Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
You can't see the php code.
SO DON'T LIE PEOPLE!
I believe he was referring to this post:
I saw lrussell code it and it looks secure, but I don't know PHP so I am not sure. But I do know is that lrussell is a good coder and he never takes the easy way out.
In which case, Emalton was connected to me via TeamViewer.
Anyway... "back to testing".
I need to fix some things on the website to be sure no one can abuse anything. There's actually still quite of bit of work to do on the bot side of things.
Offline
Ok.
Everybody edits, but some edit more than others
Offline
Good luck with this
Last edited by anch159 (Aug 5 2013 6:39:08 pm)
Offline
@Lrussell I will finally get to use a bot withoutt download. I'm so excited! (Cause I'm not allowed to download anything )
Offline
[Motivation for Lrussell] C'mon you are doing fine! Let's go! The whole EE is waiting...
Offline
[Motivation for Lrussell] C'mon you are doing fine! Let's go! The whole EE is waiting...
I'm looking forward to trying out a bot that I don't have to download; wait, browsers are terrible, I'd prefer a download - meh. I'll make one if I need one.
Thank you eleizibeth ^
I stack my signatures rather than delete them so I don't lose them
Offline
So will there be a public alpha or private beta? Or both? Or the other way around?
Emalton wrote:[Motivation for Lrussell] C'mon you are doing fine! Let's go! The whole EE is waiting...
I'm looking forward to trying out a bot that I don't have to download; wait, browsers are terrible, I'd prefer a download - meh. I'll make one if I need one.
The premise of the bot is to configure settings online and connect, and all the controls are chat based. Communicating back and forth between bot and site is a pain.
So will there be a public alpha or private beta? Or both? Or the other way around?
I think I made the thread a bit premature. But there will be SOMETHING soon. It will be public once released, I got friends to do the testing.
Offline
The video is a little un-clear. What exactly can you do with it? Like what fields are there to fill in to make it... bot on DEMAND
Offline
The video is a little un-clear. What exactly can you do with it? Like what fields are there to fill in to make it... bot on DEMAND
You go to the site, you register, you fill in your information under "Manage" (such as who you want your bot admins, etc. to be auto-set, although you can still add them via chat command), then you can go to the connect page and fill out the information like a regular bot and click connect. Note that you don't need to go to Manage every time, the server saves the admins and whatnot, but not your EE login.
Offline
Nice bot you got there. Have fun letting people use it.
thanks zoey aaaaaaaaaaaand thanks latif for the avatar
Offline
Update! I've done some internal rewrites to make the code cleaner and more efficient. I'm hoping for a public alpha soon. Stay tuned!
lol, just release a bugged beta version so we can test out bugs and abuse the bot :3
lrussell wrote:Update! I've done some internal rewrites to make the code cleaner and more efficient. I'm hoping for a public alpha soon. Stay tuned!
lol, just release a bugged beta version so we can test out bugs and abuse the bot :3
Sure! If you only want 3 commands in the bot.
The internals are just insanity to deal with.
Offline
When will the bot come out?
Offline
When will the bot come out?
Yeah, how is it going? Any idea of release?
It's going rather well I suppose. I'm literally still trying to get all of the internals working correctly (such as if a bot crashes, get kicked, etc. it won't ghost and eat up ram uselessly). As well as tightening up some security and adding in some verification (such as when you register, it makes sure the username you input is actually YOU).
There is a lot of work to do still before I even get to any of the fun stuff.
But I have made some progress, here's an updated screenshot of the connect page, see anything different?
Last edited by lrussell (Aug 9 2013 7:13:38 pm)
Offline
Can you please show me the picture of the bot? Like the fields that you fill in. The youtube video is un-clear.
EDIT: Nevermind.
Last edited by anch159 (Aug 9 2013 7:40:39 pm)
Offline
>Watch on YouTube
>Full screen
>720p
>see what I do
You register, you login, you fill out the data you want to fill in under Manage, and connect!
It's really simple and straightforward. I'll make a new video right before release.
Offline
It's going rather well I suppose. I'm literally still trying to get all of the internals working correctly (such as if a bot crashes, get kicked, etc. it won't ghost and eat up ram uselessly). As well as tightening up some security and adding in some verification (such as when you register, it makes sure the username you input is actually YOU).
There is a lot of work to do still before I even get to any of the fun stuff.
