. On a side note Use, if you have to do it manually more than 3 times, you might as well make a bot for it if you plan to go through that whole list.

[Use]

They are only from range 20,000,000 to 20,001,000. Probably not much of value on them. On a side note Use, if you have to do it manually more than 3 times, you might as well make a bot for it if you plan to go through that whole list.

Yeah, but I could always use a mule for testing
I have no idea how to make any sort of bot, and no idea where to start either d;

Also I've head that "if you do it more than 3 times, make a program for it!" somewhere before haha

[Artificial]

I assume that's from the old exploit to view user emails?

Nah, it wasn't. Nice release btw.I personally couldn't take over someones account anymore, but I'm not going to sensor any information Maybe if anyone does try to take advantage of the release, check to make sure they're abandoned first? Taking over active account isn't going trk out well for anyone, heh.

[Tree]

Yeah, but I could always use a mule for testing
I have no idea how to make any sort of bot, and no idea where to start either d;

Also I've head that "if you do it more than 3 times, make a program for it!" somewhere before haha

It's a pretty common term, and it's not very hard to learn a programming language just for simple macroing or auto tasking. Just google up on examples, and look at those.

Nah, it wasn't. Nice release btw.I personally couldn't take over someones account anymore, but I'm not going to sensor any information Maybe if anyone does try to take advantage of the release, check to make sure they're abandoned first? Taking over active account isn't going trk out well for anyone, heh.

Yeah these days I don't really bother taking accounts anymore, it's insanely easy but not worth it. I don't get why people choose to steal from active users or use FLPs, it's just going to be a quick ban, and it's kind of mean to just go and steal something from someone who actively uses the account still. I don't really get why Gaia put that 6 month thing into action though, because all it did was force new users to become more targetable.

[323]

Lol I wish I was a programmer back when the email exploit was out. oh well.

Also, why the hell are you releasing so much stuff? Just so it will get patched? Release it in the UG so it doesn't just instantaneously get patched when you release it, there are ways of releasing sourcecodes without disclosing exploitation techniques and getting them patched

[Artificial]

Lol I wish I was a programmer back when the email exploit was out. oh well.Also, why the hell are you releasing so much stuff? Just so it will get patched? Release it in the UG so it doesn't just instantaneously get patched when you release it, there are ways of releasing sourcecodes without disclosing exploitation techniques and getting them patched

This is just old data he had lying around?

[Use]

Nah, it wasn't. Nice release btw.I personally couldn't take over someones account anymore, but I'm not going to sensor any information Maybe if anyone does try to take advantage of the release, check to make sure they're abandoned first? Taking over active account isn't going trk out well for anyone, heh.

I'm going to try, and I bet flareboy is as well lol

@tree'm gonna start googling then


edit; @flareboy; I wont get to see anything than

[Tree]

This is just old data he had lying around?

Plus I don't have access to UG, or really consider it worthwhile to post much of what I have there as the stuff I have been releasing is insanely easy. I wouldn't complain about stuff being patched either, it's fun to find new ways to do things.

[Butts]

Lol I wish I was a programmer back when the email exploit was out. oh well.

Also, why the hell are you releasing so much stuff? Just so it will get patched? Release it in the UG so it doesn't just instantaneously get patched when you release it, there are ways of releasing sourcecodes without disclosing exploitation techniques and getting them patched

i don't like people who don't believe everyone should have equal chances, what's the point in keeping something a secret like a tight butt?

[cruzz]

wait so you could use that to get into peoples accs?

[Tree]

wait so you could use that to get into peoples accs?

If you are smart enough to be able to make use of it, sure. I don't care what any of you really use this info for.

[SilkyNick]

I have a unique way of using this Thank you very much tree for posting this /fingercrossed I will let you guys know if it works

[Use]

How do you search for Item_ID?
It works in sqlite for the User_ID's but not the item's...

[Tree]

How do you search for Item_ID?
It works in sqlite for the User_ID's but not the item's...

should be SELECT item_id FROM inventory

[Use]

should be SELECT item_id FROM inventory

In execute SQL?
I'm executing that right now, don't know how long it will take though XD
so many users

[Artificial]

It should be well under a second unless the db is unnecessarily enormous.

[Use]

It should be well under a second unless the db is unnecessarily enormous.

It's still going d;
Have you tried?
it is ~30m users

[Tree]

It's still going d;
Have you tried?
it is ~30m users

Errr what exactly are you running this under?

EDIT:

Code:

import sqlite3
import time

start_time = time.time()

with sqlite3.connect('gaia') as conn:
    cur = conn.cursor()
    items = cur.execute('SELECT * FROM inventory WHERE item_id=1404').fetchall()
    print len(items)
    
print time.time() - start_time

is outputting

Code:

107
0.468999862671

So it takes me about 0.4 seconds to read the database.

[-0- D i o r -0-]

What does this actually do? Or have the potential to do?

[Use]

Errr what exactly are you running this under?

sqlite data base, the 'Execute SQL' tab
where am I supposed to do it xD

[Tree]

sqlite data base, the 'Execute SQL' tab
where am I supposed to do it xD

No, why would you search from there that's incredibly inefficient and crashes. Just make your own parser.

[Use]

No, why would you search from there that's incredibly inefficient and crashes. Just make your own parser.

Because I don't know how to do any of this lol

[Tree]

Because I don't know how to do any of this lol

Well you should probably learn how saying I posted a full on example above.

[Isonyx]

Because I don't know how to do any of this lol

I believe he presented you with some Python code.
Do you have Python installed on your system?
If so with a few modifications to his code you can have it print out whatever parameters you want.

[Use]

I believe he presented you with some Python code.
Do you have Python installed on your system?
If so with a few modifications to his code you can have it print out whatever parameters you want.

Oh,
I should learn more about python then.
Is there any specific thing? Or is it just general knowledge when you code with it?

[Tree]

Oh,
I should learn more about python then.
Is there any specific thing? Or is it just general knowledge when you code with it?

google, stack overflow, and the python documentation is about the only tools I ever had to learn it.