Re: [hlds] Script kiddies abusing A2C_PRINT
You reported that weeks ago. Who gives a shit if we're posting it in the wild? There's a fix already and Valve just need to hurry the fuck up and patch it. Sent from my iPhone On 4 May 2009, at 02:17, Unknown | zD. unknow...@gmail.com wrote: Can you guys just stop saying / posting the exploit / command / packet capture in the wild? coz I have reported the issue to valve already and they have replied to me by saying this 3 « MESSAGE BY DWIGHT ON TUE, 28TH APR 2009 3:24 PM » Hello, Thank you very much for bringing this to our attention. Your comments will be passed along accordingly. It is much appreciated. And make sure that you have done any one of the following thing before its get fixed ... - Disable the beep sound driver (beep.sys) by delete it or disable it via devmgmt.msc when showing the hidden devices and non-PnP drivers - Start the server in GUI mode only In addition, you are always able to trace the hacker / DoSer by starting the server with -dev parameter. And yes, this command means Any to Client printing according to proto_oob.h (http://72.14.235.132/search?rlz=1C1GGLS_zh-TWHK324HK324sourceid=chromeie=UTF-8q=cache:http://www.inxbus.net/hldoc/d4/df7/proto__oob_8h-source.html ) and I guess valve is using this command for maintenance / backup usage when the normal encrypted protocol from the steam server does not work. So just clam down and stop asking about that I guess valve will have to fix it soon otherwise I will just make the exploit in public . I have asked for them to fix the problem alraedy. In addition, you are able to fix the problem by yourself too if you are able to modify the engine.dll search the following string in the engine.dll and patch it by replacing NULL character to the whole string or at least to the last %s. A2C_PRINT from %s : %s And ya, cs.rin.ru will not do any harmful thing on your machine if you don't piss off them . all they do is just printing some lulz strings atm but if they really want to DoS your server . they can replace the string by using some harmful characters . so just stop and clam down about that . otherwise I guess just more server operators will get in trouble soon as you guys have given out the command / exploit directly. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Security by obscurity is never a good idea. Thanks for posting, and thanks to Tony for the quick fix :) On Mon, May 4, 2009 at 04:54, Saul Rennison saul.renni...@gmail.com wrote: You reported that weeks ago. Who gives a shit if we're posting it in the wild? There's a fix already and Valve just need to hurry the fuck up and patch it. Sent from my iPhone On 4 May 2009, at 02:17, Unknown | zD. unknow...@gmail.com wrote: Can you guys just stop saying / posting the exploit / command / packet capture in the wild? coz I have reported the issue to valve already and they have replied to me by saying this 3 « MESSAGE BY DWIGHT ON TUE, 28TH APR 2009 3:24 PM » Hello, Thank you very much for bringing this to our attention. Your comments will be passed along accordingly. It is much appreciated. And make sure that you have done any one of the following thing before its get fixed ... - Disable the beep sound driver (beep.sys) by delete it or disable it via devmgmt.msc when showing the hidden devices and non-PnP drivers - Start the server in GUI mode only In addition, you are always able to trace the hacker / DoSer by starting the server with -dev parameter. And yes, this command means Any to Client printing according to proto_oob.h ( http://72.14.235.132/search?rlz=1C1GGLS_zh-TWHK324HK324sourceid=chromeie=UTF-8q=cache:http://www.inxbus.net/hldoc/d4/df7/proto__oob_8h-source.html ) and I guess valve is using this command for maintenance / backup usage when the normal encrypted protocol from the steam server does not work. So just clam down and stop asking about that I guess valve will have to fix it soon otherwise I will just make the exploit in public . I have asked for them to fix the problem alraedy. In addition, you are able to fix the problem by yourself too if you are able to modify the engine.dll search the following string in the engine.dll and patch it by replacing NULL character to the whole string or at least to the last %s. A2C_PRINT from %s : %s And ya, cs.rin.ru will not do any harmful thing on your machine if you don't piss off them . all they do is just printing some lulz strings atm but if they really want to DoS your server . they can replace the string by using some harmful characters . so just stop and clam down about that . otherwise I guess just more server operators will get in trouble soon as you guys have given out the command / exploit directly. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- -dave foster ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] Script kiddies abusing A2C_PRINT
It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
What's A2C_Print? There's nothing about that on the Developer Wiki. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Monday, 4 May 2009 6:46 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
I believe it was initially used to send messages from the master server to the game server. Also Azui... You forgot. Exploits must be reported Monday through Friday only! Now some fatty might google his way into the ability to freeze servers. On Sun, May 3, 2009 at 5:34 PM, Yaakov Smith m4ngr...@gmail.com wrote: What's A2C_Print? There's nothing about that on the Developer Wiki. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Monday, 4 May 2009 6:46 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
