Custom files exploit

classic Classic list List threaded Threaded
55 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
Actually the parsing involves the operating system and how the os rendering occurs is dependent upon software, or hardware rendering. Which is universal. If you know OSI layer, then you know once it is transported, and in the server cache (memory) it is already executing.

On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <[hidden email]> wrote:
Just because you can upload a file doesn't mean the server will parse it in a way that would compromise it. That's not how it works. There's a reason why most of your examples are around exploiting php applications.

On Oct 10, 2017 9:20 AM, "Stealth Mode" <[hidden email]> wrote:

On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[hidden email]> wrote:
Do you have a POC?


From: Stealth Mode <[hidden email]>
To: <[hidden email]>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[hidden email]> wrote:
Sure,

But you have anything to back this up? (don't take it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode <[hidden email]>:
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints.

The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. 

Might want to disable custom files till valve decides to correct this issue.

-StealthMode

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Misiu Pajor-2
In reply to this post by Stealth Mode
This is not the correct place to make assumptions of this type. Please be concrete with your security reports whereby you include a summary of what you are trying to make a point out of here, and not baffle on high-level details that is not of relevance.

POC stands for Proof of Concept, and nothing else.


On Tue, Oct 10, 2017 at 4:26 PM, Stealth Mode <[hidden email]> wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email]> wrote:
Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]> wrote:
This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. 


On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[hidden email]> wrote:
Do you have a POC?


From: Stealth Mode <[hidden email]>
To: <[hidden email]>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[hidden email]> wrote:
Sure,

But you have anything to back this up? (don't take it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode <[hidden email]>:
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints.

The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. 

Might want to disable custom files till valve decides to correct this issue.

-StealthMode

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Alan Love
In reply to this post by Stealth Mode
How is it executing code? What exactly is the mechanism in play here that is evaluating your exploit code? You keep mentioning images, but that would require the backend to parse and execute an exploit attached to said image. There's nothing that would do that. If this was the case large sites like imgur and Facebook would be compromised every day. 

You keep mentioning you work in the field of IT or whatever but that's just hard to believe as someone who actually does. This is such a dumb thing to make a fuss over and clearly shows you have no clue what you're talking about. Going to assume you're just a troll until you can actually come up with an actual poc.

Good luck and have fun out there. If you ever want some good resources on how to properly learn this stuff feel free to ask and I can provide.

On Oct 10, 2017 9:25 AM, "Stealth Mode" <[hidden email]> wrote:
Actually my information is grounded in fact and 100% replicatable if you know the field. I've listed a few resources to educate yourself. Please refrain from speaking if you do not have an education in ITSec. 


The links I've provided are just a few examples. Anyone can make a custom image file (weapon skin, or spray paint, or wad in a .bsp) inject code into it, and use your server, and clients connected to it to launch whatever code they want. In the links provided, these are image files used to inject code into web servers once the image is loaded. Meaning, once a spray is sprayed, or a client uses x weapon skin through GO market. Once sent to server/client cache, it then executes spraying a benign image, or rendering a benign looking skin, while behind the scenes it is also executing code. Now most of these script kiddies probably are just using the images to run hacks, which yes they can be just that benign. However, more sophisticated hackers can also use this to compromise entire networks, backbones, etc. 

On Mon, Oct 9, 2017 at 8:28 PM, devu4 <[hidden email]> wrote:
This is such a pointless thread, no proof and a big headed clueless guy
coming out with irrelevant crap!



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Alan Love
In reply to this post by Stealth Mode
Just because something is in memory doesn't mean it's executing code.. that's not how memory works. 

Good luck at your conference :)

On Oct 10, 2017 9:33 AM, "Stealth Mode" <[hidden email]> wrote:
Actually the parsing involves the operating system and how the os rendering occurs is dependent upon software, or hardware rendering. Which is universal. If you know OSI layer, then you know once it is transported, and in the server cache (memory) it is already executing.

