Re: [hlds] Source Engine Upload/Download POC
Anyone had any word from Valve on this? I'd rather not install a load of plugins to try to stop people hacking my server. garry ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
You can prevent most damage by simply locking down your addons, cfg, scripts directories so they cannot be written into by srcds. The plug-in basically does this, but with the added bonus of logging evil players hack attempts. - voogru. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Garry Newman Sent: Wednesday, December 02, 2009 6:32 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Source Engine Upload/Download POC Anyone had any word from Valve on this? I'd rather not install a load of plugins to try to stop people hacking my server. garry ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Unfortunately a fair number of garrysmod servers run ULX admin mod by the Ulyssesmod team so I'm not too sure the plugin would work. For now we've locked down our servers using the suggested folder tweaks. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Spencer 'voogru' MacDonald Sent: Thursday, 3 December 2009 11:12 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Source Engine Upload/Download POC You can prevent most damage by simply locking down your addons, cfg, scripts directories so they cannot be written into by srcds. The plug-in basically does this, but with the added bonus of logging evil players hack attempts. - voogru. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Garry Newman Sent: Wednesday, December 02, 2009 6:32 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Source Engine Upload/Download POC Anyone had any word from Valve on this? I'd rather not install a load of plugins to try to stop people hacking my server. garry ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] Source Engine Upload/Download POC
It seems the upload/download exploits aren't dead yet, and Valve didn't do a good job at patching them. A blacklist didn't work too well. Here is a serverplugin POC to upload and download files. It's fairly trivial to use: download_file cfg/server.cfg upload_file addons/serverplugin_sample.dll upload_file doesn't work in TF2, but download_file does. I'm told you can upload DLLs in Gmod and L4D2. Credit to Chrisaster and the rest of the Gmod scene. Codename Source Engine Suck Server Pwner in memory of nitro2o: http://dl.dropbox.com/u/759758/sourcenginesuck_serverowner.7z Source: http://azu.pastebin.com/m1cd1ab0b ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
You're better off blocking your game server's TCP port. On Sun, Nov 29, 2009 at 7:51 AM, Michael Krasnow mnk...@mnkras.com wrote: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.com wrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Shell/RDP account. Cryptography key. RCON port blocked/filtered to a specific IP. Winrar. Michael Krasnow wrote: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Good idea i think thats a bit easier :) On Sun, Nov 29, 2009 at 11:13 AM, w4rezz w4r...@gmail.com wrote: Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.com wrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
You could upload a plugin which dumped Rcon and password data to a certain PHP page to the server, then crash the server (several known crashing exploits) to make the plugin auto-load. It's like a server root-kit lol. On Sunday, November 29, 2009, w4rezz w4r...@gmail.com wrote: Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
Read the OP... On Sunday, November 29, 2009, Aaron A. Maricic pennsta...@gmail.com wrote: Does this apply to L4D / L4D2? AzuiSleet wrote: It seems the upload/download exploits aren't dead yet, and Valve didn't do a good job at patching them. A blacklist didn't work too well. Here is a serverplugin POC to upload and download files. It's fairly trivial to use: download_file cfg/server.cfg upload_file addons/serverplugin_sample.dll upload_file doesn't work in TF2, but download_file does. I'm told you can upload DLLs in Gmod and L4D2. Credit to Chrisaster and the rest of the Gmod scene. Codename Source Engine Suck Server Pwner in memory of nitro2o: http://dl.dropbox.com/u/759758/sourcenginesuck_serverowner.7z Source: http://azu.pastebin.com/m1cd1ab0b ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Source Engine Upload/Download POC
I've upgraded my previously released patch for this exploit now too. http://forums.alliedmods.net/showthread.php?t=109453 Basically what this plug-in does is prevents downloading or uploading anything into sensitive directories. All requests will be logged, bad requests will be logged as illegal and report the players steamid and ip so you can banninate them. - voogru. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Saul Rennison Sent: Sunday, November 29, 2009 3:00 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Source Engine Upload/Download POC You could upload a plugin which dumped Rcon and password data to a certain PHP page to the server, then crash the server (several known crashing exploits) to make the plugin auto-load. It's like a server root-kit lol. On Sunday, November 29, 2009, w4rezz w4r...@gmail.com wrote: Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Thanks, - Saul. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