There are several other packets not listed on the developer wiki. Like the name suggests A2C_PRINT can be send from *A*ll (master, server, clients) to *C*lients, so servers should not be affected by this. Weird. On Mon, May 4, 2009 at 12:18 AM, 1nsane 1nsane...@gmail.com wrote: I believe it was initially used to send messages from the master server to the game server. Also Azui... You forgot. Exploits must be reported Monday through Friday only! Now some fatty might google his way into the ability to freeze servers. On Sun, May 3, 2009 at 5:34 PM, Yaakov Smith m4ngr...@gmail.com wrote: What's A2C_Print? There's nothing about that on the Developer Wiki. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Monday, 4 May 2009 6:46 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
It works on clients and servers. A2C_PRINT is 'l' it uses the generic connectionless message. On Sun, May 3, 2009 at 4:39 PM, Sebastian Staudt korak...@gmail.com wrote: There are several other packets not listed on the developer wiki. Like the name suggests A2C_PRINT can be send from *A*ll (master, server, clients) to *C*lients, so servers should not be affected by this. Weird. On Mon, May 4, 2009 at 12:18 AM, 1nsane 1nsane...@gmail.com wrote: I believe it was initially used to send messages from the master server to the game server. Also Azui... You forgot. Exploits must be reported Monday through Friday only! Now some fatty might google his way into the ability to freeze servers. On Sun, May 3, 2009 at 5:34 PM, Yaakov Smith m4ngr...@gmail.com wrote: What's A2C_Print? There's nothing about that on the Developer Wiki. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Monday, 4 May 2009 6:46 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
According to proto_oob.h, A2C means Any to Client. Techically the server is a client to the master server. Don't expect this bug to be fixed any time soon, folks. Sent from my iPhone On 4 May 2009, at 00:05, AzuiSleet azuisl...@gmail.com wrote: It works on clients and servers. A2C_PRINT is 'l' it uses the generic connectionless message. On Sun, May 3, 2009 at 4:39 PM, Sebastian Staudt korak...@gmail.com wrote: There are several other packets not listed on the developer wiki. Like the name suggests A2C_PRINT can be send from *A*ll (master, server, clients) to *C*lients, so servers should not be affected by this. Weird. On Mon, May 4, 2009 at 12:18 AM, 1nsane 1nsane...@gmail.com wrote: I believe it was initially used to send messages from the master server to the game server. Also Azui... You forgot. Exploits must be reported Monday through Friday only! Now some fatty might google his way into the ability to freeze servers. On Sun, May 3, 2009 at 5:34 PM, Yaakov Smith m4ngr...@gmail.com wrote: What's A2C_Print? There's nothing about that on the Developer Wiki. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of 1nsane Sent: Monday, 4 May 2009 6:46 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Oh fun. On Sun, May 3, 2009 at 2:55 PM, AzuiSleet azuisl...@gmail.com wrote: It seems people discovered the old A2C_PRINT UDP message and are spamming servers. http://screencast.com/t/JRYs3LglN Is there any chance Valve can fix this instead of us having to fix every exploit they ignore? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4049 (20090501) __ The message was checked by ESET Smart Security. http://www.eset.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
It doesn't freeze servers it merely prints a message in the server console. Although it can make them lag and beep using \x07. Sent from my iPhone On 4 May 2009, at 00:17, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
It doesn't freeze, the bell character \7 freezes when it's printed. On Sun, May 3, 2009 at 5:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Huh? You mean by using \b to cover up the A2C_PRINT from x.x.x.x:y : prefix? Using \r would just make a new line. Sent from my iPhone On 4 May 2009, at 00:32, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
So what would happen on the server if I sent Hello Everyone!? Would it appear in the console? ingame chat? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
I don't know what \b is, but \r is return, it puts the cursor at the start of the line. \n puts the cursor on a new line. On Sun, May 3, 2009 at 5:36 PM, Saul Rennison saul.renni...@gmail.comwrote: Huh? You mean by using \b to cover up the A2C_PRINT from x.x.x.x:y : prefix? Using \r would just make a new line. Sent from my iPhone On 4 May 2009, at 00:32, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
It is a very good idea to post exploits on HLDS. Only Azui does not run any servers. So that's kinda mute now... is it not? On Sun, May 3, 2009 at 7:37 PM, Cc2iscooL cc2isc...@gmail.com wrote: You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Good. Will make it a higher priority for Valve to gtfo their asses and fix some exploits for once. Sent from my iPhone On 4 May 2009, at 00:37, Cc2iscooL cc2isc...@gmail.com wrote: You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
It will appear in the server console only. Sent from my iPhone On 4 May 2009, at 00:36, Yaakov Smith m4ngr...@gmail.com wrote: So what would happen on the server if I sent Hello Everyone!? Would it appear in the console? ingame chat? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
\b is backspace. Sorry never knew about \r! Thanks :D Sent from my iPhone On 4 May 2009, at 00:40, AzuiSleet azuisl...@gmail.com wrote: I don't know what \b is, but \r is return, it puts the cursor at the start of the line. \n puts the cursor on a new line. On Sun, May 3, 2009 at 5:36 PM, Saul Rennison saul.renni...@gmail.comwrote: Huh? You mean by using \b to cover up the A2C_PRINT from x.x.x.x:y : prefix? Using \r would just make a new line. Sent from my iPhone On 4 May 2009, at 00:32, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
Never heard of it. deja vu. On Sun, May 3, 2009 at 7:51 PM, AzuiSleet azuisl...@gmail.com wrote: I run a very popular Garry's Mod server, you may have heard of it, NoxiousNet. Go ahead, try and DDoS me, I'm invincible. On Sun, May 3, 2009 at 5:41 PM, 1nsane 1nsane...@gmail.com wrote: It is a very good idea to post exploits on HLDS. Only Azui does not run any servers. So that's kinda mute now... is it not? On Sun, May 3, 2009 at 7:37 PM, Cc2iscooL cc2isc...@gmail.com wrote: You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
I run a very popular Garry's Mod server, you may have heard of it, NoxiousNet. Go ahead, try and DDoS me, I'm invincible. On Sun, May 3, 2009 at 5:41 PM, 1nsane 1nsane...@gmail.com wrote: It is a very good idea to post exploits on HLDS. Only Azui does not run any servers. So that's kinda mute now... is it not? On Sun, May 3, 2009 at 7:37 PM, Cc2iscooL cc2isc...@gmail.com wrote: You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
famous last words AzuiSleet wrote: I run a very popular Garry's Mod server, you may have heard of it, NoxiousNet. Go ahead, try and DDoS me, I'm invincible. On Sun, May 3, 2009 at 5:41 PM, 1nsane 1nsane...@gmail.com wrote: It is a very good idea to post exploits on HLDS. Only Azui does not run any servers. So that's kinda mute now... is it not? On Sun, May 3, 2009 at 7:37 PM, Cc2iscooL cc2isc...@gmail.com wrote: You guys do a good job of exposing your servers :) with this info the kiddies will get worse most likely since half the script kiddies watch this list for new commands to run. On 5/3/09, AzuiSleet azuisl...@gmail.com wrote: Or if you want to be really clever and cover up the message you can do \xFF\xFF\xFF\xFFl\rhello \n On Sun, May 3, 2009 at 5:29 PM, Saul Rennison saul.renni...@gmail.comwrote: All you do is send: FF FF FF FF 6C your message here Note the above is in hex ~_~. @AzuiSleet what do you mean? It freezes when it prints \x07, yes. AKA lags. Sent from my iPhone On 4 May 2009, at 00:23, 1nsane 1nsane...@gmail.com wrote: Sends messages. A quick search got this: A2C_PRINT from 68.142.72.250:27011 : No challenge for your address. A2C_PRINT from 72.165.61.189:27011 : No challenge for your address. Adding master at 72.165.61.189:27011 A2C_PRINT from 72.165.61.189:27011 : Bad challenge. Just a few examples of legit uses. On Sun, May 3, 2009 at 7:17 PM, Yaakov Smith m4ngr...@gmail.com wrote: But what does it actually do? (apart from freezing servers) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Script kiddies abusing A2C_PRINT
The valve automated reply robot is 'they'. I'm assuming the 'disable' beep.sys apply only to people who run a backyard dedicated servers and get annoyed with the beep, beep beep that happens when the server is in the same room as them and doesn't do much else? -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Unknown | zD. Sent: Monday, 4 May 2009 9:18 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] Script kiddies abusing A2C_PRINT Can you guys just stop saying / posting the exploit / command / packet capture in the wild? coz I have reported the issue to valve already and they have replied to me by saying this 3 « MESSAGE BY DWIGHT ON TUE, 28TH APR 2009 3:24 PM » Hello, Thank you very much for bringing this to our attention. Your comments will be passed along accordingly. It is much appreciated. And make sure that you have done any one of the following thing before its get fixed ... - Disable the beep sound driver (beep.sys) by delete it or disable it via devmgmt.msc when showing the hidden devices and non-PnP drivers - Start the server in GUI mode only In addition, you are always able to trace the hacker / DoSer by starting the server with -dev parameter. And yes, this command means Any to Client printing according to proto_oob.h (http://72.14.235.132/search?rlz=1C1GGLS_zh-TWHK324HK324sourceid=chromeie= UTF-8q=cache:http://www.inxbus.net/hldoc/d4/df7/proto__oob_8h-source.html) and I guess valve is using this command for maintenance / backup usage when the normal encrypted protocol from the steam server does not work. So just clam down and stop asking about that I guess valve will have to fix it soon otherwise I will just make the exploit in public . I have asked for them to fix the problem alraedy. In addition, you are able to fix the problem by yourself too if you are able to modify the engine.dll search the following string in the engine.dll and patch it by replacing NULL character to the whole string or at least to the last %s. A2C_PRINT from %s : %s And ya, cs.rin.ru will not do any harmful thing on your machine if you don't piss off them . all they do is just printing some lulz strings atm but if they really want to DoS your server . they can replace the string by using some harmful characters . so just stop and clam down about that . otherwise I guess just more server operators will get in trouble soon as you guys have given out the command / exploit directly. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