On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <[hidden email]> wrote:
Just because you can upload a file doesn't mean the server will parse it in a way that would compromise it. That's not how it works. There's a reason why most of your examples are around exploiting php applications.

On Oct 10, 2017 9:20 AM, "Stealth Mode" <[hidden email]> wrote:

On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[hidden email]> wrote:
Do you have a POC?


From: Stealth Mode <[hidden email]>
To: <[hidden email]>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[hidden email]> wrote:
Sure,

But you have anything to back this up? (don't take it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode <[hidden email]>:
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints.

The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. 

Might want to disable custom files till valve decides to correct this issue.

-StealthMode

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
In reply to this post by Kevin C
@Kevin

Yes this is what I was suggesting, also the Custom_files svar set to 0 will disable this until vALVE can build a fix into the engine. EG: VAC custom file checks, skin checks, .bsp submission system for addition to market/game, etc. Right now the custom.hpk file is what will store spray paints. This is the file server side that should be scanned. As each new custom spray goes into this file, when it is written and accessed is when this exploit can occur.

There are also sql database injection vulnerabilities using AMX. But this is another issue not valve related.

On Tue, Oct 10, 2017 at 10:29 AM, Kevin C <[hidden email]> wrote:

Pretty sure by context it means proof of concept.


For CS:GO sv_allowupload 0 could easily be used to counter what you are claiming. This goes for any source game server but for games that allow sprays this would disable them.


On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email]> wrote:
Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]> wrote:
This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. 


On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[hidden email]> wrote:
Do you have a POC?


From: Stealth Mode <[hidden email]>
To: <[hidden email]>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[hidden email]> wrote:
Sure,

But you have anything to back this up? (don't take it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode <[hidden email]>:
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints.

The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. 

Might want to disable custom files till valve decides to correct this issue.

-StealthMode

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

thedudeguy1
In reply to this post by Stealth Mode
Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
In reply to this post by Nomaan Ahmad
So clueless I hold an electronics engineering degree, an IT industry degree, and am currently studying CCIE/CCDE and contracting with Cisco to develop electronics safeguards to protect from binary injections into IT infrastructure.

Please refrain from trolling, flaming, etc. You do not have an education in this field.

-StealthMode

On Tue, Oct 10, 2017 at 10:27 AM, Nomaan Ahmad <[hidden email]> wrote:
This guy is clueless.

On 10 Oct 2017 3:25 pm, "Stealth Mode" <[hidden email]> wrote:
Actually my information is grounded in fact and 100% replicatable if you know the field. I've listed a few resources to educate yourself. Please refrain from speaking if you do not have an education in ITSec. 


The links I've provided are just a few examples. Anyone can make a custom image file (weapon skin, or spray paint, or wad in a .bsp) inject code into it, and use your server, and clients connected to it to launch whatever code they want. In the links provided, these are image files used to inject code into web servers once the image is loaded. Meaning, once a spray is sprayed, or a client uses x weapon skin through GO market. Once sent to server/client cache, it then executes spraying a benign image, or rendering a benign looking skin, while behind the scenes it is also executing code. Now most of these script kiddies probably are just using the images to run hacks, which yes they can be just that benign. However, more sophisticated hackers can also use this to compromise entire networks, backbones, etc. 

On Mon, Oct 9, 2017 at 8:28 PM, devu4 <[hidden email]> wrote:
This is such a pointless thread, no proof and a big headed clueless guy
coming out with irrelevant crap!



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

thomasjosif
In reply to this post by Stealth Mode
How did we jump from a server issue to AMX lol? Who even still uses AMX?!!?

On Tue, Oct 10, 2017 at 10:39 AM Stealth Mode <[hidden email]> wrote:
@Kevin

Yes this is what I was suggesting, also the Custom_files svar set to 0 will disable this until vALVE can build a fix into the engine. EG: VAC custom file checks, skin checks, .bsp submission system for addition to market/game, etc. Right now the custom.hpk file is what will store spray paints. This is the file server side that should be scanned. As each new custom spray goes into this file, when it is written and accessed is when this exploit can occur.

