H4k Lvl 634[ Main=Lvl 1005 ]
Reece 🖤 Jordan ♂ 19   Greater Manchester, United Kingdom (Great Britain)
 
 
Gayyy weirdo, ᴸᵁᴬ programmer and ethical hacker :trollface_boulder:

~ Jordan is an ANGEL!


v3=Vector3.new
s=Workspace.Scale.Value
m=script.Parent
w=Workspace.Speed.Value
while true do
for i=1,w do
local t=i/w
wait()
m.Scale=v3(s.X*(.9+0.2*t),s.Y*(.9+0.2*t),s.Z*(.8+0.4*t))
end
for i=1,w do
local t=i/w
wait()
m.Scale=v3(s.X*(1.1-.2*t),s.Y*(1.1-.2*t),s.Z*(1.2-0.4*t))
end
end
Currently Offline
Last Online 16 mins ago
1 VAC ban on record | Info
736 day(s) since last ban
Artwork Showcase
Level 1005 Main Acc
12 2
Items Up For Trade
505
Items Owned
210
Trades Made
101,488
Market Transactions
Tools I use to find exploits:


Metasploit,
Wireshark,
Nikito

Exploits I find:

XSS exploits,
Stored XSS,
Reflected XSS,
SQL injection exploits,
Session hijacking exploits,
Blind SQL Injection
Cache Poisoning,
HTTP Response Splitting,
Cross Frame Scripting,
Cross Site History Manipulation (XSHM)
Cross Site Tracing,
Cross-Site Request Forgery (CSRF)
Custom Special Character Injection,
Path Traversal Attack‎ /../../../ -- Allows to retrieve contents that you shouldn't be able to retrieve in directories
Blind XPath Injection,
Man-in-the-browser attack,
Man-in-the-middle attack,
Mobile code: object hijack
XPATH Injection
(SSI) Injection,
Brute force attack,
Buffer overflow attack,
Content Spoofing +

Much more


XSS basic example:

frame?query=<script>alert("no")</script>

after the query, you can see that I have formatted my own script that will execute. This attack could be used to potentially retrieve cookies and other sensitive data, which is why it's quite severe on the spectrum!


One of my projects:
https://www.roblox.com/games/160342329/No-Entry

Basically a game which trapped you once you joined. I ended up on front page with nearly 40,000 players trapped, amazing!

print("I also do LUA programming")

function test() -- Creation of said function!
for i,v in pairs(Workspace:GetChildren()) do
if v.ClassName == "Part" then
p = Instance.new("Fire")
p.Parent = v
p.Size = 30
p.Name = "example"
end
end
test() -- Running our created function

Mini examples of finds v

Join script exploit:

By using the join script URL, I was able to find out how to manipulate the parameters to my desire so that I could join any game, it didn't matter whether I had the membership type required or not and I could even join inactive places.

This cause due to the fact that a while back ago, the authentication for the join script wasn't so secure. You only had to edit the connectioninfo parameter to the connectioninfo of another server in order to join. Connectioninfo is basically the machine address and port, however it's partially encrypted.

Sincd the Roblox client runs with a specific user agent. I decided to go on to the join request URL with that user agent and realised that I was able to retrieve data again!

If a server only allows you to obtain data when using a specific user agent, change your useragent to something it accepts.

Crashing servers:

I realised that by changing my instance type from player to something that the server didn't recognise, I were able to crash servers.

Developer console server crash exploit:

After they strengthened the join scripts security, I could still join places, however not all. The one thing I did realise however is that by pressing f9 I had access to a server console where I could by and by crash the server just by clicking on server console.

Mee6 hax on Discord!

Attempting to find an exploit that allowed me to get more of a score and it worked. I awarded myself so many points and got way over level 100. When I didn't realise, my excessive messages were causing mee6 to casually slow down. This basically was because so many commands were being sent all at once from so many clients. At that point I had the advantage to keep chatting , double score would be awarded, more than usual. Since the bot couldn't keep up with everything.

Packet spoofing:

By altering the data that was sent to the server, I was able to make my character flash around. I could even change my animation and much more. This is because I spoofed the packet data that was being sent to the main server, so that the clients would then receive the data once it bounces off from the server.

Xss exploits: Oh the beauty of them. Just by entering a html script into a query, I would be able to execute scripts. There were even times by just changing the name of an item, you would be able to execute scripts on other people's clients. This was a potentially severe exploit as it could of been used to retrieve sensitive data.

