Got bored.
Made my own little server bot in VB (yes i know it sucks) n lua
What it Does:
Pretty much
My lua serverbot takes in the commands !Set, !Mode and !Rndm.
The VB serverbot sends messages to confirm this. Also the VB serverbot does stuff like responds to "Hi" and then if somone says "ServerBot", he will repeat the string, and put the person who said its name instead.
Example:
Made my own little server bot in VB (yes i know it sucks) n lua
What it Does:Pretty much
My lua serverbot takes in the commands !Set, !Mode and !Rndm.
The VB serverbot sends messages to confirm this. Also the VB serverbot does stuff like responds to "Hi" and then if somone says "ServerBot", he will repeat the string, and put the person who said its name instead.
Example:
[Legacy]Blam: ServerBot is sexy.
[TelNet]ServerBot: Blam is sexy.
Last edited by Blam; Mar 25, 2008 at 09:22 PM.
:D
I was there
We had a lot of fun with Serverbot.
ServerBot: We had a lot of fun with [FSN]LineTori
Oh damn....
Its a really nice device you made =D
We had a lot of fun with Serverbot.
ServerBot: We had a lot of fun with [FSN]LineTori
Oh damn....
Its a really nice device you made =D
[o]|ORMO|Replay thread!
Last edited by Chartle; Tomorrow at 13:37 AM..
Originally Posted by Blam
Got bored.
Made my own little server bot in VB (yes i know it sucks) n lua
Pretty much
My lua serverbot takes in the commands !Set, !Mode and !Rndm.
The VB serverbot sends messages to confirm this. Also the VB serverbot does stuff like responds to "Hi" and then if somone says "ServerBot", he will repeat the string, and put the person who said its name instead.
Example:
OMG, VISTA
I would like to see something like voteban or votekick. The idea of vote to change mods is cool to, but the bot should also be able to change the servername and the entering-message then (!!!).
I gets a brother in every server
.
Hmm, okay first off Jok, let me explain something, the password encryption... well more
of password hashing, is MD5. When i was packetlogging my toribash client, i noticed that
it sends the command:
coding php, and working with md5, and i knew the first 10 characters of the hash, and
instantly recognised them when the packet was sent. So thats how i know it was MD5
Now, as far as security goes for that, it's just as safe as a website login system with php.
There are some vulnerbilities, but if you've ever studied hacking like
i have you'll know that there are maybe.. 2 things that "Could" jepordize someone elses account
or whatever. But, the same thing can be said with websites. These 2 things i am speaking of,
are Dictionary attack and brute force attacks. Now, there are things that can be done to prevent
these, such as limiting the number of logins per half hour (i know alot of Bulletin boards have
this feature). Whether the toriserver has that... im not sure, but would be a good feature to have.
But your average joe isn't going to know this sort of thing anyways so it's not that big of threat
unless some wanker decides to ruin the game for others and starts trying to actually do things like
that.
Oh i forgot to add, even if someone manages to get the hash somehow(without directly doing a dict.
attack or brute force) they would have do actually BF/Dict. the hash which can take DAYS or longer
depending on what method you use.. Or theres rainbow tables, but i believe that could only be used
if you obtained the hash. Ahm, yeah and you're wrong, you say
This is not true, the hash part i already said, but a sniffer cannot find this. Know why? The client is sending the packet to the server, and the server only. For a sniffer to be effective, you'd have to be on the same network as the person logging in. And even then, you'd have to do an MITM (Man in the middle) attack on their pc. So it's not as great of threat as you make it out to be.
So, anyways just so you know it DOES work, as i've been testing my bot on some servers and it logs
in just fine and its able to send joint movements just fine.
@Blam - Yes the joint sending is simple enough, i think i've figured the sequence out, thanks to
a thread i had a peek at in this forum.
@Jok(again) - I never asked for actual money, i asked for toricredits... and i said No more than
15k credits for a 1 year license, i havent decided how much to charge.. i may say 4000 for a 6
month or 7500 for a 1 year.. anyways thats the least of my worries at the moment.. Well, the reason
i want to charge, is to ensure i dont have JUST ANYONE getting a hold of the program, no one but
server owners really NEED this anyway. Actually, if the person who wants the bot, can prove to me
that they actually have a server, and have admin access, i may just give it out to them without them
giving me toricredits. However, i would still hardware lock it to their pc. (Sorry i can be a bit
security paranoid :P )
Now i could add security to the program, but i dont feel it is needed for the lua scripting if i give
it to serious owners. As i said. But i may change my mind on this yet.
