API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 15th, 2017
583
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.06 KB | None | 0 0
raw download clone embed print report
  1. cslomb42
  2. #6496
  3.  
  4.  
  5. the_laboratory
  6. Search
  7.  
  8. Welcome to the beginning of the #the_laboratory channel.
  9. wulfgar yfirson - 09/08/2017
  10. <div class="form-group">
  11. <li><input type="text" class="form-control" name="username" placeholder="Username"></li></div>
  12. <div class="form-group"><li><input type="password" name="password" class="form-control" placeholder="Password"></li>
  13. </div>
  14. <button type="submit" name="login" class="btn btn-default">Login</button>
  15. </form>
  16.  
  17. This is how it looks for login credentials(edited)
  18. login.php runs that code when you click the login button.
  19. wulfgar yfirson - 09/08/2017
  20. http://blocgame.com/rankings.php?page=
  21.  
  22. Use this to make the spider crawl all the rankings pages looking for nation URLs
  23. Markers to follow. Format: [Before Marker] [after marker]
  24. Nation [<p id="nationtitle"><b>] [</n></p>]
  25. Online [<font size='2'>last online] [</font>]
  26. Approval [<td>Approval:</td>↵<td><i>] [</i></td></tr>]
  27. Polsys [<td>Political System:</td>↵<td><i>] [</tr>]
  28. Stability [<tr>↵<td>Stability:</td>↵<td><i>] [</i></td>↵</tr>]
  29. Land [<tr>↵<td>Territory:</td>↵<td><i>] [km<sup>2</sup> </i></td></tr>]
  30. Rebels [<tr>↵<td>Rebel Threat:</td>↵<td><i>] [</i></td>↵</tr>]
  31. Population [<tr>↵<td>Population:</td>↵<td><i>] [people</i></td>↵</tr>]
  32. QoL [<tr>↵<td>Quality of Life:</td>↵<td><i>] [</i></td>↵</tr>]
  33. Healthcare [<tr>↵<td>Healthcare:</td>↵<td><i>] [</i></td>↵</tr>]
  34. Literacy [<tr>↵<td>Literacy:</td>↵<td><i>] [</i></td>↵</tr>]
  35. Unis [<tr>↵<td>Universities:</td>↵<td><i>] [universities</i></td></tr>]
  36. Econ [<tr>↵<td>Economic System:</td>↵<td><i>] [</i></td>↵</tr>]
  37. Faccos [<tr>↵<td>Industry:</td>↵<td><i>] [factories</i></td>↵</tr>]
  38. GDP [<tr>↵<td>Gross Domestic Product:</td>↵<td><i>$] [million</i></td>↵</tr>]
  39. Growth [<tr>↵<td>Growth:</td>↵<td><i>$] [million per month</i></td>↵</tr>]
  40. FI [<tr>↵<td>Foreign Investment:</td>↵<td><i>$] [k</i></td>↵</tr>]
  41. Reserves [<tr>↵<td>Discovered Oil Reserves:</td>↵<td><i>] [Mbbl</i></td>↵</tr>]
  42. Oil Prod [<tr>↵<td>Oil Production:</td>↵<td><i>] [Mbbl per month</i></td>↵</tr>]
  43. RM Prod [<tr>↵<td>Raw Material Production:</td>↵<td><i>] [Hundred Tons per month </i></td>↵</tr>]
  44. Aligned [<tr>↵<td>Official Alignment:</td>↵<td><i>] [</i></td>↵</tr>]
  45. Region [<tr>↵<td>Region:</td>↵<td><i>] [</i></td>↵</tr>]
  46. Alliance [<tr>↵<td>Alliance:</td>↵<td><i>] [</i></td>↵</tr>]
  47. Rep [<tr>↵<td>Reputation:</td>↵<td><i>] [</i></td>↵</tr>](edited)
  48. September 9, 2017
  49. wulfgar yfirson - 09/09/2017
  50. Troops [<tr>↵<td>Army Size:</td>↵<td><i>] [k active personnel</i></td>↵</tr>]
  51. Manpower [<tr>↵<td>Manpower:</td>↵<td>] [(population allows maximum of 100k) </td>↵</tr>]
  52. Equip [<tr>↵<td>Equipment:</td>↵<td><i>] [</i></td>↵</tr>]
  53. AF [<tr>↵<td>Airforce:</td>↵<td><div class="dropdown">↵<a data-toggle="dropdown" href="#">↵<i><img src="statsicon.png" height=17px />] [</i></a>]
  54. Navy [<tr>↵<td>Navy:</td>↵<td><div class="dropdown">↵<a data-toggle="dropdown" href="#">↵<i><img src="statsicon.png" height=17px />] [</i></a>]
  55. Ships [<ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">] [ships </ul></td>↵</tr>]
  56. Wars [<td>Wars:</td>↵<td><i>] [</i></td>↵</tr>]
  57. http://blocgame.com/stats.php?id=
  58.  
