This was posted in a xat thread here and stayed up for two years before Xat staff finally got their shit together enough to quit hosting a how-to hack guide on their own site (That, or the thread just expired years later because we all know Xat has no staff). Rather than go through web archive after web archive, I just pasted it below for a handy guide for newfag bruteforcing.
Here is a large variety of glitches
Posted by demademademadema 243 days ago (Editorial)
First there are 3 codes like click the thing to the left of it and click allow) Open chat again in differnt tab or window. You may also sign into the second with a alternative account and that allows you to make a 3rd. You may also use this to Snakeban Self.
There are also unban hacks like, clearing all cache files changing ip, or going to a different ip for a few hours and don't sign in or sign in an alt. ^I use xat at school and home so i figured it out
Another recently discovered glitch is how to clone yourself on xat. First, right click the chat box and click settings. Then slide the local storage bar to 0kb. Finally, open the chat in another window/tab. If you sign in with a toon name, it worked. Congratz.
Main Owner hack, this one is VERY SERIOUS. I have a friend who does it and i know most of the steps 1) get the ID XC CN GB GN
id=5 xc=2336 cn=1472578924 gb=g0&gn=xat_test
would be the xat_test chat
next you need to open a brutus engine and fill it in like so:
Target is xats ip which you get from cmd.
Type is HTTP (Form) Port for xat is 80 Connections=10 Timeout=10 No Proxy Method=Get Keepalive Fake Cookies Encode
Next you Click the modify sequence button http://prntscr.com/27bcc
Target form is the edit page http://xat.com/web_gear/chat/editgroup.php?GroupName=xat_test would be xat_test
next click the learn form settings button and change the form to the first one labeled "Pass" Also Click the username value and click the groupname value and then click password and click the password button. http://prntscr.com/27bcr http://prntscr.com/27be0
PHPSESSID will be same but write down the value of the value
Field Slot is Username i don't know the name though i think it would be Xat_Test but this part I'm unsure about because i have never done it i was only taught about it from a friend who left xat a while ago who proved it works so there are 2 areas i don't know how to fill out.
It should now look like this http://prntscr.com/27be8 Press Ok
User ID would probably be the chats ID but i don't know this part yet. I do know you set it to single user. Next you set the method to brute force. Fill that area in like this. http://prntscr.com/27beq Then after click Start and the pw value will appear here. http://prntscr.com/27bex
those are all the values you need now. What i am doing is creating all the values needed to recreate the main owner code. http://prntscr.com/27biv
You just need the id and pw, we have the id from the start and we use the other values in that engine to get the pw, i don't know 100% how to do it but my friend did it all the time while she was on xat so i would look into it. Then fill in the code with the values. pw value is what you got form brutus. Boom your main owner. This should be fixed.
The next glitch thingy i am going to say is about the events power. It works by having a quick loading screen that checks what account you are logged into , if you pause it there a username bar will appear, you type in the name of someone who has the power and click the button and it gets you in. its because all the unregistered users share the "null" account which is what xats system calls it. The shortname null is actually buy-able which means that if someone buys that name and gets events all unregistered and toons can sue events. http://prntscr.com/27bkt
Another glitch , this one i like, is fullscreen chat. I know it works in IE9 and Firefox 4-5 but i haven't tested the others. http://www.xatech.com/web_gear/chat/chat.swf?id=&gn= Fill in the values i showed earlier and its fullscreen http://www.xatech.com/web_gear/chat/chat.swf?id=5&gn=xat_test is an example http://prntscr.com/27blk
The gn can be changed and it will appear different in the chat http://www.xatech.com/web_gear/chat/chat.swf?id=5&gn=Demahack http://prntscr.com/27blz If you click the button 2x it will load normal chatpage. No Photobucket or youtube can be loaded because of the applications being gone. You can hold shift while clicking to open in new window though.
Next i want to talk about how insecure xats applications including trade They are made with shockwave flash which is downloaded then coded with php which is easily hackable seeing that there are many php hackers on xat.
, even trade can be downloaded, these go directly into xats system so these being downloaded and recoded don't even need to be on xats website for people to get free powers and scam the trade.
All of these hack or glitch problems are not being said to intend any harm on xat but to inform xats creators that it needs to be more secure and work better before some hacker learns to figure all these out.