Jump to content

Welcome to DreamBot

VIP Enhancement

Want to upgrade your DreamBot experience? Consider signing up for VIP!
VIP allows you to run as many accounts as you want, view the forums ad-free, receive 10% off all script purchases, and so much more!
Visit the store to learn about all of these great features!

Upgrade to VIP Now
Frequently Asked Questions
  • Are you not able to open the client? Make sure you have Java 8 installed
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS gold? You can purchase vouchers from another users
  • Try asking for help in the chatbox

DreamBot is the only Deadman Mode supported bot on the market!

Download the DreamBot client today!





Donald Trump

[Free] PasswordRetriever

Recommended Posts

Here is a very simple script to recover any accounts you may have lost the details for BUT they're still in the actual DB client. To use this simply move the jar into the DB scripts folder located within (userdirectory -> DreamBot -> Scripts). Then start the script with the account selected and it will output the details via the debug console.

 

 

Jar Download: http://www.filedropper.com/passwordretriever

Source:

 

import org.dreambot.api.script.AbstractScript;
import org.dreambot.api.script.Category;
import org.dreambot.api.script.ScriptManifest;
@ScriptManifest(author = "Donald Trump", category = Category.MISC, name = "PasswordRetriever", version = 1.0, description = "Outputs selected account password.")
public class main extends AbstractScript {

    @Override
    public int onLoop() {
        if (getClient().isLoggedIn()) {
            log("{---} PasswordRetriever [---]");
            log(getClient().getUsername() + ":" + getClient().getPassword());
            stop();
        } else {
            log("Waiting to login.");
            sleep(1000);
        }
        return 0;
    }
}

 

 

Edited by Donald Trump

Share this post


Link to post
Share on other sites

Isn't this manipulating a pretty significant security flaw in the DB client?

Might wanna take it off for security reasons, LOL.

Someone could use this maliciously. But, then again someone could simply make it themselves in 15 minutes.

Edited by Almonds

Share this post


Link to post
Share on other sites

Might wanna take it off for security reasons, LOL.

Someone could use this maliciously. But, then again someone could simply make it themselves in 15 minutes.

Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

Share this post


Link to post
Share on other sites

Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

You do realize that you can decompile a local script to check for malicious code, right?

*Edit* Also, any scripter whos worth a damn probably wouldn't waste their time stealing accounts. There's far better money making methods out there if you know what you're doing.

Edited by NovaGTX

Share this post


Link to post
Share on other sites

Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

It is not a flaw at all. If they were to remove the method to get your Password once logged in the Username & Password are stored in the Client anyways and could be obtained using Reflection

 

Edit: Yes the official RS Client stores your data

Edited by Dinh

Share this post


Link to post
Share on other sites

It's not a security flaw. These are the things we look for in SDN scripts.

Private scripts there are much more ways for them to steal your shit, which is why we didn't officially support them. There's too much room for malicious code.

The password is a field in the RS client itself, even if we blocked our method, you could still use reflection to just grab the field from the gamepack anyway xd

 

This script in itself (at least, the src code) is not malicious. He's not sending the data anywhere, just logging it for you to visually see. If you're paranoid of the jar being different than the source you see, compile it yourself

Share this post


Link to post
Share on other sites

It's not a security flaw. These are the things we look for in SDN scripts.

Private scripts there are much more ways for them to steal your shit, which is why we didn't officially support them. There's too much room for malicious code.

The password is a field in the RS client itself, even if we blocked our method, you could still use reflection to just grab the field from the gamepack anyway xd

 

This script in itself (at least, the src code) is not malicious. He's not sending the data anywhere, just logging it for you to visually see. If you're paranoid of the jar being different than the source you see, compile it yourself

This^

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...