Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - WarMapper

Pages: [1] 2
1
Actually this is {Lance}'s home IP, the other one is a Work VPN im guessing because it also has 6112 listening

this is the first IP he used before he turned on his VPN and began the DoS attempt lol
70.192.8.151

His AKAs on war2.ru, just so everyone knows


{Lance} AKA LIST

smurfette
kyp_kahn
smurfette
backupname
rest.1988
deadlygames

2
Dude we don't need you to work are way around a database rofl. WTF you think we don't know how to filter our search results?? Really gtfo


Bullshit dude, nobody here has a tool that uses GeoIP location API to convert IP address to City, State, Country, then convert that to Long/Lat coordinates, then plot that on Google Map.

Doubt anyone here even thought of searching by matching password hash to find AKAs

3
He should use this war2 mapper thing to link up every account togheter of every player to let us know wich smurf is to who.

Now it's a smart project to counter loser without personality like winchester!

Thats the best part of the project, you can find all AKAs, the best way is using the person's password to find other accounts because even if they connect from a different IP, they usually use the same password for everything.

IP address is another way to track AKAs tho, and 3rd you can search by city - if theres not that many people in one city and you know someone is from there.

Despite being banned and having nothing to lose really, I still agree with Ryu that it exposes too much personal information about users, and I shouldnt show passwords and IP addresses on my site, even tho the security hole has been fixed, and iL already has the accounts in a temp-hold (great idea by the way)

However, if admins would get along with me (not likely) I thought it would be a great idea to use Password, IP, and City search AS AN ADMIN ONLY TOOL, tied directly to the REAL pvpgn database, then admins could find all AKAs of known abusers

but then again, who cares. Abusers could continue to find ways around it, like by not using the same password for multiple accounts, and using VPNs


The Map is cool tho, for example if I could make one for RU server, without any usernames/IPs or player info connected to it, just locations would be cool

4
74.217.51.193 is Lance's home IP lmao

5
The IP has 5060 running on it, evidence of a phone system, indicates to me this is not a VPN, probably a legitimate business.

I'm sure they would be interested to hear about Lance using their network to originate DoS attacks

6
hey just wanted to let everyone know,

not to worry, {Lance}'s DoS attempt has been stopped.

His IP here: 74.217.51.193

WarMapper and WarMiner back online

http://USA-Archer.com/

Nice try newb!

7
Server.War2.ru / Archer: Leaving the community
« on: June 16, 2015, 09:23:21 AM »
After having posts removed by lightbringer- in which I was working on a very important topic with tupac and xboi - How to fix passwords being reversible -

I have decided to leave. After I spend the time to try to help the community fix the password problem, and contributed important information that is now deleted, im not going to waste my time fighting with you idiots

iL refuses to make any decisions for his own server because he is SO "democratic", yet he lets dictators rule underneath him and do anything they want with no accountability. Weak.

You guys should have gave me my name back, and let me participate in the community, that way you could at least know what im up to and keep an eye on me, now I will continue to participate but anonymously and probably cause problems instead of contribute.

8
answer my questions u fucking retard


USA-Archer[.]com/faq.php

9
i just said i saw u post a thread, but i thought u deleted it. I added to your thread.

not trying to "steal" your COMPLETELY ORIGINAL idea of fixing server password hashing lol

delete this thread

10
Support Requests / Change PvPGN Encryption to something more secure
« on: June 15, 2015, 04:27:49 PM »
I saw tupac post a thread about this but looks like its gone now.

Here's what I was going to add

From this May 2002 interview with a BNETD developer, he described encryption as the most difficult task in making BNETD, he also admits the encryption is weak (by 2002's standards!)

I dont totally understand what he's saying, but I think he means the War2 Client itself is doing the hashing. If so we wouldnt be able to change it ever...

I'll have to look into it more. If the passwords could be made more secure, that would be good tho .. not a huge priority for a little circa 1995 game server, but other PvPGN servers could benefit from better password security, particularly servers with games like WC3 that require an email address at registration. With databases of emails and passwords leaking, can cause real problems for other PvPGN servers


"Probably the most daunting task was figuring out any part of the protocol that involved encryption. Thankfully, the server works without supporting any of those packet types. But that meant going without passwords on the player accounts. Not having passwords was OK for LAN parties and systems behind firewalls, but some people wanted to allow logins from the Internet. Once we implemented account profiles, it became even more important so that players couldn't destroy each other's ratings.

Thankfully, the hash size was the same as SHA1 and [we were] sent an example hashing function. The hashed password was sent in the plain to the server where it was stored for later logins. We figured out that the login hash used the session key and a random value (actually a timestamp), plus that hashed password, and then hashed it again.

The server performs the same operation and compares the results. It's not the greatest scheme (knowledge of single-hashed password is the same value as knowing the password), but it was good enough for a game server. There was some further complication because the hash is performed in an endian-dependent way and it doesn't use the standard initialization or padding."

11
Putting up a channel notice for people to change their passwords isn't a particularly useful course of action. For one thing, only people who registered on war2.me AND used the same password were at risk. For another, those people would have to actually log in and see the message for it to make a difference, and most of them probably haven't in the last couple weeks because the game is currently so inactive.



