@GEO Some care, and arent as immature about it. You should be bannished from this list for attempting to provoke members.
@Thomas AMX reference was just a reference about sql database injections. As it has vulnerabilities as well. Fact is, the image itself can be used to inject the servers sql database. Or any other file. Like the users, superusers, system registry, or linux user list. Off to work, thanks to those who understand, and requested information. Grow up to those who denounce with no education in the field. -StealthMode On Tue, Oct 10, 2017 at 10:50 AM, Geo B. <bachel...@gmail.com> wrote: > @stealthmode thanks to stop spamming us with your (soon to be) knowledges. > We know get it, you studied Cisco, Networking, ITsec, IPsec, infowar but > in fact, nobody care. > > Thanks > > > > > > 2017-10-10 16:42 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > >> Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump >> chumps ring a bell? I don't have time tbh to provide anything other than >> information. This is a side issue I discovered on my own lan server using a >> .gif spray paint image. It can be replicated. Build a graphics file, inject >> it with a script to execute a shell window, and display a message, xxxx has >> set us up the bomb. Inject into the image file, select as a spray paint. >> Spray it on your server, log into your server, look at the shell window. >> >> Have a nice day. Off to work. >> >> -StealthMode >> >> On Tue, Oct 10, 2017 at 10:29 AM, epi <ow...@tf.heybey.org> wrote: >> >>> PoC stands for Proof of Concept. We are asking you to provide proof that >>> you are not just pasting random articles on PHP. You have yet to show us >>> anything that would trigger any issues in srcds. >>> >>> On 10/10/2017 10:26 AM, Stealth Mode wrote: >>> >>>> POC far as I know is always Point Of Contact. Or Professional Overseas >>>> Contractor. >>>> >>>> Unless you are referring to Packet Order Correction in reference to >>>> networking. Which yes, even then, does not apply in this situation. >>>> >>>> -StealthMode >>>> >>>> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com >>>> <mailto:mumphs...@gmail.com>> wrote: >>>> >>>> Did you read how that's actually exploited? It would require another >>>> malicious script to parse the exif tag and eval some PHP. How >>>> exactly would a similar situation occur on a hosted game server? Do >>>> you have a poc? You say this email chain is one but I dont think you >>>> quite know what you're talking about. >>>> >>>> On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com >>>> <mailto:stealthmode1...@gmail.com>> wrote: >>>> >>>> This email is fine for a POC. Far as the exploit, for those who >>>> arent familiar, this is an example. >>>> >>>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-W >>>> ebshell-Backdoor-Code-in-Image-Files/ >>>> <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >>>> Webshell-Backdoor-Code-in-Image-Files/> >>>> >>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. >>>> <sai...@specialattack.net <mailto:sai...@specialattack.net>> >>>> wrote: >>>> >>>> Do you have a POC? >>>> >>>> >>>> *From: * Stealth Mode <stealthmode1...@gmail.com >>>> <mailto:stealthmode1...@gmail.com>> >>>> *To: * <csgo_servers@list.valvesoftware.com >>>> <mailto:csgo_servers@list.valvesoftware.com>> >>>> *Sent: * 10/10/2017 12:44 AM >>>> *Subject: * Re: [Csgo_servers] Custom files exploit >>>> >>>> Yes, IT skills. Electronics skills. And old school >>>> knowledge of how to inject image files with malicious >>>> code (NetSec/ITSec). This is an older style of >>>> "hacking". Remember those warnings about clicking >>>> download attachments from the 90s onward? Same thing >>>> still applies. Except, there is no detection for any >>>> hlds/go server, so an injected image can contaminate a >>>> server cache. Which in turn will infect clients. Any >>>> image file, any data file really, can be modified like >>>> this. Willing to bet good money those $500. go weapon >>>> skins have hack code scripted and injected into the >>>> image. >>>> >>>> >>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo >>>> <inilo.in...@gmail.com <mailto:inilo.in...@gmail.com>> >>>> wrote: >>>> >>>> Sure, >>>> >>>> But you have anything to back this up? (don't take >>>> it the wrong way) >>>> >>>> Nilo. >>>> >>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode >>>> <stealthmode1...@gmail.com >>>> <mailto:stealthmode1...@gmail.com>>: >>>> >>>> Headsup admins/owners. Might want to disable >>>> custom files till valve addresses this issue >>>> brought to their attention a month ago. >>>> There is an exploit where any client with minor >>>> skill can inject custom files with all types of >>>> malicious code. From hacks in weapon skins, to >>>> ransomware in custom .bsp, to remote backdoors >>>> in custom spray paints. >>>> >>>> The exploit is injecting code into any image, >>>> sound, or data file. You can take weapon skins >>>> (csgo), sound files, spray paint image files, >>>> even .bsp/etc. and inject hack code, or actual >>>> ransomware, viruses, or Trojans/rootkits >>>> directly into a server cache, or client cache >>>> via the custom file. >>>> >>>> Might want to disable custom files till valve >>>> decides to correct this issue. >>>> >>>> -StealthMode >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com >>>> /cgi-bin/mailman/listinfo/csgo_servers >>>> <https://list.valvesoftware.co >>>> m/cgi-bin/mailman/listinfo/csgo_servers> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com >>>> /cgi-bin/mailman/listinfo/csgo_servers >>>> <https://list.valvesoftware.co >>>> m/cgi-bin/mailman/listinfo/csgo_servers> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com >>>> /cgi-bin/mailman/listinfo/csgo_servers >>>> <https://list.valvesoftware.co >>>> m/cgi-bin/mailman/listinfo/csgo_servers> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com >>>> /cgi-bin/mailman/listinfo/csgo_servers >>>> <https://list.valvesoftware.co >>>> m/cgi-bin/mailman/listinfo/csgo_servers> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >>>> _servers >>>> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >>>> o_servers> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> <mailto:Csgo_servers@list.valvesoftware.com> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >>>> _servers >>>> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >>>> o_servers> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
