The Hacker's Guide to the Kingdom - The Book of Boozerbear

Author: Boozerbear

Chapter One
(Introduction and Basic Tools)

There are those who ask "How did Boozerbear get to be so rich and powerful in the game?" and really, that question deserves an honest answer.

I earned my first 50k meat in the game by creating an animated banner ad for another, much richer and more powerful player (Inconnu) back when I was poor and weak and n00bly. You can check out the forums and search for his posts to see it. In other words, I used my photoshop skills to get my first jump start in the game.

with that first 50k I bought a store and used my skill at gauging what items were in high demand, buying them all up and then selling my stock at a premium, to earn my way up to 33 million meat.

Around that time, I was pretty low on the levels board and struggling with fellow Mall magnate Mick for first place on the meat-leader board. My daily adventures were spent slaughtering Yeti and waiting for Hippo Skins to show up in the Bounty Hunter Hunter's want list. I was doing pretty good, but there was another level to the game that I had yet to explore.

The game we are all playing is still in Beta. It's not yet finished and probably won't be for awhile. Some months ago it was even less finished and had a *lot* more bugs. Around that time I noticed that pretty much all the leaderboard players were using various bugs and exploits to gain thier positions. (The first closet bug had come and gone, the Level Reduction Booth had been scrapped and the game-hackers were mostly exploiting the congruence of server performance issues and a problem with using multiple stat boosters or sending thousands of an item to someone else in a message.) This was annoying to me because I considered that sort of thing to be cheating and at that time, I had been making my way without resorting to monkeying with the game mechanics.

That annoyance was short-lived, though. I soon adopted an "If you can't beat'em, join'em" approach, and started studying how the game forms were processed, what variables were submitted and how the results could be manipulated. Within a few days, I had written a couple of good tools for messing with the game input (some swear by Proxomitron, but at the time I didn't know about it, so I scripted up an interface in PHP) and within a week I had found and written exploits for a half-dozen game bugs.

The first script I wrote was a simple interface for testing various URLs:

(note that you have to hijack the main browser's session in order for KoL not to just boot you back to the login screen. The easiest way I found to do this is to send the url of the frame script to yourself in a KOL Message, and then clicking on the link.)

[code]
<?php

$blank=$_GET['blank'];
$goto=$_POST['goto'];

print <<<EOF
<html>
<head>
<title>KOL URL Hacking Frameset</title>
<script language="JavaScript">
function go(){
URL = document.myForm.theURL.value;
parent.adv.location=URL;
}
</script>
</head>
<body>
EOF;

if (!$blank){

print <<<EOF
<br>
<form name="myForm">
Goto: <input type="text" name="theURL" size="50">
<input type="button" value="Go" onClick="go()">
</form>
<br>
<iframe src="$PHP_SELF?blank=1" width="600" height="500" name="adv">
</iframe>
EOF;

} else {

print <<<EOF
<br>
<b>Blank result - awaiting input...</b>
<br>
<br>
waiting for url input. don't forget the http://www.kingdomofloathing.com/ part!
EOF;

} // end $blank

print <<<EOF
</body>
</html>
EOF;
?>
[/code]

Note also that this wouldn't have worked at all if Jick had "register_globals" turned off in his installation of PHP/Apache. That could be gotten around by writing your own POST form for each idea you wanted to try, but of course that wouldn't be as simple or easy as this crude but effective device. This is the tool with which I discovered all of the exploits that I can lay claim or co-claim to. Not much to look at is it? (:


You can test it with a simple, benign and useful KoL hack (one of the few that still work):