Jump to content
Team Avolition

All Activity

This stream auto-updates     

  1. Today
  2. Sirenfal

    Entrance: New Player Joins

    Screenshot the profile picture thing
  3. Yesterday
  4. Puddleduck

    Entrance: New Player Joins

    Welcome to the forums. Most the cool kids hang out on Discord.
  5. Silavet

    Entrance: New Player Joins

    Hello fellow Avolition members, I hate introductions so I'll try to make this as painless as possible. My name is Silavet (Sam IRL), currently 17 and in my second year of college, working towards my associates degree under the Robotics Engineer division. I've got a few more years ahead of me but in the end it's going to be well worth it (I hope). It's weird having joined the Avolition forums only now despite the fact I've enjoyed watching their content for the past seven years. Strange how fast life moves when you think about it. Anyway, I'm glad to say I'm now apart of this community and I would like to wish anyone reading my profile to have a great rest of their day. -Silavet (Also, could someone please explain why I can't get a profile picture? The done button is all grayed out)
  6. Last week
  7. Puddleduck

    What do the bird does?

    A new person? Neat. Hi.
  8. Kite9867

    What do the bird does?

    Go lurk in our gay shitposting discord server instead. You'll find more action there.
  9. Earlier
  10. Sirenfal

    What do the bird does?

    A novel about what though?
  11. KnightFire

    Salutations

    Hey there, welcome.
  12. KnightFire

    What do the bird does?

    Welcome.
  13. sixfivejay

    What do the bird does?

    Cool. Welcome to the forums.
  14. Istana

    What do the bird does?

    Hello I'm Istana, I guess I'm late to the adventure, but that's dandy! I am having issues uploading a profile picture, but I guess that's alright. I have many aspirations, like writing a novel, mapping, and reaching satisfaction in life. Have a wonderful time on the forums, I'm off to go lurk and hide!
  15. Puddleduck

    Salutations

    Welcome new friend!
  16. sixfivejay

    Who is the person speaking at 3:39 and 3:47?

    Alright. Thanks. Good to know.
  17. Sirenfal

    Who is the person speaking at 3:39 and 3:47?

    That's Sinkip. We were dating at the time.
  18. Alright. So I was watching one of aVo's newer videos, specifically one of the RUST Greifing episodes called Jerry and Mike. If you go to the timestamp 3:39 and 3:47 you can hear someone saying "You better run, run Dylan run." I'm pretty sure this wasn't actually a person in game using voice chat. Does anyone happen to know who that person is? I've heard the voice before in multiple aVo videos. Maybe it's obvious and I am just being clueless on the situation but I just thought I'd ask. If somebody can tell me I'd definitely appreciate it! Thanks in advanced. Here's a link to the video so you can access it easier.
  19. sixfivejay

    Alternative ways to grief servers

    Haha. That's really cool. It's sort of sad that Mojang fixed most of the loopholes like you said. There are still hacked clients out but it's nothing compared to the feeling of old Minecraft greifing. There are still a few servers up to grief if you actually play in the betas. There's currently a running project called something like the Nostalgic Project. It's a server in the betas that surprisingly works with it's own launcher. Although it has been hit already a few times last summer. Anyways interesting story again. I had a good time reading this.
  20. sixfivejay