  59. All nations info pages start like this, use this to ensure it only tries to scrape relevant pages
  60. blocgame.com/main.php
  61.  
  62. Info page for self nation.
  63. If can crack the PHP authentication can begin accessing everyones main.php, alliancebanklogs.php, and make effective use of any other PHP authenticated action such as withdrawls from banks, assigning new alliance founders, disbanding alliances, declaring war, transferring resources, etc etc etc
  64. He uses cookies, THE FOOL!!!
  65. BLOCGAME DOMAIN COOKIES add two underscores - content
  66. utma - 262948319.1230076983.1500805187.1504921436.1504930957.45
  67. utmb - 262948319.1.10.1504930957
  68. utmc - 262948319
  69. utmt - 1
  70. utmz - 262948319.1504762605.38.3.utmcsr=nerdydata.com|utmccn=(not%20set)|utmcmd=(not%20set)
  71. cfduid - d37596b1d859a26b9e85cd44a3fdfe2521500805178(edited)
  72. BLOC HOST COOKIES - content
  73. PHPSESSID - 554ed2dd30dce3d4ba61b8f82db76746
  74. erferedddeddsdsdsd66766 - 899669(edited)
  75. Tyr (Shitstania) - 09/09/2017
  76. __cfduid - d04dfd51dfe9d0266c89d817f01fd17a61489540662
  77. cf_use_ob - 80
  78. cf_ob_info - 522:343c059b120c1b97:SEA
  79. erferedddeddsdsdsd66766 - 953616
  80. __utmt - 1
  81. __utma - 262948319.1125907029.1489540641.1504201307.1504244335.36
  82. __utmz - 262948319.1489540641.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
  83. __utmb - 262948319.48.10.1504244335
  84. PHPSESSID - 442e3ec0fa0f1cf5bd4fedf06b671ef4
  85. that's all of em
  86. wulfgar yfirson - 09/09/2017
  87. no utmc
  88. Tyr (Shitstania) - 09/09/2017
  89. I'll check again
  90. nope
  91. just the ones I posted
  92. wulfgar yfirson - 09/09/2017
  93. Doesnt matter all the UTM whatevers are google add cookies
  94. however that 262948319 intrigues me. I wonder what the significance is, its clearly set by the server and not the local instance
  95. I bet thats his google adds account
  96. the cfduid is just cloudflare
  97. but erferedddeddsdsdsd66766 is interesting
  98. Tyr (Shitstania) - 09/09/2017
  99. hm yeah it definitely stands out
  100. wulfgar yfirson - 09/09/2017
  101. Ok so the PHPSESSID gets assigned when you log in and he as protections in place that prevent me from just snatching up other peoples session ids and reusing old ones etc
  102. but thats no biggy I think his primary authenticating cookie is that erferedddeddsdsdsd66766 cookie
  103. September 10, 2017
  104. wulfgar yfirson - 09/10/2017
  105. The list of nations is as follows:
  106. Nation - discord alias
  107. Nuln -
  108. Gluck -
  109. Caercaled - kolkrabbin
  110. Stepa - Crepss
  111. Hellghast - hellghast
  112. Shitstainia - Shitstainia leader
  113. Gustavia -
  114. Snake Mountain - Skeletor Officer
  115. ALU -
  116. Norvekia -
  117. Malay ancap cartel -
  118. Man -
  119. 2weq2we - Aleksa
  120. Muspelheim - Muspelheim Officer
  121. Fromkina - Adamfromky
  122. Kenwood -
  123. Neuguinea Reich -
  124. New eagleland -
  125. Vidsia -
  126. Bitcoincountry - bitcoinplayer
  127. Wolfelite - Wolfe
  128. Midasin -
  129. Cubata -
  130. H2o - H2o
  131. Canada c-137 -
  132. Videoland -
  133. Limbostan - limboman
  134. Utrina -
  135. Portland - Ellio98
  136. Taylor Swift - Seagull
  137. - tekoku?