God forbid someone who's account wasn't comprised changes their password. Jeez, it takes 5 seconds, its not a big deal. Its healthy to change your password every so often anyways.

@warmapper,  what is the point in some dumb program to check if your account was compromised when in the same time you could have changed your password lol.


Unfortunately, I cannot defend my program against this argument. It is faster to just change your password then check to see if you need to change it lol!

But the map, and finding people's aka's is still fun to play with

12
Server.War2.ru / Lightbringer- is squelching my posts
« on: June 15, 2015, 03:07:37 PM »
Just so everyone knows, Lightbringer- is deleting all my posts whenever I post something he deletes it

13
Putting up a channel notice for people to change their passwords isn't a particularly useful course of action. For one thing, only people who registered on war2.me AND used the same password were at risk. For another, those people would have to actually log in and see the message for it to make a difference, and most of them probably haven't in the last couple weeks because the game is currently so inactive.

If you truly want to benefit the community Archer, take down your stupid, privacy-invading website, which is just another attention-getting stunt on your part. It serves no functional purpose -- now that iL is back I'm sending him war2.me's database, which he'll cross reference with ru's to find the remaining affected accounts (if any), the passwords will be changed, and that will be the end of it. You (or, the alleged "anonymous programmer(s)", if you prefer) will have no further access, influence or leverage of any kind, and your brief stint in the limelight will be over. Time to move on.


Please, mouse, dont be stupid, lets walk thru your "plan" logically real quick.

1. Your going to cross reference war2.me to war2.ru databases to see which accounts match, and have the same password. Easy enough to do, but pointless ... keep reading to see why
2. Then your going to LOCK ALL THOSE ACCOUNTS, which will scare off the players, and create a HUGE administrative burden (were talking about ~2,900 accounts that could potentially be locked)
3. Once ~2,900 accounts have been locked, those players will begin flooding in with UNLOCK Support Requests (more admin burden)

Then once people request to be unlocked, you literally HAVE NO WAY TO VERIFY THEIR TRUE IDENTITY

So anyone can post a request "I'm so-and-so and need my account unlocked. I've never made a forum account before, and you know nothing about me. Can I have my password now?"

Yeah, let me know how that works for you..


Instead, I say don't lock any accounts, encourage everyone to change their password ON THEIR OWN (relieving admin burden by HUGE amount), and only have to handle a limited # of support requests for hacked users.

Use my site to have people check if their account was leaked [Duh, functional purpose]

99% of players are going to have the same password on war2.me as they do on war2.ru, the only ones who are smart enough not to are admins because they didnt trust you with having their password and theyre smart enough to know its easily decrypted.



14
thanks blid seems to understand.

They can just search USA-Archer[dot]com to find out if their account was leaked or not rather than guessing lol but okay sure ... didnt expect u would include my site in the annoucement but it is the point of the site...

A crosscheck would be easy, I can give the DB to iL if he wants and he can match it against RU to make a list of accounts that need to change passwords, but theres no point, you cant go locking everyones accounts that just scares people away and creates a huge administrative burden


iL is mad at me, I understand, but its other people that are jacking accounts, I hacked mousE server with permission 2months ago but now the database was stolen from my PC and now is being passed around.

Thats why i made WarMapper/WarMiner so everyone will hopefully update their passwords and then no more accounts can be jacked


If I wanted to use it for evil, why would I be helping, trynig to encourage the community to change their passwords before they get hacked! I wouldnt duh.  I could have gone around smurfing everyone for a long time but im not going to, Im trying to help ppl get passwords changed. I just want my own account back

Im not even making any threats. I was hoping spending the time to make this tool would maybe make people like me so I can go back to playing Warcraft 2 with the name that Ive had since 2002

You have completely ignored all questions directed to you in this thread in order to reasonably defend yourself.  I want to know: who were you working with and who gave you the EXE files?  This should be a simple answer and you should know very well who did it. 

I think you screwed up big time, you realized there were going to be consequences to your actions, and now you're desperately trying to be welcomed back into the community.  No matter how much you try, you will never convince me unless you can offer a logical explanation for what happened.

See #5
USA-Archer[.]com/faq.php


15
thanks blid seems to understand.

They can just search USA-Archer[dot]com to find out if their account was leaked or not rather than guessing lol but okay sure ... didnt expect u would include my site in the annoucement but it is the point of the site...

A crosscheck would be easy, I can give the DB to iL if he wants and he can match it against RU to make a list of accounts that need to change passwords, but theres no point, you cant go locking everyones accounts that just scares people away and creates a huge administrative burden


iL is mad at me, I understand, but its other people that are jacking accounts, I hacked mousE server with permission 2months ago but now the database was stolen from my PC and now is being passed around.

Thats why i made WarMapper/WarMiner so everyone will hopefully update their passwords and then no more accounts can be jacked


If I wanted to use it for evil, why would I be helping, trynig to encourage the community to change their passwords before they get hacked! I wouldnt duh.  I could have gone around smurfing everyone for a long time but im not going to, Im trying to help ppl get passwords changed. I just want my own account back

Im not even making any threats. I was hoping spending the time to make this tool would maybe make people like me so I can go back to playing Warcraft 2 with the name that Ive had since 2002

Pages: [1] 2