Saturday, 3 December 2011

How to sniff passwords from an online game
(For lan hack)

First of all: You're never going to be able to do man in the middle attacks or packet sniffing with winsock.
And to continue on that, you're probably not going to be able to do this in VB either.

To sniff passwords from an online game you basically have two options:
1. inject a .dll hook into the game itself. This will allow you to track all the games actions directly, but you MUST be on the same machine as where the game is running.
2. Packet sniffing. I'd advise against building this yourself for two reasons:
a: It's really, really complex stuff, and if you want to do it remotely, you'll have to write something to do ARP poisoning too.
b: There's so many applications that already do this, and do it very well, there's just no reason to write your own.

In all honesty, option two seems to be the better option in this case, simply because the tools you'll need exist. Look into tcpdump, Cain & Abel, Wireshark and SSLStrip if the game uses SSL for it's login.
There is a serious downside to this method though. When they send their login data encrypted, you're basically shit out of luck in most cases. Using a dll hook you might be able to catch the login data before it gets encrypted.

Or option 3: Install a keylogger and be done with it.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!

No comments:

Post a Comment