Goodies4uAll

Posted on September 28, 2009 - by Don

Monopoly City Streets Hack

Goodies
Monopoly City Streets Hack

Monopoly City Streets Vulnerability

The first thing I noticed with this online game is how easy it is to hack other accounts. Normally when you forget your password it is a matter of answering a secret question and the password is emailed to the email on the account. However since monopoly city streets does not require an email address to sign up, it is just a matter of guessing the answer to your secret question. What makes it even easier is there is only one secret question! What is your pet’s name? With just a few common pet names, it doesn’t take long for one to answer that question and be able to change the person’s password.

forgotpassword monopoly1 Monopoly City Streets Hack

Is There An Easier Way to Type In These Names?

Soon after typing these pet names in one by one I thought to myself there has to be an easier way. And yes there is! Firefox has this add on called imacros. This allows you to automate certain things like filling out forms which is exactly what we are doing! The problem was writing the code for imacros took some time as the pet names are case sensitive. Here is the example code of just using 3 pet names:

VERSION BUILD=6240709 RECORDER=FX
TAB T=1
URL GOTO=http://www.monopolycitystreets.com/game.html#en
TAG POS=4 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=* CONTENT=Abby
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:NoFormName ATTR=VALUE:SET<SP>PASSWORD
TAG POS=4 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=* CONTENT=abby
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:NoFormName ATTR=VALUE:SET<SP>PASSWORD
TAG POS=4 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=* CONTENT=Angel
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:NoFormName ATTR=VALUE:SET<SP>PASSWORD
TAG POS=4 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=* CONTENT=angel

After playing that macro you will notice it will enter in two names both uppercase and lowercase and click set password. NOTE: You will have to manually enter in the password you would like to change it to first. Then click Play on the imacros add on.

petnames changepassword 300x296 Monopoly City Streets Hack

The only problem here is it takes a long time to build up the code to try many pet names.

Need A List of Common Pet Names?

After searching online for a long list of pet names I began to notice there were many short ones but no long list. So I needed an easy way to combine these lists into one that would not include the duplicates and alphabetically sort them. That’s when I realized the need to write my own program to do this for me.

Program CombinedLists and Other Goodies

The program performs the following:

  • Combines 2 lists excluding duplicate names
  • Sorts the combined list alphabetically
  • Asks a filename to save to
  • Saves a .txt file and a .iim file for imacros to use. (Conveniently makes the code for the imacros program all you need to do is copy and paste)
  • Tells you how many names you have.

The Program requires the following:

  • Each list must be saved as a .txt file with ONE name per line
  • When loading both files include : .txt extension
  • When saving combined list do not include .txt extension
  • Maximum of 10,000 names in 1st list
  • Maximum of 1,000 names in 2nd list
  • Maximum of 11,000 names in combined list
  • Easiest to load lists from the folder the program is ran from.

I wrote the program in c++. I have included the program, a large list of pet names (2303 names), and the code of that list for imacros.

CombineLists.exe

list.txt

list(imacros).iim

Prevention

The only sure way to prevent your account from being hacked is to make a password for your pet name. Just don’t forget your password!

UPDATE:

Although you can still guess people’s pet names manually, this hack has been prevented with captcha.

This entry was posted on Monday, September 28th, 2009 at 12:43 pm and is filed under Goodies. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

7 Comments

We'd love to hear yours!



  1. Visit My Website

    September 29, 2009

    Permalink

    Mike said:

    Nice work. Remember looking at posts like these and wondering wow how did they ever think of that? :D



  2. Visit My Website

    September 30, 2009

    Permalink

    Anonymous said:

    You do realize that you can change the secret question while signing up by clicking into that field and typing something else?



  3. Visit My Website

    October 1, 2009

    Permalink

    Don said:

    Yes thank you for mentioning that because I didn’t clear that up. Most people don’t realize that and the accounts where the secret question has not changed from the default question (What is your pet’s name?) are the accounts that are more easily hacked. Think about it. If they haven’t changed the question it is more likely they blatantly answered it.



  4. Visit My Website

    November 6, 2009

    Permalink

    Ulysses said:

    Darn! I should have found this before google add RECAPTCHA in the page. Nice!



  5. Visit My Website

    December 25, 2009

    Permalink

    ksyvanilla said:

    I want to quote your post in my blog. It can?
    And you et an account on Twitter?



  6. Visit My Website

    February 12, 2010

    Permalink

    online pay day loans said:

    I am to a great extent impressed with the article I have just read. I wish the writer of http://www.goodies4uall.com can continue to provide so much useful information and unforgettable experience to http://www.goodies4uall.com readers. There is not much to say except the following universal truth: The keyboard is mightier than the pen, and the pen is mightier than the sword, but the atom bomb kicks ass… I will be back.



  7. Visit My Website

    February 15, 2010

    Permalink

    Kicker said:

    Hi there,
    I have already seen it somewhere…
    Thanks



Leave a Comment

Here's your chance to speak.

  1. Name (required)

    Mail (required)

    Website

    Message