Re: [Csgo_servers] Custom files exploit

[Ivan Petrovic]

#purgethemailinglist

On Tue, Oct 10, 2017 at 7:13 PM, Ryan Bentley  wrote:

> Cringe. Please get self-aware and realize how transparent you are. Any 21
> year old CS grad can see how stupid this thread is.
>
> On Wed, Oct 11, 2017 at 2:29 AM, Stealth Mode 
> wrote:
>
>> Available for contract for PenTesting/SecurityAudits, Datacenter
>> Migrations, and other IT infrastructure purposes. At the websites listed in
>> an earlier mailing.
>>
>> /tips grey hat (only don the blackhat for government contracts) and exits
>>
>>
>> No further communications. End of conversation.
>>
>> -StealthMode
>>
>> On Oct 10, 2017 14:00, "Ryan Bentley"  wrote:
>>
>> ITSec. PoC.
>>
>> Sincerely,
>> Ryan "ExpertMode" Bentley
>> Independent IT Field Engineer
>>
>>
>> On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis 
>> wrote:
>>
>>> hello I have injected a JavaScript into this email you are all now hacked
>>>
>>> what do you mean it won't run without an actual vulnerability
>>>
>>> you're super mega hacked
>>>
>>> 
>>>
>>> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>>>
 I frankly don't care what / where / how you work, or what you have
 studied.

 The only thing I know is that this is clearly the wrong channel to do
 argue/disclose/chat about.

 http://www.valvesoftware.com/security/

 Hopefully you get thanked in a patch note, if not I'm sure the entire
 community will be grateful that you disclosed a major security issue to the
 people that *actually *get paid to take care of this.

 Thanks.



 2017-10-10 18:54 GMT+02:00 Saint K. :

> Christopher,
>
>
>
> I work in “the field” as you like to call it. It’s customary to
> explain the exploit in detail and provide proof the concept (hence the
> request for a PoC) in any form or way.
>
>
>
> Please demonstrate the issue, it be by posting the offending code, you
> recording a video showing a working exploit, or anything along these 
> lines.
>
>
>
> You should know this, if you work in “the field”.
>
>
>
> Regards,
>
>
>
> Saint K.
>
>
>
> *From:* Csgo_servers [mailto:csgo_servers-bounces@l
> ist.valvesoftware.com] *On Behalf Of *Stealth Mode
> *Sent:* 10 October 2017 18:34
> *To:* csgo_servers@list.valvesoftware.com
> *Subject:* Re: [Csgo_servers] Custom files exploit
>
>
>
> @Ryan, etc.
>
>
>
> I studied radio electronics before IT was a thing. NetSec and ITSec go
> hand in hand. My credentials aren't CS, because CS was radio electronics.
> The industry hasn't changed, just a little more vulnerable. Not like I am
> specifically stating how to inject code, or what code to inject on a 
> public
> mailing list. Don't need to. Professionals here know what I am referring
> to. I guess the rest do not have the knowledge to understand what the
> exploit can actually do. You are aware. That is all that matters. Don't
> secure your servers, that is on you. When they get exploited, that is on
> you.
>
>
>
> Have a nice day! End of discussion. No further communications.
>
>
>
> Sincerely,
>
> Christopher "StealthMode" Stephen Larkins
>
> Independent IT Field Engineer
>
> fieldnation.com
>
> workmarket.com
>
> onforce.com
>
> clearancejobs.com
>
>
>
>
>
> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley 
> wrote:
>
> My sides at this thread. At first I just rolled my eyes but now I
> actually believe that Stealth Mode is either a troll or delusional. Please
> stop saying "ITSec". Any first year CS student knows what PoC is but you
> don't? Please.
>
> You are embarrassing yourself. Which institution did you get your
> degree? It must be a very old BSc indeed. You talk complete nonsense and
> have a fundamental misunderstanding of basic computer science tenets.
>
>
>
> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
> wrote:
>
> Nice hat there. Stealth might get this one though:
> https://i.imgur.com/329jfXt.gif
>
>
>
> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>
> The person in question should never have written a message about an
> open vulnerability into a public mailing list in the first place. Just
> because they did doesn't mean that you should ask for PoCs in public
> mailing lists, there's a multitude of issues with that.
> To make it perfectly clear, I'm not defending this person, I seriously
> doubt the seriousness of their statements and a lot of what they're saying
> makes no sense at all and looks like 

Re: [Csgo_servers] Custom files exploit

[Ryan Bentley]

Cringe. Please get self-aware and realize how transparent you are. Any 21
year old CS grad can see how stupid this thread is.

