Page 1 of 1

Disconnect any user

Posted: 29 Dec 2018, 02:50
by playerone
First step is to get the account id from the user we want to disconnect. If the user is at the same map you can grab it from the cache recieved from CMSG_NAME_REQUEST (0x0094) packets.
In this example: "SUPERADM" account id = 200000
After I used a normal account (Asag) and login in normally, but rewrite something:
CMSG_XXX (0x00XX) and CMSG_XXX (0x00XX) packets with the new account id from "SUPERADM".

As you can see at the image, "Asag" logs in normally, but using the SUPERADM account id, and as result, SUPERADM is logged off!!
Image
It can block the user re-login if doing loop at the same account id, or even more critical doing a loop searching random accounts connected.
crazy... uh? :D

Re: Disconnect any user

Posted: 29 Dec 2018, 06:58
by 4144
cool you found some very old known tmwa bug. old tmwa devs already know it.
but better not disclosure exploits in tmwa, because very low chances what some one will fix them.

i edited previous post

Re: Disconnect any user

Posted: 29 Dec 2018, 07:01
by 4144
better try find something interesting in hercules and report it :)