From Encyclopedia Dramatica
Jump to navigation Jump to search

This was posted in a xat thread here and stayed up for two years before Xat staff finally got their shit together enough to quit hosting a how-to hack guide on their own site (That, or the thread just expired years later because we all know Xat has no staff). Rather than go through web archive after web archive, I just pasted it below for a handy guide for newfag bruteforcing.

Here is a large variety of glitches

Posted by demademademadema 243 days ago (Editorial)

First there are 3 codes like click the thing to the left of it and click allow) Open chat again in differnt tab or window. You may also sign into the second with a alternative account and that allows you to make a 3rd. You may also use this to Snakeban Self.

There are also unban hacks like, clearing all cache files changing ip, or going to a different ip for a few hours and don't sign in or sign in an alt. ^I use xat at school and home so i figured it out

Another recently discovered glitch is how to clone yourself on xat. First, right click the chat box and click settings. Then slide the local storage bar to 0kb. Finally, open the chat in another window/tab. If you sign in with a toon name, it worked. Congratz.

Main Owner hack, this one is VERY SERIOUS. I have a friend who does it and i know most of the steps 1) get the ID XC CN GB GN


id=5 xc=2336 cn=1472578924 gb=g0&gn=xat_test

would be the xat_test chat

next you need to open a brutus engine and fill it in like so:


Target is xats ip which you get from cmd.


Type is HTTP (Form) Port for xat is 80 Connections=10 Timeout=10 No Proxy Method=Get Keepalive Fake Cookies Encode

Next you Click the modify sequence button http://prntscr.com/27bcc

Target form is the edit page http://xat.com/web_gear/chat/editgroup.php?GroupName=xat_test would be xat_test

next click the learn form settings button and change the form to the first one labeled "Pass" Also Click the username value and click the groupname value and then click password and click the password button. http://prntscr.com/27bcr http://prntscr.com/27be0

PHPSESSID will be same but write down the value of the value

Field Slot is Username i don't know the name though i think it would be Xat_Test but this part I'm unsure about because i have never done it i was only taught about it from a friend who left xat a while ago who proved it works so there are 2 areas i don't know how to fill out.

It should now look like this http://prntscr.com/27be8 Press Ok

User ID would probably be the chats ID but i don't know this part yet. I do know you set it to single user. Next you set the method to brute force. Fill that area in like this. http://prntscr.com/27beq Then after click Start and the pw value will appear here. http://prntscr.com/27bex

those are all the values you need now. What i am doing is creating all the values needed to recreate the main owner code. http://prntscr.com/27biv


You just need the id and pw, we have the id from the start and we use the other values in that engine to get the pw, i don't know 100% how to do it but my friend did it all the time while she was on xat so i would look into it. Then fill in the code with the values. pw value is what you got form brutus. Boom your main owner. This should be fixed.

The next glitch thingy i am going to say is about the events power. It works by having a quick loading screen that checks what account you are logged into , if you pause it there a username bar will appear, you type in the name of someone who has the power and click the button and it gets you in. its because all the unregistered users share the "null" account which is what xats system calls it. The shortname null is actually buy-able which means that if someone buys that name and gets events all unregistered and toons can sue events. http://prntscr.com/27bkt

Another glitch , this one i like, is fullscreen chat. I know it works in IE9 and Firefox 4-5 but i haven't tested the others. http://www.xatech.com/web_gear/chat/chat.swf?id=&gn= Fill in the values i showed earlier and its fullscreen http://www.xatech.com/web_gear/chat/chat.swf?id=5&gn=xat_test is an example http://prntscr.com/27blk

The gn can be changed and it will appear different in the chat http://www.xatech.com/web_gear/chat/chat.swf?id=5&gn=Demahack http://prntscr.com/27blz If you click the button 2x it will load normal chatpage. No Photobucket or youtube can be loaded because of the applications being gone. You can hold shift while clicking to open in new window though.

Next i want to talk about how insecure xats applications including trade They are made with shockwave flash which is downloaded then coded with php which is easily hackable seeing that there are many php hackers on xat.

DOODLE http://www.xatech.com/web_gear/flash/doodle.swf?a12

GRID http://www.xatech.com/web_gear/flash/30004.swf?g0

TRADE http://www.xatech.com/web_gear/flash/30008.swf?a9

, even trade can be downloaded, these go directly into xats system so these being downloaded and recoded don't even need to be on xats website for people to get free powers and scam the trade.

All of these hack or glitch problems are not being said to intend any harm on xat but to inform xats creators that it needs to be more secure and work better before some hacker learns to figure all these out.