But I have made some progress, here's an updated screenshot of the connect page, see anything different?
http://i.imgur.com/HdSFpI4.png
*Faints of despair as there is no AG support*
But really, the list of available levels is cool. Why didn't Krock think of that?
You can get the code for AG authentication here. Just on the side note, when you have that code you need to make
con = cl0.Multiplayer.JoinRoom(world-id, null); // Make sure the connection is with the AUTHENTICATIED CLIENT VARIABLE! con.Send("init"); con.Send("init2"); // Put in the message event handlers, etc...
this^^ entry after line 33 on the pastebin. You also need to update "auth115" to "auth(EE version here, atm it is 176)".
Last edited by NR2001 (Aug 10 2013 7:54:16 am)
Really? He never seems to take the easy way out when I'm with him.
Yes, really. Yesterday I found 4 exploits and injected code into his site.
I injected code into his world list, which could have gave me the possibility of stealing everybody's accounts.
He fixed it the first time, so I found another way to do it as well.
As well as exploited the name and eventually tricked lrussell into logging into my account that I had code injected into, I made it so that it loaded a javascript image hooked up to my server that gave me the session ID.
Once he had logged into his main account, I used a program to edit my headers and logged into his account without his password at all. This is effectively bypassing his authentication system which he had boasted about so very much.
Now, the thing is, the attacks that I used are attacks any script kiddy could do.
And all of it is because of taking the easy way out, and "coding the system at 4 AM half-asleep".
*u stinky*
Offline
Emalton wrote:Really? He never seems to take the easy way out when I'm with him.
Yes, really. Yesterday I found 4 exploits and injected code into his site.
I injected code into his world list, which could have gave me the possibility of stealing everybody's accounts.
He fixed it the first time, so I found another way to do it as well.As well as exploited the name and eventually tricked lrussell into logging into my account that I had code injected into, I made it so that it loaded a javascript image hooked up to my server that gave me the session ID.
Once he had logged into his main account, I used a program to edit my headers and logged into his account without his password at all. This is effectively bypassing his authentication system which he had boasted about so very much.
Now, the thing is, the attacks that I used are attacks any script kiddy could do.
And all of it is because of taking the easy way out, and "coding the system at 4 AM half-asleep".
Was I the only one who was expecting you to hack your way into the system? lol
Lrussel, don't create the next AG hack attack apocalypse that will hurt all. I bet someone somewhere is looking at this thread ready to pounce on it the second this is released.
Was I the only one who was expecting you to hack your way into the system? lol
Lrussel, don't create the next AG hack attack apocalypse that will hurt all. I bet someone somewhere is looking at this thread ready to pounce on it the second this is released.
That's why it's still being actively developed and penetration tested.
Security for something like this is a big concern for anyone who takes it seriously.
It hasn't been released yet for that very reason.
*u stinky*
Offline
lrussell wrote:It's going rather well I suppose. I'm literally still trying to get all of the internals working correctly (such as if a bot crashes, get kicked, etc. it won't ghost and eat up ram uselessly). As well as tightening up some security and adding in some verification (such as when you register, it makes sure the username you input is actually YOU).
There is a lot of work to do still before I even get to any of the fun stuff.
But I have made some progress, here's an updated screenshot of the connect page, see anything different?
http://i.imgur.com/HdSFpI4.png*Faints of despair as there is no AG support*
But really, the list of available levels is cool. Why didn't Krock think of that?
You can get the code for AG authentication here. Just on the side note, when you have that code you need to make
con = cl0.Multiplayer.JoinRoom(world-id, null); // Make sure the connection is with the AUTHENTICATIED CLIENT VARIABLE! con.Send("init"); con.Send("init2"); // Put in the message event handlers, etc...
this^^ entry after line 33 on the pastebin. You also need to update "auth115" to "auth(EE version here, atm it is 176)".
I already know Doh has the code and have a little function to automatically pull the EE version so I don't have to update the bot every week. I'll add it soon, possibly today once I get some of the error checks done. I may do a limited alpha rather than a full blown public release initially, and have a small group find any bugs or exploits so we don't have Armor-geddon all over again (douseewhatididdere).
Offline
[ Started around 1732281200.4308 - Generated in 0.106 seconds, 12 queries executed - Memory usage: 1.82 MiB (Peak: 2.08 MiB) ]