Directory loop:

By entering /../../ I was able to gain access to the different directories. This enabled me to see exactly what has been saved from the back end of the server into different individual folders or just right in front of my face. This directory loop is a type of exploit that enables people to be able to see different contents that have been saved on a server.
Code example: ~They are not FULL WORKING examples
while wait() do
for _,v in pairs(game.Players:GetChildren()) do
if v.Character then
f=v.Character:findFirstChild('Humanoid')
t=v.Character:findFirstChild('Torso')
local dist=false
if f and v then dist=(script.Parent.Parent.Position-t.Position).magnitude-script.Parent.Scale.X*.72 end
if dist then
if dist<0 then
f.Health=0

_S=Instance.new("Sound", workspace)
_S.SoundId= "http://www.roblox.com/asset/?id=155415673"
_S.Name = "Burn"
_S.Looped=false
_S.Volume=1
_S.Pitch = 1
_S:Play()

for _,w in pairs(v.Character:getChildren()) do
if w:isA('Part') then w.Anchored=true end
end

local f=Instance.new('Frame',Instance.new('ScreenGui',v.PlayerGui))
f.BackgroundColor3=Color3.new(111,0,0)
f.Size=UDim2.new(1,0,1,0)
for i=1,60 do
f.Transparency=1-i/60
wait()
end
end
if dist<400 and dist>100 then
for _,j in pairs(v.Character:getChildren()) do
if not j:findFirstChild('Fire') then
w=Instance.new('Fire',j)
w.Heat=25
w.Size=30
w.Color=Color3.new(111,0,0)
w.SecondaryColor=Color3.new(111,0,0)
end
end
end
local s=v.PlayerGui:findFirstChild('DistanceColorGui')
if not s then
p=Instance.new('ScreenGui',v.PlayerGui) p.Name='DistanceColorGui' s=p
l=Instance.new('Frame',p) l.Size=UDim2.new(1,0,1,0)
l.BackgroundColor3=Color3.new(111,0,0)
end
l=s.Frame
l.BackgroundTransparency=1-math.abs(math.atan(1/dist*100)*2/math.pi)
end
end
end

end
______________________________________________________________________

Another example:


local function convert( chars, dist, inv )
return string.char((string.byte(chars) - 32 + (inv and -dist or dist)) % 95 + 32)
end

local function crypt(str,k,inv)
local enc= "";
for i=1,#str do
if(#str-k[5] >= i or not inv)then
for inc=0,3 do
if(i%4 == inc)then
enc = enc .. convert(string.sub(str,i,i),k[inc+1],inv);
break;
end
end
end
end
if(not inv)then
for i=1,k[5] do
enc = enc .. string.char(math.random(32,126));
end
end
return enc;
end
local enc1 = {29, 58, 93, 28, 27};
local function chooseBlock(yAXIS, player)
local rareADD = 1
local gCOPPER = 0
local gSILVER = 0
local gGOLD = 0
local gSAPPHIRE = 0
local gRUBY = 0
local gEMERALD = 0
local gDIAMOND = 0
local gURANIUM = 0
local gAMETHYST = 0
local gPLATINUM = 0
local gGem= 0

___________________________

Another


local Info = {
Screen = script.Parent:WaitForChild'ScreenGui',
StreakFrame = script.Parent.ScreenGui.Streak,
LevelGui = script.Parent.ScreenGui.Level,
TimerGui = script.Parent.ScreenGui.Timer,
HighGui = script.Parent.ScreenGui.High,
Mouse = Game.Players.LocalPlayer:GetMouse(),
Camera = Workspace.CurrentCamera,
UIS = Game:GetService 'UserInputService',
Lighting = game.Lighting,
AccessKeyRemote = Game.ReplicatedStorage.AccessKey,
ReportHighScoreRemote = Game.ReplicatedStorage.ReportHighScore,
StarterGui = Game.StarterGui,
RegenCubeGui = script.Parent.ScreenGui.RegenCube,