  138. - the prisoner?
  139. - boomburst?(edited)
  140. October 2, 2017
  141. Ellio98 (Portland) - 10/02/2017
  142. Okay, firstly normally you can not ask for tanks from US/Russia until you reach a certain level of weapons. But by typing in http://blocgame.com/policies666/m60.php (If usa alligned) http://blocgame.com/policies666/t62.php (Soviet aligned) you can get the event to get the tanks. You pay 3 oil and 13 rep but get 5ish weapons which is a better return then asking for guns
  143. By typing in http://blocgame.com/policies666/greenrevolution.php you get the green revolution tech almost for free. Only having to pay the cash. This allows you to produce more food without spending your research
  144. I think most of the others were patched by Rumsod, but im sure if you look into what all the event web address are you might find more like this
  145. The event address for the starting event might work still. I dont know its address (Forgot but Justin will know) but I heard is how you get unlimited everything.(edited)
  146. cslomb42 pinned a message to this channel. See all the pins.10/02/2017
  147. cslomb42 pinned a message to this channel. See all the pins.10/02/2017
  148. October 3, 2017
  149. wulfgar yfirson - 10/03/2017
  150. @Ellio98 (Portland)
  151. Blocdeth100317.html
  152. 57.66 KB
  153. Tyr (Shitstania) - 10/03/2017
  154. huh only one inactive member in the whole alliance
  155. ...how do we have a guy with -1 ship
  156. the scraper got it right, he's actually listed as having -1 ship in game
  157. wulfgar yfirson - 10/03/2017
  158. could be an error with the scrapper
  159. wait what
  160. Tyr (Shitstania) - 10/03/2017
  161. http://blocgame.com/stats.php?id=13827
  162. it says none but when you click it
  163. it displays -1 ship
  164. wulfgar yfirson - 10/03/2017
  165. the actual fuck
  166. Tyr (Shitstania) - 10/03/2017
  167. RUMCODE
  168. wulfgar yfirson - 10/03/2017
  169. fuckin RUMCODE
  170. So I am making a google drive folder for the scrapped files
  171. I cant figure out for the life of me how to pin messages
  172. https://drive.google.com/open?id=0B_XkOnmTO6AkekpaY056RWZ2Ync
  173. tell me what alliances to add to the scrape list and I'll put em up on the drive
  174. Tyr (Shitstania) - 10/03/2017
  175. I have no idea how to pin messages on a phone, on desktop you just click the dots on the right hand side of the message and then click pin(edited)
  176. Tyr (Shitstania) pinned a message to this channel. See all the pins.10/03/2017
  177. Tyr (Shitstania) - 10/03/2017
  178. as for scraping alliances, the only ones that are really worth scraping right now are us and LC tbh
  179. wulfgar yfirson - 10/03/2017
  180. ok
  181. Tyr (Shitstania) - 10/03/2017
  182. actually on second thought, go ahead and run a scrape for AC as well, so we can track how they're doing
  183. I want to see how well they develop over time
  184. what with them being a protectorate of ours
  185. we don't really need to worry too much about scraping for them or LC though honestly, it's mostly our own numbers that concern me(edited)
  186. October 4, 2017
  187. Ellio98 (Portland) - 10/04/2017
  188. Thanks for the scrape
  189. wulfgar yfirson - 10/04/2017
  190. Np
  191. October 7, 2017
  192. Ellio98 (Portland) - 10/07/2017
  193. So while I was digging around the old messages looking for any guides I can post to the academy I found this: blocgame.com/policies666/imf.php
  194. It does an event which trades growth for cash. It was removed when Natural gdp was added because you could keep your growth low while also making a crap ton of cash from it
