Yahoo chat site

Printable View

August 13th, 2002, 11:15 AM
xamurai79

Yahoo chat site

I was on this yahoo chat site about hacking and for some reason they kicked me off the site I am curious how they did that and how to prevent that
August 13th, 2002, 11:21 AM
10dedfish

What question did you ask?
August 13th, 2002, 12:57 PM
xamurai79

typical...
August 13th, 2002, 01:39 PM
10dedfish

Typical what?
DId you ask "hey how do i hack {insert client here} or did you have an intelligent question that they refusd to answer.
by the tone of this one i would guess the former.
August 13th, 2002, 01:45 PM
xamurai79

No the question is do these guys (the so called hackers) use some program to manipulate the Java chat clients and if so how do they do this? I am a webdesigner and I want to know how I can prevent this on my clients websites

Thanks in advance
August 13th, 2002, 03:38 PM
allenb1963

xamurai79, if you phrased your question in chat the way you initially did here, thats probably why they kicked you out. We're all here to learn, but if you're going to ask a question be as specific as possible. While I cannot answer your question, I would suggest that you browse the tutorials forum or use the search feature with JAVA as a keyword. I know thats not the answer you wanted to see, but hopefully I've gotten you started in the right direction. If you are truely looking for security information, you've come to the right place. Good luck!
August 13th, 2002, 03:47 PM
xamurai79

Thanks Al, today was my first day to post anything...

______________________
XaMi©

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. Albert Einstein
August 13th, 2002, 04:24 PM
allenb1963

In that case....welcome to AntiOnline! If you want to learn security, you came to the right place!
August 13th, 2002, 05:36 PM
alittlebitnumb

xamurai79, I used to frequent the Yahoo! Hacker Lounge, and people would ask the same exact question as you (well other than your usual gambit of "How do I hack {insert free mail service here}?"). I took the liberty of looking these up. Over the years, there have been holes and exploits they would use to kick people out like flooding the screen with extended ASCII symbols and would therefore crash the client, send a PM with characters as said above, use bots (some yahoo hack clients did that), and many other tricks. However, since I have not been there in almost a year and a half, I have no idea what tricks they are using.

I am sure they have sploits for the new Yahoo Messenger Chat client. As we all know more features=more holes to be discovered especially if files can be sent, font/font sizes can be changed, or arbitrary code can be executed in some way. My best advice for you is to make sure you NEVER accept any invitations, PM's, files from people you do not know, keep using that handy "ignore" feature, change passwords (and keep GOOD passwords) to avoid crackers going into your Yahoo! Mail if you use it, and do not give any personal info about yourself no matter how much of a buddy they say they are.

Good Luck!
August 13th, 2002, 06:15 PM
phuckintwizted

well since you just got flamed straight to hell. im gonna give you a descent answer. you simply got booted by a prog (known as booters) the progs are quite easy to make in visual basic they can have a lot of skiddie and pretty lame options like boots and scrollers and laggers they can add my name to your yahoo friends list fulling it to max. can make your IE go nuts by shutting it down or by making it dl just about any of your own files to your desktop. there are java boot codes for the java chat sites too that can pretty much do the same. these are really easy progs to makee if you understand winsock programming in vb . a few sites that are big on this are www.eliteprodigy.com ( coldfyr3 even made his own yahoo chat client) and www.yahpro.org boots and protection can be found at both sites stay alive pro is also great protection as it stops your apps from crashing such as messenger while your getting booted . the boot codes change constantly as yahoo tries to keep up with patching the exploits being used there are literaly thousands of yahoo progs for booting or for crackin id's if you got any questions on this subject you can pm me here or on the same id on yahoo as i have made used and understand how these progs work....
August 13th, 2002, 11:27 PM
jethro

Kicked off a Yahoo! chat room. Dude, that's "where the 1337 mean". j00'll never make it as a true h4x0r, if you don't cosy up with the Yahoo! crowd...
August 13th, 2002, 11:51 PM
Palemoon

Ok some of the old tricks in Java and chat clients and most sites that use the technology for chat do a couple things when you connect. One thing is to re-map your kepboard, and one of the most common boot out of the room is to kill the app if a user hits the backspace key. Easy way to test this is to log into the room and say nothing but hit the backspace key, if you loose the room then you know the magic. Yahoo has used this for a long time in their chat rooms one of the few tools if it has a moderator can use.
August 14th, 2002, 03:45 AM
Suspect

I think they can only crash your yahoo messenger but if you logged on java browser or use chat 2.0 (www.yahoo.com)then you
won't get booted.
August 14th, 2002, 07:21 AM
imaginedsanity

alright so far the replies on this topic have been rather vague, so I'll try and shed a little bit more light upon this subject. There are two basic attacks that I am aware of with the present day messenger.

The first attack is a basic buffer overflow. When someone says "boot code" this is what they're talking about. It's a string of characters sent to you to overrun the buffer and shut down the messenger. As yahoo has "progressed", the overflows that work have changed. the newest one I've seen has to do with sending a string of "www"s and "org"s in the pm box or chat window, which creates the basic effect, and you're knocked out of yahoo. All of these attacks are done through an automated program, which was said ealier.

The second one is called "bombing". This one involves sending a shitload of pms or cam invites, or anything else that sends a window to you. It creates the same basic effect as a DoS attack, slowing down your connection until yahoo eventually is forced to error. This is also done by a program, and the program involves it's own set of protocols to allow it to send these messages.

At one point there was also a couple of programs produced that would actually log a person out of their account on yahelite, cheetah, and java, but these programs were patched within a week.

These are the basic developments involved in "booting" that I have encountered. They are for the most part very simple, and used mostly by script kiddies so as to exploit helpless users into submitting to them.

Oh and one more thing. I wouldn't bother with the "hacker lounge" in yahoo. Most of those idiots haven't got a clue.