@stealthmode thanks to stop spamming us with your (soon to be) knowledges. We know get it, you studied Cisco, Networking, ITsec, IPsec, infowar but in fact, nobody care.
Thanks 2017-10-10 16:42 GMT+02:00 Stealth Mode <[email protected]>: > Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump > chumps ring a bell? I don't have time tbh to provide anything other than > information. This is a side issue I discovered on my own lan server using a > .gif spray paint image. It can be replicated. Build a graphics file, inject > it with a script to execute a shell window, and display a message, xxxx has > set us up the bomb. Inject into the image file, select as a spray paint. > Spray it on your server, log into your server, look at the shell window. > > Have a nice day. Off to work. > > -StealthMode > > On Tue, Oct 10, 2017 at 10:29 AM, epi <[email protected]> wrote: > >> PoC stands for Proof of Concept. We are asking you to provide proof that >> you are not just pasting random articles on PHP. You have yet to show us >> anything that would trigger any issues in srcds. >> >> On 10/10/2017 10:26 AM, Stealth Mode wrote: >> >>> POC far as I know is always Point Of Contact. Or Professional Overseas >>> Contractor. >>> >>> Unless you are referring to Packet Order Correction in reference to >>> networking. Which yes, even then, does not apply in this situation. >>> >>> -StealthMode >>> >>> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Did you read how that's actually exploited? It would require another >>> malicious script to parse the exif tag and eval some PHP. How >>> exactly would a similar situation occur on a hosted game server? Do >>> you have a poc? You say this email chain is one but I dont think you >>> quite know what you're talking about. >>> >>> On Oct 10, 2017 9:15 AM, "Stealth Mode" <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> This email is fine for a POC. Far as the exploit, for those who >>> arent familiar, this is an example. >>> >>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-W >>> ebshell-Backdoor-Code-in-Image-Files/ >>> <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >>> Webshell-Backdoor-Code-in-Image-Files/> >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. >>> <[email protected] <mailto:[email protected]>> >>> wrote: >>> >>> Do you have a POC? >>> >>> >>> *From: * Stealth Mode <[email protected] >>> <mailto:[email protected]>> >>> *To: * <[email protected] >>> <mailto:[email protected]>> >>> *Sent: * 10/10/2017 12:44 AM >>> *Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school >>> knowledge of how to inject image files with malicious >>> code (NetSec/ITSec). This is an older style of >>> "hacking". Remember those warnings about clicking >>> download attachments from the 90s onward? Same thing >>> still applies. Except, there is no detection for any >>> hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any >>> image file, any data file really, can be modified like >>> this. Willing to bet good money those $500. go weapon >>> skins have hack code scripted and injected into the >>> image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo >>> <[email protected] <mailto:[email protected]>> >>> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take >>> it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode >>> <[email protected] >>> <mailto:[email protected]>>: >>> >>> Headsup admins/owners. Might want to disable >>> custom files till valve addresses this issue >>> brought to their attention a month ago. >>> There is an exploit where any client with minor >>> skill can inject custom files with all types of >>> malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors >>> in custom spray paints. >>> >>> The exploit is injecting code into any image, >>> sound, or data file. You can take weapon skins >>> (csgo), sound files, spray paint image files, >>> even .bsp/etc. and inject hack code, or actual >>> ransomware, viruses, or Trojans/rootkits >>> directly into a server cache, or client cache >>> via the custom file. >>> >>> Might want to disable custom files till valve >>> decides to correct this issue. >>> >>> -StealthMode >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com >>> /cgi-bin/mailman/listinfo/csgo_servers >>> <https://list.valvesoftware.co >>> m/cgi-bin/mailman/listinfo/csgo_servers> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com >>> /cgi-bin/mailman/listinfo/csgo_servers >>> <https://list.valvesoftware.co >>> m/cgi-bin/mailman/listinfo/csgo_servers> >>> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com >>> /cgi-bin/mailman/listinfo/csgo_servers >>> <https://list.valvesoftware.co >>> m/cgi-bin/mailman/listinfo/csgo_servers> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >>> _servers >>> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >>> o_servers> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >>> _servers >>> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >>> o_servers> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >>> o_servers> >>> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
