Just because something is in memory doesn't mean it's executing code.. that's not how memory works.
Good luck at your conference :) On Oct 10, 2017 9:33 AM, "Stealth Mode" <[email protected]> wrote: > Actually the parsing involves the operating system and how the os > rendering occurs is dependent upon software, or hardware rendering. Which > is universal. If you know OSI layer, then you know once it is transported, > and in the server cache (memory) it is already executing. > > On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <[email protected]> wrote: > >> Just because you can upload a file doesn't mean the server will parse it >> in a way that would compromise it. That's not how it works. There's a >> reason why most of your examples are around exploiting php applications. >> >> On Oct 10, 2017 9:20 AM, "Stealth Mode" <[email protected]> >> wrote: >> >>> Another set of examples.... >>> >>> https://securelist.com/png-embedded-malicious-payload-hidden >>> -in-a-png-file/74297/ >>> >>> https://phocean.net/2013/09/29/file-upload-vulnerabilities-a >>> ppending-php-code-to-an-image.html >>> >>> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili >>> ty-exploitation/ >>> >>> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection >>> >>> Really good book on image file injections... >>> >>> https://books.google.com/books?id=lG_XdxA5LRUC&pg=PA21&lpg=P >>> A21&dq=image+file+injection+compromsing+server&source=bl&ots >>> =E_qdLyJY3C&sig=8BSYFi3AukgoccEcujtnrdeoR4Y&hl=en&sa=X&ved= >>> 0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage&q=image% >>> 20file%20injection%20compromsing%20server&f=false >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <[email protected]> >>> wrote: >>> >>>> Do you have a POC? >>>> >>>> >>>> * From: * Stealth Mode <[email protected]> >>>> * To: * <[email protected]> >>>> * Sent: * 10/10/2017 12:44 AM >>>> * Subject: * Re: [Csgo_servers] Custom files exploit >>>> >>>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>>> inject image files with malicious code (NetSec/ITSec). This is an older >>>> style of "hacking". Remember those warnings about clicking download >>>> attachments from the 90s onward? Same thing still applies. Except, there is >>>> no detection for any hlds/go server, so an injected image can contaminate a >>>> server cache. Which in turn will infect clients. Any image file, any data >>>> file really, can be modified like this. Willing to bet good money those >>>> $500. go weapon skins have hack code scripted and injected into the image. >>>> >>>> >>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <[email protected]> wrote: >>>> >>>> Sure, >>>> >>>> But you have anything to back this up? (don't take it the wrong way) >>>> >>>> Nilo. >>>> >>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <[email protected]>: >>>> >>>> Headsup admins/owners. Might want to disable custom files till valve >>>> addresses this issue brought to their attention a month ago. >>>> There is an exploit where any client with minor skill can inject custom >>>> files with all types of malicious code. From hacks in weapon skins, to >>>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>>> >>>> The exploit is injecting code into any image, sound, or data file. You >>>> can take weapon skins (csgo), sound files, spray paint image files, even >>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>>> Trojans/rootkits directly into a server cache, or client cache via the >>>> custom file. >>>> >>>> Might want to disable custom files till valve decides to correct this >>>> issue. >>>> >>>> -StealthMode >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
