Silkroad Online Forums

SQL Injects, Packet Sniffing, ethereal, network cards and h4x0rs oh my!

I have a friend of mine who is a security consultant for a large consulting firm. He and I are going to dick with Silkroad this weekend [will take pictures/screenshots] and put to rest once and for all whether or not people can actually get herpes, aids and lose their login information through exchanging/partying/stalls/etc.

Hopefully us adults can figger this out

P.S

Just for giggles, I'll let it slip that I find it to be asinine and ridiculous that login credentials are leaked during transactions.

Why is it then that 2 guys shouted wts lvl 16 sos bow. I asked price, it was 1m. I said i buy. I exchange him and then put the 1m and he puts the bow in. Then nothing happens. He waits. Then i just close the exchange and he logs out.
This has happened 2 times to me in 2 days. Once with the bow and then with a lvl 32 sos sword for 2m.
Maybe its hacks or everybody who sell sos items cheap are lagging after they have pressed confirm.

I am actually attempting to put an end once and for all to threads about "OMG SQL inject h4x0rd meh!11~" threads. Sorry if that wasn't totally clear.

Agreed, and once someone puts a rest to it and definitively says/proves "This is not so" then it will get better IMHO. Though there will be those negative Nancy's who read DDOS kiddie books who think everything is possible with a Gibson

this whole thing sounds like a bunch of script kiddies

i could be wrong, but i guess we will find out sooner or later.

Sup pzykotic. Hmmm... wonder if it's real or not. Well, we'll find out soon enough!

48 pages (500+ logins/passes) of people between lvl1-45 and promises of three times as many between lvl46-70 by a group of Polish people...

I think the Pols have you clowns owned.

at leasts they dont just do straight account wiping like they did in Gunz.. i lost my Assault Rifle, Katana, and my Bazooka.

Edit omg i just logged in and like i got in on my first time during the busy hour. you guys think pplz are like afraid to play with this new hack thing going around?

Where's this, then?

A link that we are not allowed to post. Just ignore the site / people behind it. Even if I could do that, I wouldn't post them like that.

Out of 48 pages of logins only 1 was 36 the rest 1 to 29, 85% of them were level 1. You know what that means? It means they set up a site with a keylogger. Even then you had to be dumb enough to download it.

The amount of level ones means people where nervous about getting a keylogger so they used this program on a new account. The clowns that got owned where the dumb ones that downloaded the keylogger. If he releases a list of 46 to 70 instead of 48 pages you'll probably see 2. Alot of people that are that high won't entrust a foreign program on their computer until its validated.

IMO it was a funny prank, you cheat you pay the price. In other words karma will come back and bite you in the ass.

I came back to SRO two weeks ago and yesterday i have found one of my accounts on that site. Yes, I have botted with the char on that account like 6 weeks ago, he's lvl 11, the six hours of free botting took it that far. I used only programs validated by the botter community and I'm quite sure that I didn't download any keylogger. Then I quit SRO for six weeks, haven't even touched that char and now the id and password is on that site. My main account, the one I didn't bot with, is untouched, he has millions worth of SOS and guild storage access.

I'm sure it's not just a lame keylogger and some noobie accounts. IMO the "hacker" have access to all the bot accounts.

Sorry for my foreign English.

Dude look, there are lots like u who say "oh that's bs, no one will ever hack ur account that way, sissy pants and so on". Due to all respect to ur security expert friend, i'd like to ask: does he play sro? does he imagine how much bugs in service/security this game has? finally, does he know how valuable character is for a hardcore sro gamer with all the sos/gold/exp/sp? I say that we must stay focused, because there are lots and LOTS of attemps to do something (random party/exchange) that was not so common a few days ago. Over.

its not , if you read the anti-bot manifesto which goes along with that list you see they mention their source as an exploit in the bot program. They don't elaborate further , but say that regardless of whether you are using the "pay" or cracked version they will get your account info.

Theres no inference of any exploit having to do with SRO servers, i think that the only "hacking" taking place is having do to with the bot program/site.

well aint that what they're going to find out this weekend? Doing this.. research.

These hackers get access to your account when you bot, and obviously it's just your bot-char and not main (no keylogging).
That's where this site comes from, lol.

If u read forums more carefully u would most probably notice that even people who has nothing to do with botting got hacked. That's why im so serious over it.

Are you assuming that the info sent in IP packets is in plain text format?

CAN'T YOU SEE YOU'R CONSTANT FIGHTING IS TEARING US APART?!?!?!!!



Lol.

Nice idea man. A couple of things need to be put to rest once and for all.

1. People cannot get your login/password/email/whatever else someone says they can get just by opening a stall or exchanging or partying.

2. Packet sniffers, will get you the persons IGN, and that is after you search through the 10's/100'2/1000's pages worth of info.
Example: standing at south gate Jangan in a stall you recieve around23k packets. Point being, thats a hell of alot of trouble to go through for just a IGN at best.

3. Ip addresses are not found out in game as well. Even if they were, that doesnt mean they can hack your account with an IP. Only Ip address you'll see is the one for silkroad.

4. The most reliable way to get someones user name and account is just to check the official site. Look at forums, quote someone and then look at code in box[quote = username], then they run their sh**y bruters and maybe get lucky.

Other than that don't download 3rd party programs that say they will "enhance gameplay" and don't give out your username and or password, and you should be fine.