As far as the telnet session goes, i'll try again later but when i was logging the toriclient i didn't
get the data i was looking for which was POS, ANGVEL, etc.. But i did get JOINT and GRIP, also i wasnt
parsing it, i was packet logging it with Wireshark AND Winsock Packet Editor(WPE).
However, if you say you get this data from telnet i'll check it out later.
But i may change my mind on some things. But anywho i'm going to work on this a bit, and stuff.
Possibly add an anti-spam system, (For the bot as well so it cant spam from console or anything.)
So i gotta be off for now i think i covered everything.. I had to type this fast cuz i only had 10 mins or so to be online. (Dialup during the week sucks :P)
I typed this at school earlier, but i didnt have enough time to finish so i said screw it and didnt save my msg.. anyways that doesnt matter. I'll check back for replies later.
of password hashing, is MD5. When i was packetlogging my toribash client, i noticed that
it sends the command:
mlogin <user> <passhash>coding php, and working with md5, and i knew the first 10 characters of the hash, and
instantly recognised them when the packet was sent. So thats how i know it was MD5
Now, as far as security goes for that, it's just as safe as a website login system with php.
There are some vulnerbilities, but if you've ever studied hacking like
i have you'll know that there are maybe.. 2 things that "Could" jepordize someone elses account
or whatever. But, the same thing can be said with websites. These 2 things i am speaking of,
are Dictionary attack and brute force attacks. Now, there are things that can be done to prevent
these, such as limiting the number of logins per half hour (i know alot of Bulletin boards have
this feature). Whether the toriserver has that... im not sure, but would be a good feature to have.
But your average joe isn't going to know this sort of thing anyways so it's not that big of threat
unless some wanker decides to ruin the game for others and starts trying to actually do things like
that.
Oh i forgot to add, even if someone manages to get the hash somehow(without directly doing a dict.
attack or brute force) they would have do actually BF/Dict. the hash which can take DAYS or longer
depending on what method you use.. Or theres rainbow tables, but i believe that could only be used
if you obtained the hash. Ahm, yeah and you're wrong, you say
If it doesn't encrypt the password, a simple sniffer can find the password easily. And seeing as how they're linked to forum accounts, that makes it an even bigger problem.
This is not true, the hash part i already said, but a sniffer cannot find this. Know why? The client is sending the packet to the server, and the server only. For a sniffer to be effective, you'd have to be on the same network as the person logging in. And even then, you'd have to do an MITM (Man in the middle) attack on their pc. So it's not as great of threat as you make it out to be.
So, anyways just so you know it DOES work, as i've been testing my bot on some servers and it logs
in just fine and its able to send joint movements just fine.
@Blam - Yes the joint sending is simple enough, i think i've figured the sequence out, thanks to
a thread i had a peek at in this forum.
@Jok(again) - I never asked for actual money, i asked for toricredits... and i said No more than
15k credits for a 1 year license, i havent decided how much to charge.. i may say 4000 for a 6
month or 7500 for a 1 year.. anyways thats the least of my worries at the moment.. Well, the reason
i want to charge, is to ensure i dont have JUST ANYONE getting a hold of the program, no one but
server owners really NEED this anyway. Actually, if the person who wants the bot, can prove to me
that they actually have a server, and have admin access, i may just give it out to them without them
giving me toricredits. However, i would still hardware lock it to their pc. (Sorry i can be a bit
security paranoid :P )
Now i could add security to the program, but i dont feel it is needed for the lua scripting if i give
it to serious owners. As i said. But i may change my mind on this yet.
As far as the telnet session goes, i'll try again later but when i was logging the toriclient i didn't
get the data i was looking for which was POS, ANGVEL, etc.. But i did get JOINT and GRIP, also i wasnt
parsing it, i was packet logging it with Wireshark AND Winsock Packet Editor(WPE).
However, if you say you get this data from telnet i'll check it out later.
But i may change my mind on some things. But anywho i'm going to work on this a bit, and stuff.
Possibly add an anti-spam system, (For the bot as well so it cant spam from console or anything.)
So i gotta be off for now i think i covered everything.. I had to type this fast cuz i only had 10 mins or so to be online. (Dialup during the week sucks :P)
I typed this at school earlier, but i didnt have enough time to finish so i said screw it and didnt save my msg.. anyways that doesnt matter. I'll check back for replies later.
