Search results
KahootGPT is a Chrome extension that enhances the Kahoot game experience with OpenAI's GPT 3.5 model to answer questions. It's an essential tool for anyone looking to improve their Kahoot game performance, with powerful features and an easy-to-use interface. chrome-extension ai artificial-intelligence openai gpt hacks kahoot gpt3 gpt4 ...
- kahoot-hacks · GitHub Topics · GitHub
Add this topic to your repo. To associate your repository...
- Cheat: Revealing all questions and answers of a Kahoot quiz.
This file contains bidirectional Unicode text that may be...
- kahoot-hacks · GitHub Topics · GitHub
Join a game of kahoot here. Kahoot! is a free game-based learning platform that makes it fun to learn – any subject, in any language, on any device, for all ages!
Add this topic to your repo. To associate your repository with the kahoot-hacks topic, visit your repo's landing page and select "manage topics." GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
- Overview
- Included tools
- Dependencies
- Android
- Usage
- The XSS hack
- License
I have reverse engineered parts of the protocol used by kahoot.it. This repository contains the results of my labor.
Currently, I have implemented the following tools:
•kahoot-flood - using an old school denial of service technique, this program automatically joins a game of kahoot an arbitrary number of times. For instance, you can register the nicknames "alex1", "alex2", ..., "alex100".
•kahoot-rand - connect to a game an arbitrary number of times (e.g. 100) and answer each question randomly. If you connect with enough names, one of them is bound to win.
•kahoot-profane - circumvent Kahoot's profanity detector, allowing you to join with any nickname (but with extra length restrictions; it has to be short).
•kahoot-play - play kahoot regularly—as if you were using the online client.
•kahoot-html - I have notified Kahoot and they have fixed this issue. It used to allow you to join a game of kahoot a bunch of times with HTML-rich nicknames. This messes with the lobby of a kahoot game. See the screenshot in the example section.
First, you must have the Go programming language installed on your machine.
Once you have Go installed and a GOPATH configured, you can use the following command to install the dependencies:
Download Termux on Android device and type this command line:
Once you have all the needed dependencies, you can run kahoot-flood/main.go program to execute the kahoot-flood tool. You can run the other tools in a similar fashion.
NOTE: I have contacted Kahoot and they have fixed this bug. It would have posed an actual security threat to teachers using Kahoot.
The XSS hack allows you to run arbitrary JavaScript code on the coordinator's computer. This could be something like alert('hey'), or it could be something much more devious. The command is dead-simple to use as well; you can do something like go run kahoot-xss/main.go game-pin alert\(\). While this seems simple enough, I had to work around some very tough restrictions to get this to work.
The exploit I use only allowed me to execute five-character snippets of JavaScript at a time. Kahoot lets users inject 15 characters of HTML, so we can do something like
The obvious approach is to build a script string using string concatenations and then evaluate it. The problem is that eval(e) is 7 characters, and even something like e=eval is 6 characters, one over our limit. In the end, I exploited the fact that Kahoot uses jQuery. Using HTML element construction, I can create a bogus that executes code (e.g. ). Once I get this into a variable Z, I can do $(Z).
I initially tried building strings using a linear approach: a='', b='X', a+=b, etc. In theory, this works, but in practice it took way to long to be useful. Now, I use a highly-parallel logarithmic approach. First, I set 32 variables in parallel. Then I join these variables into 16 new variables in parallel (e.g. a=b+c). I repeat this until all 32 characters are concatenated into one variable. I then repeat the process for the next 32 characters of the string, until I have built the whole thing.
In sum, my program takes your script and puts it in a malicious tag. It then builds a variable on the coordinator's browser with the contents of that tag. Finally, it puts the plan into action by invoking jQuery's conveniently short function name.
This is released under the 2-clause BSD license. See LICENSE.
Aug 18, 2023 · When it comes down to it, Kahoot is all about being the first to the draw. Even if you’re right, those who clicked the answer before you get more points, so it’s best to think on your toes ...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters. Show hidden characters. <?php. error_reporting (null);
People also ask
How do I get a Kahoot game pin?
How to cheat on Kahoot?
What is a Kahoot game pin generator?
How to hack Kahoot?
What is Kahoot?
How do I Hide my Name on Kahoot?
Nov 21, 2022 · Kahoot Auto Answer Hack. This awesome Chrome extension will answer every question correctly on the quiz. It can fetch answers automatically, change the number of points you get per question, or ...