    Salutations

    Welcome to the forums.
  21. Prelude This thread will cover the pitfalls that I have encountered in the past when working with web development. This is not going to be a guide on how to exploit websites, this is simply here as a precaution so you can learn from my mistakes. Story One My Username Redirects Everyone to Pornography There's this nifty language called Javascript that is interpreted by the browser which allows for sites to be changed dynamically when it's not breaking sites or eating up your system resources because of shoddy implementation by the browser itself (see drive-by downloads from old Internet Explorer). Nobody I have ever encountered learns to filter inputs the easy way, we seem to have always learned through hindsight when someone comes along to break your precious site. I spent a good few years working with private servers for a game called Adventure Quest Worlds which was this gaudy flash game that acted like an MMO, but with none of the desired features of other MMOs that we know and have sunk more time and money into than we would want to admit. Most of the private servers that crop up before being DMCA'ed by Artix reuse code from a project named DuskWorlds. Most of these private servers tend to include a top-100 page for all created characters for bragging purposes or something. These pages will display the usernames without filtering them and so you can stylize your username in many ways. The flash content does make an attempt at filtering inputs by whitelisting alphanumeric characters when creating a username, but this data is passed onto a backend file which isn't filtering the inputs before storing them in the database. You can essentially skip the whole flash route and send the form data manually through your browser to the chagrin of whomever owns the site. Javascript has a function to redirect visitors to other sites on the internet and many ways of carrying out this redirection. My username was going to wind up on the top-100 page since there's less than 100 players on the server, and my username was going to show up raw and unfiltered for all of those who dare to peruse the top-100 page. So I simply had to make my username a Javascript redirect wrapped in the HTML script tags in order to get things messy. The simplest choice for me was where I wanted everyone to wind up when viewing my username: Pornhub. So I created my account with the username "<script>document.location = "https://pornhub.com"</script>" and waited for the owner to notice. It took about a week before I received an angry email from the owner that was written in fluent keyboard warrior. Apparently the site had an admin control panel (ACP) which was also allergic to filtering inputs and so any attempts to delete my account without going through the database would end up redirecting the site staff to Pornhub. I like to believe that my sides have already met up with the New Horizons space probe near Pluto by now because it took a good chunk of my day to recover from the laughter. A part of me felt bad since I knew how to fix things but the other part of me was embracing the catharsis because of the contents of the angry email and threat of legal actions. If you ever plan on creating an Adventure Quest Worlds private server, just know to avoid DuskWorlds and any other packs that have a top-100 page if you don't know how to check for filtered inputs. Hopefully nobody here attempts to go out and find these servers to copy this since Artix will get the servers shut down with legal actions in the end. The only regrets I have from this incident is that I forgot to save the email and screenshots. Story Two Just Say No to Regular Expressions There was a time where I wanted to give MyBB the middle finger and create my own forum software that would rival MyBB, PhpBB, IPB, XenForo, and Woltlab. This endeavor was short-lived and it was for the best since I was a shining example of the Dunning-Kruger Effect. One of the features from most forums I frequented was something called BBCode which allowed for people to format their threads and posts in a secure manner. When I was building the post function I would often encounter issues with the htmlspecialchars function that I was using to filter inputs where it would escape the brackets used in BBCode. That's when I decided to take the regex (regular expressions) route which allowed for people to use BBCode while protecting from basic XSS (cross-site scripting) attempts. The method I used was similar to a blacklist where I filtered out any tags pertaining to <script> and </script> from the posts using preg_replace in PHP. This was before I learned about DOM-based attacks and that's when I started noticing posts that involved the SVG tag which would send a Javascript browser alert containing expletives, h4x0r team names with shoutouts, and taunts towards me due to my incompetence. A quick skim through the database confirmed that there was an issue and that I was unable to handle those at the time using regex, so I reverted back to htmlspecialchars and eventually gave up on the project entirely. I do happen to have a recording of me showing the vulnerability of my project but not a recording of the attacks. My reason for making the video was to show the project members why I was abandoning the project and why I had taken the site down at the time. Here's the video I uploaded showing the many ways that regex failed to keep my site safe. To Be Continued... I plan to add more stories to this thread since I'm not out of stories to tell. I'm just burned out at the moment since I have to get other things done and writing this thread can't take up the rest of my day.
  22. KimChoJapFan

    Salutations

    You've probably read through a bunch of introduction threads by now so I'm just going to get to the tl;dr of it... A/S/L: Not telling, but there's a dox of me somewhere on the internet that you can refer to if you wish. Skillset: Backend web development (MySQL, PostgreSQL, NodeJS, PHP). Degree(s): AAS Computer Networking. So far you can expect to see threads of me posting a bunch of tutorials that touch on software and programming. Looking for my username on other forums (or through Google) will show plenty of results of me doing this on other forums. I don't plan on copying and pasting my threads like I used to, the audiences are quite different among different forums and people hate re-posts.
  23. Puddleduck

