Disconnect any user

Ask for help regarding any technical issue or report any bug or OS independent issues.
Post Reply
playerone
Peon
Peon
Posts: 6
Joined: 25 Dec 2018, 01:06

Disconnect any user

Post by playerone » 29 Dec 2018, 03:50

First step is to get the account id from the user we want to disconnect. If the user is at the same map you can grab it from the cache recieved from CMSG_NAME_REQUEST (0x0094) packets.
In this example: "SUPERADM" account id = 200000
After I used a normal account (Asag) and login in normally, but rewrite something:
CMSG_XXX (0x00XX) and CMSG_XXX (0x00XX) packets with the new account id from "SUPERADM".

As you can see at the image, "Asag" logs in normally, but using the SUPERADM account id, and as result, SUPERADM is logged off!!
Image
It can block the user re-login if doing loop at the same account id, or even more critical doing a loop searching random accounts connected.
crazy... uh? :D
Last edited by playerone on 29 Dec 2018, 17:52, edited 1 time in total.
4144
Client Developer
Client Developer
Posts: 946
Joined: 03 Aug 2009, 12:57

Re: Disconnect any user

Post by 4144 » 29 Dec 2018, 07:58

cool you found some very old known tmwa bug. old tmwa devs already know it.
but better not disclosure exploits in tmwa, because very low chances what some one will fix them.

i edited previous post
4144
Client Developer
Client Developer
Posts: 946
Joined: 03 Aug 2009, 12:57

Re: Disconnect any user

Post by 4144 » 29 Dec 2018, 08:01

better try find something interesting in hercules and report it :)
Post Reply