Join our SubscribeStar to remove these adverts!
Stats
Page generated in 0.014 seconds
Total duration
919 users online
301,977 hits today, 2,107,360 yesterday
FIMFiction
My Little Pony: Friendship is Magic Fanfiction
Designed and coded by knighty & Xaquseg - © 2011-2024
Follow & Support Us
Support us
SubStar
Chat!
Discord
Follow us
Twitter
MLP: Friendship is Magic® - © 2024 Hasbro Inc.®
Fimfiction is in no way affiliated with or endorsed by Hasbro Inc.®
491728
Did you even join?
491739 Actually yes, I did.
491764
I don't have the heart to pawn this group off on you. Invite somebody random to dump it on.
491788 This group is too awesome to just dump it.
BTW, I will have to find a way to post threads with no actual name. Maybe disabling JS will help.
491794
I suppose you could hold secret conversations only accessible or to either those talking or those with above pre-school computing skills and a fuck load of free time.
491798 Since when did I need a reason to do anything?
BTW,I fucking love my new avatar, it works as the best emoticon ever.
491803
That it does
491808 Can you give me the admin? I want to try to find some breaches in the site.
On a side note, have you tried typing the konami code on the site?
491823
Of course, that's the whole point of this group.
491837 Okay, but do not leave the group, I will want to somehow do force it from user-level.
491843
I know how to post despite being banned/actually in the group. ban me and I'll show you (this is untested btw).
491850 Go ahead?
491855
:D
Should they ever fix the non permanent bans, we have a workaround.
491859
KNIGHTY
491861
I'm curious, what do you plan on doing anyway?
491859 Eh, knighty apparently knows what he was doing, and I wasted half hour shitting around it.
Eh, time to fuck up somewhere else.
Fuck, wrong account.
491867 Deleting/upgrading members without having admin yourself.
I guess server checks for your session and blocks if you do not have privileges.
Oh God, not again.
EDIT: Lolz, this looks like two different people.
wait...
IDEAAAAA
491871
491872
Out of curiosity, what was it exactly that you were trying to work around?
Edit: that was a fast reply.
491877
I began with the idea of adding thread without caption actually but got sidetracked.
491875
491876
I tried doing this before actually, multiple times, although I suppose if there were a way all the major groups would already be decimated.
The caption thing too.
491879 With editing the javascript or some external tool? You need to send post data to the ajax php with details of the deleted user, you know.
491887
See, that is completely beyond my knowledge or skill level. I just tried messing with the address bar and editing the HTML like a noob.
Strangely computer code just doesn't make sense to me.
491894 Basically, data send in address bar is called GET and looks something like index.php?iam=afaggot, while the hidden data is called POST and is simply attached at the end (or somewhere) of request.
Well, it is simply at different position, actually. Still, far harder to fabricate, generally used for shit like password, fille upload and so on.
491898
I was trying to crack fimfiction story passwords for hours yesterday in some vain hope that the code was lying encrypted in the sources. I think it might be actually, I found that fimfiction uses codes to identify keystrokes:
'a' : 65,
'b' : 66,
'c' : 67,
'd' : 68,
'e' : 69,
'f' : 70,
'g' : 71,
'h' : 72,
'i' : 73,
'j' : 74,
'k' : 75,
'l' : 76,
'm' : 77,
'n' : 78,
'o' : 79,
'p' : 80,
'q' : 81,
'r' : 82,
's' : 83,
't' : 84,
'u' : 85,
'v' : 86,
'w' : 87,
'x' : 88,
'y' : 89,
'z' : 90,
/* start number keys */
'0' : 48,
'1' : 49,
'2' : 50,
'3' : 51,
'4' : 52,
'5' : 53,
'6' : 54,
'7' : 55,
'8' : 56,
'9' : 57,
/* start the f keys */
'f1' : 112,
'f2' : 113,
'f3' : 114,
'f4' : 115,
'f5' : 116,
'f6' : 117,
'f7' : 118,
'f8' : 119,
'f9' : 120,
'f10': 121,
'f11': 122,
'f12': 123,
/* start the modifier keys */
'shift' : 16,
'ctrl' : 17,
'control' : 17,
'alt' : 18,
'option' : 18, //Mac OS key
'opt' : 18, //Mac OS key
'cmd' : 224, //Mac OS key
'command' : 224, //Mac OS key
'fn' : 255, //tested on Lenovo ThinkPad
'function' : 255, //tested on Lenovo ThinkPad
/* Misc. Keys */
'backspace' : 8,
'osxdelete' : 8, //Mac OS version of backspace
'enter' : 13,
'return' : 13, //Mac OS version of "enter"
'space':32,
'spacebar':32,
'esc':27,
'escape':27,
'tab':9,
'capslock':20,
'capslk':20,
'super':91,
'windows':91,
'insert':45,
'delete':46, //NOT THE OS X DELETE KEY!
'home':36,
'end':35,
'pgup':33,
'pageup':33,
'pgdn':34,
'pagedown':34,
/* Arrow keys */
'left' : 37,
'up' : 38,
'right': 39,
'down' : 40,
/* Special char keys */
'`':96,
'~':96,
'-':45,
'_':45,
'=':187,
'+':187,
'[':219,
'{':219,
']':221,
'}':221,
'\\':220, //it's actually a \ but there's two to escape the original
'|':220,
';':59,
':':59,
"'":222,
'"':222,
',':188,
'<':188,
'.':190,
'>':190,
'/':191,
'?':191
Using this, I found this code elsewhere for something called tetris that actually makes an applejack appear on screen. Obviously some remnant from whatever code knighty ripped his from.
Tetris:
Up,Up,down,down,left,right,left,right,B,A
I,d,k,f,a <--- some other shit that apparently does nothing.
I also found evidence that Fimifction does +or-1 to all these codes, so perhaps you can decrypt the password using that, I wouldn't put it past knighty to keep passwords on site, he can't program group banning function after all and this would require some kind of server-side database to my knowledge. I think maybe the passwords are saved as part of the Html and then a script encrypts and decryts it into a source off of the Html coding. Then again I have no idea.
am I totally wrong?
491912
Kind of. Passwords and so on are stored inside mysql database on the server, you will not be access it without the database password. I am pretty sure knighty is the only one that knows it.
Passwords are sent in the aforementioned POST, so it is impossible to retrieve them (unless you sniff the packets ex. on the unprotected home wifi of user. But then again, it is too much work to do.
Also, even if you somehow obtained passwords, they are most likely encrypted, probably in md5 or something similar. So, when you type "iamafaggot" the server actually converts it to "dd418421904e1989b166972bff10dde2" and holds the password on server in this same form. Upon logging, server compares it to hashed entry in base. So, even if you got hash and entered it as password, server would encrypt already encrypted hash, in this case it would remake "dd418421904e1989b166972bff10dde2" into "6977e859dc8d471bd61be083794cce65" and compare it to "dd418421904e1989b166972bff10dde2" in database, resulting in mismatch and rejection.
Uff, that was long.
491937
lol I'm such a noob, I thought as much anyway.
There remains just one more thing to do now:
Invite some poor sap and pawn the group off on him.
491942 Does this count?