    GAT THREAD

    I use one of these, but it isn't personally mine. I've also passed a weapons handling test for a flare gun, which is neat.
  24. Pit_2

    Corrupt A Wish

    Granted, but now you can no longer stop playing Solitaire at work. I wish I had some more beer.
  25. Sirenfal

    Feeling welcome!

    >Quake 3 SMART
  26. PigHunter

    GAT THREAD

    POST YOUR FUCKING FREEDOM MACHINES. Also gun general.
  27. PigHunter

    Alternative ways to grief servers

    Man I haven't played in years. An old way that works pretty good, especially on cracked servers, is to take about 20 alts. Write a script that logs them in and out as fast as possible. It'll crash most servers that don't have specialized protections against this. Another way to increase the effectiveness and require fewer alts is to walk all the alts to different locations on the map that are far out and then log them in and out. That lava thing you discovered is actually pretty applicable to anything. If you can do anything that will require a large amount of block updates it'll bog down servers with shit hardware. You can also drop a large amount of items where more than one player is, assuming they don't have plugins to deal with this. Lava where player set spawns is always fun. Abuse of poorly made plugins is always a good route. Most servers where the owner makes the plugins that are medium sized have pretty terrible plugins that are very very abuse-able. Just have to think outside the box. With the walking as XP thing you could set something on your W key to auto gain experience for hours. That explosive pick axe thing may be able to destroy things that are a block inside protected areas. If you can program you'll likely be able to make any item a nuke depending on how she designed it. Key to finding exploits is to use things how the developer has not thought how you'll use them. Be creative and try things out, think outside the box. You'll always be shocked by what you can find.
  28. LaughOutLoudTheLXIX

    Minecraft anarchy

    It's a stupidly difficult game mode. I've played an anarchy server and tried to go away from spawn but ended up dying once I tried to make base 10 thousand blocks out and I just gave up. yes it's fun, but it's difficult to start out. After being able to find an untouched land of resources you're pretty much set in the game
  29. LaughOutLoudTheLXIX

    Alternative ways to grief servers

    Soo, I haven't played minecraft in a few years and I recently re installed it as soon as I got a much better computer. Aside from the cool ocean updates, a lot of loopholes have been fixed so hacking is no easy task. I decided to browse a couple of servers...hopped on vanilla and started deconstructing houses and stuff only to get banned...not really that vanilla... but then I found a server that a high school alumni who was admin on one server. Turns out that it is a FURRY SERVER! And yes it is as cringy as it sounds. There are custom paintings that says "Wombat woman is watching" with a picture of the cartoonized animal owner of server. I play casually on it and discover that there are a lot of plug ins that help you gain advantage in the game, such as lucky blocks you accumulate as you're mining and a super easy level up system where you gain XP for enchants...JUST BY WALKING, and other simple activities. The owner said that she coded all the plugins herself which is pretty cool. At the same time though, this allowed me to access higher level equipment easily, like an 'explosive pickaxe' which mines out a 3x3x3 per block hit. It's like a creative nuker but in survival game mode. This is a potentially devastating tool. As soon as I made a base as far away as possible to not be discovered, I found the best way to make walls for my base was pouring water over a lava fall from the top of the map. Quite massive. Anyways during the manufacturing of cobblestone from lava, other players were complaining of lag and an admin on there was just clueless and was entirely unaware of what I was doing. I realize that water on lava falls caused decent server lag. Multiply that by multiple lava falls and you have whats comparable to a smoke screen, as well as stupid amounts of cobblestone just being made. That got me thinking, griefing and other kinds of activity such as lava construction or redstone timers is just in game server stress testing
  1. Load more activity
×