  195. Unlike the previous ones I posted this is much closer to out right cheating
  196. wulfgar yfirson - 10/07/2017
  197. Does it still work?
  198. Ellio98 (Portland) - 10/07/2017
  199. Yep
  200. wulfgar yfirson - 10/07/2017
  201. Sweet
  202. wulfgar yfirson - 10/07/2017
  203. I am experimenting with code to see if I can trick the server into giving a person weapons for free. If I can do that then I can do ships and planes too
  204. Tyr (Shitstania) - 10/07/2017
  205. wew
  206. that'd be quite the exploit
  207. wulfgar yfirson - 10/07/2017
  208. uhhh
  209. New_Bitmap_Image.bmp
  210. 1.11 MB
  211. So client side is editible from the browser
  212. I wonder if its possible to use this fact to trick the server and if the server has any way of detecting this
  213. Tyr (Shitstania) - 10/07/2017
  214. hmm
  215. it's hard to say tbh
  216. wulfgar yfirson - 10/07/2017
  217. I just did some testing. It just changes the way its displayed temporarily until you call to the server the server fixes it
  218. Tyr (Shitstania) - 10/07/2017
  219. ah gotcha
  220. wulfgar yfirson - 10/07/2017
  221. however, I now know what the server is looking at when a call is made. So I know what the server expects to see and what output it will yield when it sees that input
  222. so I can format a program that simulates opening a browser. Logs into a players nation. Then sends a call to the server for aircraft in such a way the server thinks you have the required resources and it will kick back a plane and the appropriate output resources based on the assumed input resources
  223. so basically I can make the server give me aircraft and as far as the server is concerned I paid for them
  224. Assuming I can fine tune the program correctly
  225. Tyr (Shitstania) - 10/07/2017
  226. woah
  227. holy shit
  228. if that works that'll be absolutely amazing
  229. would the same approach work for ships or weapons?
  230. cslomb42 - 10/07/2017
  231. Please
  232. We all jump to bw 20/20 overnight
  233. Tbh I think that's blatant cheatinf
  234. Tyr (Shitstania) - 10/07/2017
  235. lmao
  236. wulfgar yfirson - 10/07/2017
  237. yes
  238. and yes
  239. Tyr (Shitstania) - 10/07/2017
  240. WOAH
  241. wulfgar yfirson - 10/07/2017
  242. but if you do it slowly no one notices
  243. cslomb42 - 10/07/2017
  244. What did you just notice shit
  245. Tyr (Shitstania) - 10/07/2017
  246. if he can get this working just think of the potential
  247. wulfgar yfirson - 10/07/2017
  248. A way to do it more subtly
  249. is to make the game give you the resources instead
  250. Tyr (Shitstania) - 10/07/2017
  251. I mean it totally is cheating
  252. wulfgar yfirson - 10/07/2017
  253. anyone asks where they came from someone sent them to you
  254. or a group of people sent them to you
  255. Tyr (Shitstania) - 10/07/2017
  256. but having a cheat strategy on hand doesn't hurt
  257. this is bloc, nobody plays fair
  258. wulfgar yfirson - 10/07/2017
  259. I mean I could have a series of accounts that are for the sole purpose of laundering cheater resources
  260. Tyr (Shitstania) - 10/07/2017
  261. dude
  262. wulfgar yfirson - 10/07/2017
  263. have the thing log into each one from a separate IP
  264. Tyr (Shitstania) - 10/07/2017
  265. you're fucking brilliant at this
  266. wulfgar yfirson - 10/07/2017
  267. tell the server that they are supposed to have a few more MG
  268. basically just manipulate their per turn MG
  269. get the MG then change it back
  270. and have it send the MG of into a transfer chain that culminates into our accounts
  271. like we were the gorram swiss banks
  272. Tyr (Shitstania) - 10/07/2017
  273. hahahahaha
  274. wulfgar yfirson - 10/07/2017
  275. Thats assuming I can actually make it work
  276. this is theory at this point
  277. Tyr (Shitstania) - 10/07/2017
  278. I gotcha
  279. wulfgar yfirson - 10/07/2017
  280. <ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
  281. Next month changes:
  282. <br><font color="green">+50 tons from research</font><br><font color="red">-0 tons from universities</font></ul>(edited)
  283. the server sees that and the server knows what you are supposed to get
  284. <a data-toggle="dropdown" href="#" data-original-title="" title=""><i><img src="statsicon.png" height="17px"> 50 Tons </i></a>(edited)
  285. the server sees that and knows how much you currently have
  286. note the edit because theoretically if I can write a program that spoofs being a browser and the webpage well enough it could send itself to the Bloc Server without the bloc server realizing the difference and make those changes basically that easy
  287. also alliance scrape is updated on the google drive
  288. The main bootstrap looks for the cookies we previously identified
  289. Tyr (Shitstania) - 10/07/2017
  290. awesome thanks for updating the scrape for us
  291. wulfgar yfirson - 10/07/2017
  292. no problem
  293. I was doing all this experimental stuff while I was waiting on it to scrape
  294. erferedddeddsdsdsd66766 is the cookie I was curious about
  295. and so it gives you that cookie and that cookie stays the same as long as you dont delete it. But if you delete it the next time you do a valid log in youll get a new one thats persistent as long as you dont delete it
  296. That is the server marking your initial log in from that browser
  297. PHPSESSID changes with each unique log in
  298. Tyr (Shitstania) - 10/07/2017
  299. hm, ok
  300. wulfgar yfirson - 10/07/2017
  301. IExplorer uses different cookies but it uses cookies the same
  302. here is something interesting about erferedddeddsdsdsd66766
  303. if you delete it while you have a valid sessid it will give you a new one without requiring a log int
  304. login*
  305. but if you delete php sess id it logs you out
  306. ok. So my code has to be able to send to the server the login command and credentials as if it was a browser, receive the phpsessid cookie, using the phpsessid cookie and know lines of script from user side code tell the server what I want the server to believe and get the serve to make those changes then delete the phpsessid cookie
  307. I really need to see server side code that would make this so much easier
  308. October 23, 2017
  309. Hellghast - 10/23/2017
  310. @wulfgar yfirson can we get an updated scrape list?
  311. wulfgar yfirson - 10/23/2017
  312. I'll have to get it when I get home
  313. Hellghast - 10/23/2017
  314. Yeah sure take your time
  315. wulfgar yfirson - 10/23/2017
  316. Also I'm working on getting regional scrapers up for y'all to use for whatever nefariousness you might use them for
  317. Userlame (Tiber) 🍪 - 10/23/2017
  318. fancy
  319. Ellio98 (Portland) - 10/23/2017
  320. hmmm, we have all the good stuff
  321. wulfgar yfirson - 10/23/2017
  322. scrape in progress
  323. i'll upload it as a spreadsheet so you can filter out what you dont want
  324. just give the spider sometime to run it has to create a browser instance and open the urls inside it for legal reasons and because the website blocks non browser access
  325. Blocdeth.xls
  326. 196.16 KB
  327. Crepas - 10/23/2017
  328. >not use google for documents
  329. ????
  330. wulfgar yfirson - 10/23/2017
  331. i normally do
  332. Crepas - 10/23/2017
  333. Much more easier and practical
  334. wulfgar yfirson - 10/23/2017
  335. but i posted it in a different format than usual and wanted to get it to yall quicker
  336. the google docs link goes to an html file that you cant sort and filter
  337. So how do the teeth in that gift horses mouth look?
  338. Crepas - 10/23/2017
  339. Cant see it anyways. Using excel 2007 lol
  340. Userlame (Tiber) 🍪 - 10/23/2017
  341. Use an xls to PDF converter
  342. Blocdeth.pdf
  343. 54.83 KB
  344. Nvm
  345. Doesn't work very well
  346. Shiiiiiet
  347. wulfgar yfirson - 10/23/2017
  348. Download openworks
  349. It's a freeware version if Microsoft works that actually does.
  350. November 15, 2017
  351. Ellio98 (Portland) - 11/15/2017
  352. Okay, firstly normally you can not ask for tanks from US/Russia until you reach a certain level of weapons. But by typing in http://blocgame.com/policies666/m60.php (If usa alligned) http://blocgame.com/policies666/t62.php (Soviet aligned) you can get the event to get the tanks. You pay 3 oil and 13 rep but get 5ish weapons which is a better return then asking for guns(edited)
  353. By typing in http://blocgame.com/policies666/greenrevolution.php you get the green revolution tech almost for free. Only having to pay the cash. This allows you to produce more food without spending your research
  354. Just copy and pasting old messages that had the links in them
  355. @Hellghast I shall try to fish out any more
  356. Also please note that you may need to add the www. bit into the links if you log into www.blocgame.com and not blocgame.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!