UpdateOn = Game["Run Service"].RenderStepped
}
local Data = {
CurrentLevel = game.Players.LocalPlayer.LevelCount.Value,
TimeToComplete = 40,
Started = 0,
InProgress = false,
RequiredRotation = CFrame.Angles(0, 0, 0),
Dragging = false,
Dragging2 = false,
LastDrag = Vector2.new(),
CurrentRotation = CFrame.Angles(0, 0, 0),
ApplyDrag = Vector2.new(),
ApplyDrag2 = 0,
MoverBlock = nil,
StaticBlock = nil,
Sensitivity = 1/100,
Threshold = .13,
Ding = nil,
Fail = nil,
PlayedFailSound = false,
High = 0,
AccessKey = 0,
BGCubes = {},
BaseBGCube = nil,
BaseBGCover = nil,
BGTransitionTime = 0.3,
BGTransitionStart = 1000,
BGTransitionEnd = 2000,
CurrentColor = Color3.new(),
Moves = {},
DragSpeedCap = 2000,
BGM_BPM = 174*1/60*1/4,
SongStart = 0
}
local Script = {
Initialize = nil,
GetTimeForLevel = nil,
InitializeLevel = nil,
Update = nil,
ComputeDrag = nil,
GenerateBlock = nil
}

--
--
function Script:FireBGCube(rotation)
local info = {
Cube = Data.BaseBGCube:Clone(),
Cover = Data.BaseBGCover:Clone(),
Start = tick(),
Rotation = rotation
}

info.Cube.Parent = Workspace
info.Cover.Parent = Workspace
info.Cube.Color = Data.CurrentColor
local baseColor = info.Cube.Color
info.Cover.SurfaceGui.Frame.BackgroundColor3 = Color3.new(
baseColor.r*0.5,
baseColor.g*0.5,
baseColor.b*0.5
)


table.insert(Data.BGCubes, 1, info)
end
function Script:Initialize()
Info.StarterGui:SetCoreGuiEnabled(Enum.CoreGuiType.Backpack, false)
Info.StarterGui:SetCoreGuiEnabled(Enum.CoreGuiType.PlayerList, false)
Info.Camera.CameraType = Enum.CameraType.Scriptable
Info.Camera.FieldOfView = 5

Script:GenerateBlock()
Script:Connect()
Script:InitializeLevel(true)
while true do
Script:Update()
Info.UpdateOn:wait()
end
end
function Script:GetTimeForLevel(level)
return 1/level*5+2+1/((level+50)/50)*10 / 4
end
function Script:InitializeLevel(reset)
if reset then
Data.BGM:Stop()
Data.BGM:Stop()
Data.SongStart = tick()
Data.Ding:Play()
Info.RegenCubeGui.Visible = false
else
Script:FireBGCube(Data.CurrentRotation)
end

Data.CurrentLevel = game.Players.LocalPlayer.LevelCount.Value or Data.CurrentLevel+1
Data.High = math.max(Data.High, Data.CurrentLevel)
Info.ReportHighScoreRemote:FireServer(Data.AccessKey, Data.High)
Data.TimeToComplete = Data.TimeToComplete/3 + Script:GetTimeForLevel(Data.CurrentLevel)
Data.Started = tick()
Data.RequiredRotation = CFrame.Angles(math.random()*math.pi*2, math.random()*math.pi*2, math.random()*math.pi*2)
Data.CurrentColor = BrickColor.Random().Color
while true do
if (Data.CurrentColor.r<.3 and Data.CurrentColor.g<.3 and Data.CurrentColor.b<.3) or (Data.CurrentColor.r>.8 or Data.CurrentColor.g>.8 or Data.CurrentColor.b>.8) then
Data.CurrentColor = BrickColor.Random().Color
else
break
end
end
Data.MoverBlock.Color = Data.CurrentColor
Data.StaticBlock.Color = Data.CurrentColor
Data.PlayedFailSound = false

Data.MobileLightBlock.PointLight.Color = Color3.new(
(1-Data.CurrentColor.r)^0.25,
(1-Data.CurrentColor.g)^0.25,
(1-Data.CurrentColor.b)^0.25
)
Data.StaticLightBlock.PointLight.Color = Data.MobileLightBlock.PointLight.Color