There are also sql database injection vulnerabilities using AMX. But this is another issue not valve related.

On Tue, Oct 10, 2017 at 10:29 AM, Kevin C <[hidden email]> wrote:

Pretty sure by context it means proof of concept.


For CS:GO sv_allowupload 0 could easily be used to counter what you are claiming. This goes for any source game server but for games that allow sprays this would disable them.


On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email]> wrote:
Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]> wrote:
This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. 


On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[hidden email]> wrote:
Do you have a POC?


From: Stealth Mode <[hidden email]>
To: <[hidden email]>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[hidden email]> wrote:
Sure,

But you have anything to back this up? (don't take it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode <[hidden email]>:
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints.

The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. 

Might want to disable custom files till valve decides to correct this issue.

-StealthMode

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
--
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If you have any questions or concerns please feel free to contact my supervisor(s) at [hidden email] or [hidden email]

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
In reply to this post by epicoder
Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump chumps ring a bell? I don't have time tbh to provide anything other than information. This is a side issue I discovered on my own lan server using a .gif spray paint image. It can be replicated. Build a graphics file, inject it with a script to execute a shell window, and display a message, xxxx has set us up the bomb. Inject into the image file, select as a spray paint. Spray it on your server, log into your server, look at the shell window. 

Have a nice day. Off to work.

-StealthMode

On Tue, Oct 10, 2017 at 10:29 AM, epi <[hidden email]> wrote:
PoC stands for Proof of Concept. We are asking you to provide proof that you are not just pasting random articles on PHP. You have yet to show us anything that would trigger any issues in srcds.

On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email] <mailto:[hidden email]>> wrote:

    Did you read how that's actually exploited? It would require another
    malicious script to parse the exif tag and eval some PHP. How
    exactly would a similar situation occur on a hosted game server? Do
    you have a poc? You say this email chain is one but I dont think you
    quite know what you're talking about.

    On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]
    <mailto:[hidden email]>> wrote:

        This email is fine for a POC. Far as the exploit, for those who
        arent familiar, this is an example.

        https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/
        <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/>

        On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
        <[hidden email] <mailto:[hidden email]>> wrote:

            Do you have a POC?


            *From: * Stealth Mode <[hidden email]
            <mailto:[hidden email]>>
            *To: * <[hidden email]
            <mailto:[hidden email]>>
            *Sent: * 10/10/2017 12:44 AM
            *Subject: * Re: [Csgo_servers] Custom files exploit

                Yes, IT skills. Electronics skills. And old school
                knowledge of how to inject image files with malicious
                code (NetSec/ITSec). This is an older style of
                "hacking". Remember those warnings about clicking
                download attachments from the 90s onward? Same thing
                still applies. Except, there is no detection for any
                hlds/go server, so an injected image can contaminate a
                server cache. Which in turn will infect clients. Any
                image file, any data file really, can be modified like
                this. Willing to bet good money those $500. go weapon
                skins have hack code scripted and injected into the image.


                On Mon, Oct 9, 2017 at 11:59 AM, iNilo
                <[hidden email] <mailto:[hidden email]>>
                wrote:

                    Sure,

                    But you have anything to back this up? (don't take
                    it the wrong way)

                    Nilo.

                    2017-10-09 16:54 GMT+02:00 Stealth Mode
                    <[hidden email]
                    <mailto:[hidden email]>>:

                        Headsup admins/owners. Might want to disable
                        custom files till valve addresses this issue
                        brought to their attention a month ago.
                        There is an exploit where any client with minor
                        skill can inject custom files with all types of
                        malicious code. From hacks in weapon skins, to
                        ransomware in custom .bsp, to remote backdoors
                        in custom spray paints.

