fragama2
Edge Computing Strategist
Divine
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Hello everyone,
I attempted to hack clashbot since they are giving free VIP for the next few days. So far I captured all packets to and from the application and found that it was authenticating using an TLS handshake at https://authssl.league-accounts.com (104.18.50.128). I did some googling and found that these handshakes can't be decrypted, but please correct me if I am wrong. I found that it was also authenticating at:
clashbot .org/bot/auth/authenticate.php?teapot=IhOwaFUsm7AecLawcTSxMcFO3HdZthFT&flip=2&hippo=(USERNAMEHERE)&angle=(PASSWORDHERE)&hump=28d3e6e704663ac4c071302155fd4226
where the username and password are sent in plain text! So I visited this page with my browser and it downloaded a strange file with no file extension named "binenc".
I am now stuck here not sure how to view its contents, because it doesn't translate into readable ASCII characters. If need be, I will post the file, but I doubt it will contain anything useful.
If someone could help me fill in the gaps or let me know if I am on the right track to cracking this bot at all, I would be extremely thankful.
Edited by coolman10114, 03 July 2015 - 07:48 AM.
I attempted to hack clashbot since they are giving free VIP for the next few days. So far I captured all packets to and from the application and found that it was authenticating using an TLS handshake at https://authssl.league-accounts.com (104.18.50.128). I did some googling and found that these handshakes can't be decrypted, but please correct me if I am wrong. I found that it was also authenticating at:
clashbot .org/bot/auth/authenticate.php?teapot=IhOwaFUsm7AecLawcTSxMcFO3HdZthFT&flip=2&hippo=(USERNAMEHERE)&angle=(PASSWORDHERE)&hump=28d3e6e704663ac4c071302155fd4226
where the username and password are sent in plain text! So I visited this page with my browser and it downloaded a strange file with no file extension named "binenc".
I am now stuck here not sure how to view its contents, because it doesn't translate into readable ASCII characters. If need be, I will post the file, but I doubt it will contain anything useful.
If someone could help me fill in the gaps or let me know if I am on the right track to cracking this bot at all, I would be extremely thankful.
Edited by coolman10114, 03 July 2015 - 07:48 AM.