Info.LevelGui.Text = Data.CurrentLevel
Info.HighGui.Text = Data.High

Data.InProgress = true

Script:Update()
end
function Script:Connect()
local function input(i)
if i.UserInputType == Enum.UserInputType.MouseButton1 or i.UserInputType == Enum.UserInputType.Touch then
Data.Dragging = i.UserInputState == Enum.UserInputState.Begin
Data.LastDrag = Vector2.new(Info.Mouse.X, Info.Mouse.Y)
elseif i.UserInputType == Enum.UserInputType.MouseButton2 then
Data.Dragging2 = i.UserInputState == Enum.UserInputState.Begin
Data.LastDrag = Vector2.new(Info.Mouse.X, Info.Mouse.Y)
elseif i.UserInputType == Enum.UserInputType.MouseMovement or (i.UserInputType == Enum.UserInputType.Touch and i.UserInputState == Enum.UserInputState.Change) then
if Data.Dragging then
local thisDrag = Vector2.new(Info.Mouse.X, Info.Mouse.Y)
Data.ApplyDrag = Data.ApplyDrag + (Data.LastDrag - thisDrag)
table.insert(Data.Moves, {Data.LastDrag-thisDrag, tick()})
Data.LastDrag = thisDrag
Script:ComputeDrag()
elseif Data.Dragging2 then
local thisDrag = Vector2.new(Info.Mouse.X, Info.Mouse.Y)
local diff = Data.LastDrag - thisDrag
local split = thisDrag - Vector2.new(Info.Mouse.ViewSizeX, Info.Mouse.ViewSizeY)/2
Data.ApplyDrag2 = Data.ApplyDrag2 + -diff.X*(split.Y~=0 and math.abs(split.Y)/split.Y or 1) + diff.Y*(split.X~=0 and math.abs(split.X)/split.X or 1)
table.insert(Data.Moves, {Data.LastDrag-thisDrag, tick()})
Data.LastDrag = thisDrag
Script:ComputeDrag()
Favorite Group
Meow (❤ω❤) - Public Group
H4k's Group of cherished people
511
Members
22
In-Game
77
Online
14
In Chat
Favorite Game
Screenshot Showcase
Garry's Mod
9 4
Oͦxͯmͫoͦrͬ 59 minutes ago 
:GC_Butterfly::PawWolf::PawWolf::PawWolf::PawWolf::PawWolf::PawWolf::PawWolf::GC_Butterfly:
:PawWolf::pulstarlife::pulstarlife::PawWolf::PawWolf::PawWolf::pulstarlife::pulstarlife::PawWolf:
:pulstarlife::colon::colon::pulstarlife::PawWolf::pulstarlife::colon::colon::pulstarlife:
:pulstarlife::colon::butterfly::colon::pulstarlife::colon::butterfly::colon::pulstarlife:
:PawWolf::fsheart::colon::GC_Butterfly::colon::GC_Butterfly::colon::fsheart::PawWolf:
:PawWolf::PawWolf::fsheart::colon::GC_Butterfly::colon::fsheart::PawWolf::PawWolf:
:butterfly::PawWolf::PawWolf::fsheart::colon::fsheart::PawWolf::PawWolf::butterfly:
:PawWolf::PawWolf::PawWolf::PawWolf::fsheart::PawWolf::PawWolf::PawWolf::PawWolf:
:fsheart::PawWolf::butterfly::PawWolf::PawWolf::PawWolf::butterfly::PawWolf::fsheart:
Rease 2 hours ago 
<3
Jimmy ✝ 8 hours ago 
𝘠𝘰𝘶 𝘢𝘳𝘦 𝘢𝘯 𝘢𝘸𝘦𝘴𝘰𝘮𝘦 𝘱𝘦𝘳𝘴𝘰𝘯 :mgh_17:
Bani 8 hours ago 
Wanna someone give me some trash items anything I will take
🌴RETRO🌴Soter 8 hours ago 
:toadPepe::PinkMagnet::PinkMagnet::wavetree::cagedsunset::wavetree::PinkMagnet::PinkMagnet::toadPepe:
:PinkMagnet::wavey::wavey::PinkMagnet::toadPepe::PinkMagnet::wavey::wavey::PinkMagnet:
:PinkMagnet::wavey::wavey::wavey::PinkMagnet::wavey::wavey::wavey::PinkMagnet:
:PinkMagnet::wavey::wavey::wavey::wavey::wavey::wavey::wavey::PinkMagnet:
:toadPepe::PinkMagnet::wavey::wavey::wavey::wavey::wavey::PinkMagnet::toadPepe:
:toadPepe::toadPepe::PinkMagnet::wavey::wavey::wavey::PinkMagnet::toadPepe::toadPepe:
:toadPepe::Srec::toadPepe::PinkMagnet::wavey::PinkMagnet::toadPepe::Srec::toadPepe:
:toadPepe::toadPepe::toadPepe::toadPepe::PinkMagnet::toadPepe::toadPepe::toadPepe::toadPepe:
:wavetree::Letter_N::Wubs::letter_E::neonheart::Letter_O::Wubs::Letter_N::wavetree:
kon 9 hours ago 
cutie... 你好 ~QWQ :nekoheart: