One last example, even references POC for those that wish to read. I have work to do so I will be unable to reply until later this evening, or tommorow. Currently working on securing electronics in IT infrastructure from binary injections below the JTAG/Hardware Protection Layer. Have a good day.
http://securityaffairs.co/wordpress/36130/hacking/malicious-jpeg-hack-corporate-networks.html -StealthMode On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com> wrote: > Did you read how that's actually exploited? It would require another > malicious script to parse the exif tag and eval some PHP. How exactly would > a similar situation occur on a hosted game server? Do you have a poc? You > say this email chain is one but I dont think you quite know what you're > talking about. > > On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > >> This email is fine for a POC. Far as the exploit, for those who arent >> familiar, this is an example. >> >> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/ >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>> inject image files with malicious code (NetSec/ITSec). This is an older >>> style of "hacking". Remember those warnings about clicking download >>> attachments from the 90s onward? Same thing still applies. Except, there is >>> no detection for any hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any image file, any data >>> file really, can be modified like this. Willing to bet good money those >>> $500. go weapon skins have hack code scripted and injected into the image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
