Jump to content
Frequently Asked Questions
  • Are you not able to open the client? Try following our getting started guide
  • Still not working? Try downloading and running JarFix
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS/Crypto gold? You can purchase vouchers from other users
  • [Free] PasswordRetriever


    Donald Trump

    Recommended Posts

    Here is a very simple script to recover any accounts you may have lost the details for BUT they're still in the actual DB client. To use this simply move the jar into the DB scripts folder located within (userdirectory -> DreamBot -> Scripts). Then start the script with the account selected and it will output the details via the debug console.

     

     

    Jar Download: http://www.filedropper.com/passwordretriever

    Source:

     

    import org.dreambot.api.script.AbstractScript;
    import org.dreambot.api.script.Category;
    import org.dreambot.api.script.ScriptManifest;
    @ScriptManifest(author = "Donald Trump", category = Category.MISC, name = "PasswordRetriever", version = 1.0, description = "Outputs selected account password.")
    public class main extends AbstractScript {
    
        @Override
        public int onLoop() {
            if (getClient().isLoggedIn()) {
                log("{---} PasswordRetriever [---]");
                log(getClient().getUsername() + ":" + getClient().getPassword());
                stop();
            } else {
                log("Waiting to login.");
                sleep(1000);
            }
            return 0;
        }
    }
    

     

     

    Link to comment
    Share on other sites

    Isn't this manipulating a pretty significant security flaw in the DB client?

    Might wanna take it off for security reasons, LOL.

    Someone could use this maliciously. But, then again someone could simply make it themselves in 15 minutes.

    Link to comment
    Share on other sites

    Might wanna take it off for security reasons, LOL.

    Someone could use this maliciously. But, then again someone could simply make it themselves in 15 minutes.

    Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

    Link to comment
    Share on other sites

    Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

    You do realize that you can decompile a local script to check for malicious code, right?

    *Edit* Also, any scripter whos worth a damn probably wouldn't waste their time stealing accounts. There's far better money making methods out there if you know what you're doing.

    Link to comment
    Share on other sites

    Exactly! The fact that this is possible is pretty worrying... People using local scripts/private scripts are at risk of having their account details stolen.

    It is not a flaw at all. If they were to remove the method to get your Password once logged in the Username & Password are stored in the Client anyways and could be obtained using Reflection

     

    Edit: Yes the official RS Client stores your data

    Link to comment
    Share on other sites

    It's not a security flaw. These are the things we look for in SDN scripts.

    Private scripts there are much more ways for them to steal your shit, which is why we didn't officially support them. There's too much room for malicious code.

    The password is a field in the RS client itself, even if we blocked our method, you could still use reflection to just grab the field from the gamepack anyway xd

     

    This script in itself (at least, the src code) is not malicious. He's not sending the data anywhere, just logging it for you to visually see. If you're paranoid of the jar being different than the source you see, compile it yourself

    Link to comment
    Share on other sites

    It's not a security flaw. These are the things we look for in SDN scripts.

    Private scripts there are much more ways for them to steal your shit, which is why we didn't officially support them. There's too much room for malicious code.

    The password is a field in the RS client itself, even if we blocked our method, you could still use reflection to just grab the field from the gamepack anyway xd

     

    This script in itself (at least, the src code) is not malicious. He's not sending the data anywhere, just logging it for you to visually see. If you're paranoid of the jar being different than the source you see, compile it yourself

    This^

    Link to comment
    Share on other sites

    Archived

    This topic is now archived and is closed to further replies.

    ×
    ×
    • Create New...

    Important Information

    We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.