                        The exploit is injecting code into any image,
                        sound, or data file. You can take weapon skins
                        (csgo), sound files, spray paint image files,
                        even .bsp/etc. and inject hack code, or actual
                        ransomware, viruses, or Trojans/rootkits
                        directly into a server cache, or client cache
                        via the custom file.

                        Might want to disable custom files till valve
                        decides to correct this issue.

                        -StealthMode

                        _______________________________________________
                        Csgo_servers mailing list
                        [hidden email]
                        <mailto:[hidden email]>
                        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



                    _______________________________________________
                    Csgo_servers mailing list
                    [hidden email]
                    <mailto:[hidden email]>
                    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




                _______________________________________________
                Csgo_servers mailing list
                [hidden email]
                <mailto:[hidden email]>
                https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


            _______________________________________________
            Csgo_servers mailing list
            [hidden email]
            <mailto:[hidden email]>
            https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
            <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



        _______________________________________________
        Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Geo B.
@stealthmode thanks to stop spamming us with your (soon to be) knowledges. 
We know get it, you studied Cisco, Networking, ITsec, IPsec, infowar but in fact, nobody care.

Thanks





2017-10-10 16:42 GMT+02:00 Stealth Mode <[hidden email]>:
Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump chumps ring a bell? I don't have time tbh to provide anything other than information. This is a side issue I discovered on my own lan server using a .gif spray paint image. It can be replicated. Build a graphics file, inject it with a script to execute a shell window, and display a message, xxxx has set us up the bomb. Inject into the image file, select as a spray paint. Spray it on your server, log into your server, look at the shell window. 

Have a nice day. Off to work.

-StealthMode

On Tue, Oct 10, 2017 at 10:29 AM, epi <[hidden email]> wrote:
PoC stands for Proof of Concept. We are asking you to provide proof that you are not just pasting random articles on PHP. You have yet to show us anything that would trigger any issues in srcds.

On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email] <mailto:[hidden email]>> wrote:

    Did you read how that's actually exploited? It would require another
    malicious script to parse the exif tag and eval some PHP. How
    exactly would a similar situation occur on a hosted game server? Do
    you have a poc? You say this email chain is one but I dont think you
    quite know what you're talking about.

    On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]
    <mailto:[hidden email]>> wrote:

        This email is fine for a POC. Far as the exploit, for those who
        arent familiar, this is an example.

        https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/
        <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/>

        On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
        <[hidden email] <mailto:[hidden email]>> wrote:

            Do you have a POC?


            *From: * Stealth Mode <[hidden email]
            <mailto:[hidden email]>>
            *To: * <[hidden email]
            <mailto:[hidden email]>>
            *Sent: * 10/10/2017 12:44 AM
            *Subject: * Re: [Csgo_servers] Custom files exploit

                Yes, IT skills. Electronics skills. And old school
                knowledge of how to inject image files with malicious
                code (NetSec/ITSec). This is an older style of
                "hacking". Remember those warnings about clicking
                download attachments from the 90s onward? Same thing
                still applies. Except, there is no detection for any
                hlds/go server, so an injected image can contaminate a
                server cache. Which in turn will infect clients. Any
                image file, any data file really, can be modified like
                this. Willing to bet good money those $500. go weapon
                skins have hack code scripted and injected into the image.


                On Mon, Oct 9, 2017 at 11:59 AM, iNilo
                <[hidden email] <mailto:[hidden email]>>
                wrote:

                    Sure,

                    But you have anything to back this up? (don't take
                    it the wrong way)

                    Nilo.

                    2017-10-09 16:54 GMT+02:00 Stealth Mode
                    <[hidden email]
                    <mailto:[hidden email]>>:

                        Headsup admins/owners. Might want to disable
                        custom files till valve addresses this issue
                        brought to their attention a month ago.
                        There is an exploit where any client with minor
                        skill can inject custom files with all types of
                        malicious code. From hacks in weapon skins, to
                        ransomware in custom .bsp, to remote backdoors
                        in custom spray paints.

                        The exploit is injecting code into any image,
                        sound, or data file. You can take weapon skins
                        (csgo), sound files, spray paint image files,
                        even .bsp/etc. and inject hack code, or actual
                        ransomware, viruses, or Trojans/rootkits
                        directly into a server cache, or client cache
                        via the custom file.

                        Might want to disable custom files till valve
                        decides to correct this issue.

                        -StealthMode

                        _______________________________________________
                        Csgo_servers mailing list
                        [hidden email]
                        <mailto:[hidden email]>
                        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



                    _______________________________________________
                    Csgo_servers mailing list
                    [hidden email]
                    <mailto:[hidden email]>
                    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




                _______________________________________________
                Csgo_servers mailing list
                [hidden email]
                <mailto:[hidden email]>
                https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


            _______________________________________________
            Csgo_servers mailing list
            [hidden email]
            <mailto:[hidden email]>
            https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
            <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



        _______________________________________________
        Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Ben Steiger
In reply to this post by Stealth Mode
Please stop. I have been watching this conversation since it started. Provide a case-specific example if you can. If not, please keep your solutions to yourself.

I may not be an IT graduate, but I have a keen understanding of when someone is full of themself. 

Besides: your server has custom files disabled, why bother talking to a brick wall anymore just to have a bunch of people you clearly don't respect do the same?

-OF

On Oct 10, 2017 10:41 AM, "Stealth Mode" <[hidden email]> wrote:
So clueless I hold an electronics engineering degree, an IT industry degree, and am currently studying CCIE/CCDE and contracting with Cisco to develop electronics safeguards to protect from binary injections into IT infrastructure.

Please refrain from trolling, flaming, etc. You do not have an education in this field.

-StealthMode

On Tue, Oct 10, 2017 at 10:27 AM, Nomaan Ahmad <[hidden email]> wrote:
This guy is clueless.

On 10 Oct 2017 3:25 pm, "Stealth Mode" <[hidden email]> wrote:
Actually my information is grounded in fact and 100% replicatable if you know the field. I've listed a few resources to educate yourself. Please refrain from speaking if you do not have an education in ITSec. 


The links I've provided are just a few examples. Anyone can make a custom image file (weapon skin, or spray paint, or wad in a .bsp) inject code into it, and use your server, and clients connected to it to launch whatever code they want. In the links provided, these are image files used to inject code into web servers once the image is loaded. Meaning, once a spray is sprayed, or a client uses x weapon skin through GO market. Once sent to server/client cache, it then executes spraying a benign image, or rendering a benign looking skin, while behind the scenes it is also executing code. Now most of these script kiddies probably are just using the images to run hacks, which yes they can be just that benign. However, more sophisticated hackers can also use this to compromise entire networks, backbones, etc. 

On Mon, Oct 9, 2017 at 8:28 PM, devu4 <[hidden email]> wrote:
This is such a pointless thread, no proof and a big headed clueless guy
coming out with irrelevant crap!



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Joe Brown
In reply to this post by thedudeguy1
If you are pointing to an exploit, you should be able to replicate the exploit and maybe even go further to give what function resulted in this exploit (not checking types, not sanitizing input, etc.) There should also be a description on what the exploit leads to (Remote Code Execution, Denial of Service, etc)

From: Csgo_servers <[hidden email]> on behalf of thedudeguy1 <[hidden email]>
Sent: Tuesday, October 10, 2017 10:38 AM
To: [hidden email]
Subject: Re: [Csgo_servers] Custom files exploit
 
Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Don Park-2
In reply to this post by Stealth Mode
Please send an actual working proof of concept (PoC) (also the configuration of the server/environment if applicable).  A working Proof of Concept will prove your point.  At the current level, this is nothing more than a theory and a hypothesis.  The PoC is the only thing we need.  

Cheers.

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
In reply to this post by Geo B.
@GEO

Some care, and arent as immature about it. You should be bannished from this list for attempting to provoke members.

@Thomas

AMX reference was just a reference about sql database injections. As it has vulnerabilities as well. Fact is, the image itself can be used to inject the servers sql database. Or any other file. Like the users, superusers, system registry, or linux user list. 

Off to work, thanks to those who understand, and requested information. Grow up to those who denounce with no education in the field.

-StealthMode

On Tue, Oct 10, 2017 at 10:50 AM, Geo B. <[hidden email]> wrote:
@stealthmode thanks to stop spamming us with your (soon to be) knowledges. 
We know get it, you studied Cisco, Networking, ITsec, IPsec, infowar but in fact, nobody care.

Thanks





2017-10-10 16:42 GMT+02:00 Stealth Mode <[hidden email]>:
Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump chumps ring a bell? I don't have time tbh to provide anything other than information. This is a side issue I discovered on my own lan server using a .gif spray paint image. It can be replicated. Build a graphics file, inject it with a script to execute a shell window, and display a message, xxxx has set us up the bomb. Inject into the image file, select as a spray paint. Spray it on your server, log into your server, look at the shell window. 

Have a nice day. Off to work.

-StealthMode

On Tue, Oct 10, 2017 at 10:29 AM, epi <[hidden email]> wrote:
PoC stands for Proof of Concept. We are asking you to provide proof that you are not just pasting random articles on PHP. You have yet to show us anything that would trigger any issues in srcds.

On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor.

Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[hidden email] <mailto:[hidden email]>> wrote:

    Did you read how that's actually exploited? It would require another
    malicious script to parse the exif tag and eval some PHP. How
    exactly would a similar situation occur on a hosted game server? Do
    you have a poc? You say this email chain is one but I dont think you
    quite know what you're talking about.

    On Oct 10, 2017 9:15 AM, "Stealth Mode" <[hidden email]
    <mailto:[hidden email]>> wrote:

        This email is fine for a POC. Far as the exploit, for those who
        arent familiar, this is an example.

        https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/
        <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/>

        On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
        <[hidden email] <mailto:[hidden email]>> wrote:

            Do you have a POC?


            *From: * Stealth Mode <[hidden email]
            <mailto:[hidden email]>>
            *To: * <[hidden email]
            <mailto:[hidden email]>>
            *Sent: * 10/10/2017 12:44 AM
            *Subject: * Re: [Csgo_servers] Custom files exploit

                Yes, IT skills. Electronics skills. And old school
                knowledge of how to inject image files with malicious
                code (NetSec/ITSec). This is an older style of
                "hacking". Remember those warnings about clicking
                download attachments from the 90s onward? Same thing
                still applies. Except, there is no detection for any
                hlds/go server, so an injected image can contaminate a
                server cache. Which in turn will infect clients. Any
                image file, any data file really, can be modified like
                this. Willing to bet good money those $500. go weapon
                skins have hack code scripted and injected into the image.


                On Mon, Oct 9, 2017 at 11:59 AM, iNilo
                <[hidden email] <mailto:[hidden email]>>
                wrote:

                    Sure,

                    But you have anything to back this up? (don't take
                    it the wrong way)

                    Nilo.

                    2017-10-09 16:54 GMT+02:00 Stealth Mode
                    <[hidden email]
                    <mailto:[hidden email]>>:

                        Headsup admins/owners. Might want to disable
                        custom files till valve addresses this issue
                        brought to their attention a month ago.
                        There is an exploit where any client with minor
                        skill can inject custom files with all types of
                        malicious code. From hacks in weapon skins, to
                        ransomware in custom .bsp, to remote backdoors
                        in custom spray paints.

                        The exploit is injecting code into any image,
                        sound, or data file. You can take weapon skins
                        (csgo), sound files, spray paint image files,
                        even .bsp/etc. and inject hack code, or actual
                        ransomware, viruses, or Trojans/rootkits
                        directly into a server cache, or client cache
                        via the custom file.

                        Might want to disable custom files till valve
                        decides to correct this issue.

                        -StealthMode

                        _______________________________________________
                        Csgo_servers mailing list
                        [hidden email]
                        <mailto:[hidden email]>
                        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



                    _______________________________________________
                    Csgo_servers mailing list
                    [hidden email]
                    <mailto:[hidden email]>
                    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




                _______________________________________________
                Csgo_servers mailing list
                [hidden email]
                <mailto:[hidden email]>
                https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
                <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


            _______________________________________________
            Csgo_servers mailing list
            [hidden email]
            <mailto:[hidden email]>
            https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
            <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>



        _______________________________________________
        Csgo_servers mailing list
        [hidden email]
        <mailto:[hidden email]>
        https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
        <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>


    _______________________________________________
    Csgo_servers mailing list
    [hidden email]
    <mailto:[hidden email]>
    https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
    <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers>




_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

PistonMiner
In reply to this post by Stealth Mode

If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.)

-- 
PistonMiner (Linus S.)

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Stealth Mode
In reply to this post by Joe Brown
@Joe

The potential is so good that you can literally execute any bash/batch script you want calling to whatever file/function you want. That is why I am not stating any specific part. The exploit is the custom file. The potential misuse can be a range of things. From benign game hacks, to system, and network exploiting root priveleges, to background installation of ransomware, or other malicious malware. This is why I did not go into specifics other than code injection into the custom files. In my example, I popped a shell up on the server, a cmd window that said "Have a nice day!". I shouldn't need to go into specifics, as all server company owners, and admins should know what I am referencing. 

Last msg today, got to go.

-StealthMode

On Tue, Oct 10, 2017 at 10:54 AM, Joe Brown <[hidden email]> wrote:
If you are pointing to an exploit, you should be able to replicate the exploit and maybe even go further to give what function resulted in this exploit (not checking types, not sanitizing input, etc.) There should also be a description on what the exploit leads to (Remote Code Execution, Denial of Service, etc)

From: Csgo_servers <[hidden email]> on behalf of thedudeguy1 <[hidden email]>
Sent: Tuesday, October 10, 2017 10:38 AM
To: [hidden email]
Subject: Re: [Csgo_servers] Custom files exploit
 
Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

David
In reply to this post by PistonMiner
I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test

Sent from my iPhone

On 10 Oct 2017, at 16:01, PistonMiner <[hidden email]> wrote:

If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.)

-- 
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

PistonMiner
The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

On 10.10.2017 17:08, Vaya wrote:
I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test

Sent from my iPhone

On 10 Oct 2017, at 16:01, PistonMiner <[hidden email]> wrote:

If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.)

-- 
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

-- 
PistonMiner (Linus S.)

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Nomaan Ahmad
Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif

On 10 Oct 2017 4:29 pm, "PistonMiner" <[hidden email]> wrote:
The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

On 10.10.2017 17:08, Vaya wrote:
I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test

Sent from my iPhone

On 10 Oct 2017, at 16:01, PistonMiner <[hidden email]> wrote:

If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.)

-- 
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

-- 
PistonMiner (Linus S.)

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|

Re: Custom files exploit

Ryan Bentley
My sides at this thread. At first I just rolled my eyes but now I actually believe that Stealth Mode is either a troll or delusional. Please stop saying "ITSec". Any first year CS student knows what PoC is but you don't? Please.

You are embarrassing yourself. Which institution did you get your degree? It must be a very old BSc indeed. You talk complete nonsense and have a fundamental misunderstanding of basic computer science tenets.

On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[hidden email]> wrote:
Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif

On 10 Oct 2017 4:29 pm, "PistonMiner" <[hidden email]> wrote:
The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

On 10.10.2017 17:08, Vaya wrote:
I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test

Sent from my iPhone

On 10 Oct 2017, at 16:01, PistonMiner <[hidden email]> wrote:

If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.)

-- 
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

-- 
PistonMiner (Linus S.)

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
123