On Wed, Oct 11, 2017 at 2:29 AM, Stealth Mode 
wrote:

> Available for contract for PenTesting/SecurityAudits, Datacenter
> Migrations, and other IT infrastructure purposes. At the websites listed in
> an earlier mailing.
>
> /tips grey hat (only don the blackhat for government contracts) and exits
>
>
> No further communications. End of conversation.
>
> -StealthMode
>
> On Oct 10, 2017 14:00, "Ryan Bentley"  wrote:
>
> ITSec. PoC.
>
> Sincerely,
> Ryan "ExpertMode" Bentley
> Independent IT Field Engineer
>
>
> On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis 
> wrote:
>
>> hello I have injected a JavaScript into this email you are all now hacked
>>
>> what do you mean it won't run without an actual vulnerability
>>
>> you're super mega hacked
>>
>> 
>>
>> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>>
>>> I frankly don't care what / where / how you work, or what you have
>>> studied.
>>>
>>> The only thing I know is that this is clearly the wrong channel to do
>>> argue/disclose/chat about.
>>>
>>> http://www.valvesoftware.com/security/
>>>
>>> Hopefully you get thanked in a patch note, if not I'm sure the entire
>>> community will be grateful that you disclosed a major security issue to the
>>> people that *actually *get paid to take care of this.
>>>
>>> Thanks.
>>>
>>>
>>>
>>> 2017-10-10 18:54 GMT+02:00 Saint K. :
>>>
 Christopher,



 I work in “the field” as you like to call it. It’s customary to explain
 the exploit in detail and provide proof the concept (hence the request for
 a PoC) in any form or way.



 Please demonstrate the issue, it be by posting the offending code, you
 recording a video showing a working exploit, or anything along these lines.



 You should know this, if you work in “the field”.



 Regards,



 Saint K.



 *From:* Csgo_servers [mailto:csgo_servers-bounces@l
 ist.valvesoftware.com] *On Behalf Of *Stealth Mode
 *Sent:* 10 October 2017 18:34
 *To:* csgo_servers@list.valvesoftware.com
 *Subject:* Re: [Csgo_servers] Custom files exploit



 @Ryan, etc.



 I studied radio electronics before IT was a thing. NetSec and ITSec go
 hand in hand. My credentials aren't CS, because CS was radio electronics.
 The industry hasn't changed, just a little more vulnerable. Not like I am
 specifically stating how to inject code, or what code to inject on a public
 mailing list. Don't need to. Professionals here know what I am referring
 to. I guess the rest do not have the knowledge to understand what the
 exploit can actually do. You are aware. That is all that matters. Don't
 secure your servers, that is on you. When they get exploited, that is on
 you.



 Have a nice day! End of discussion. No further communications.



 Sincerely,

 Christopher "StealthMode" Stephen Larkins

 Independent IT Field Engineer

 fieldnation.com

 workmarket.com

 onforce.com

 clearancejobs.com





 On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley 
 wrote:

 My sides at this thread. At first I just rolled my eyes but now I
 actually believe that Stealth Mode is either a troll or delusional. Please
 stop saying "ITSec". Any first year CS student knows what PoC is but you
 don't? Please.

 You are embarrassing yourself. Which institution did you get your
 degree? It must be a very old BSc indeed. You talk complete nonsense and
 have a fundamental misunderstanding of basic computer science tenets.



 On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
 wrote:

 Nice hat there. Stealth might get this one though:
 https://i.imgur.com/329jfXt.gif



 On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:

 The person in question should never have written a message about an
 open vulnerability into a public mailing list in the first place. Just
 because they did doesn't mean that you should ask for PoCs in public
 mailing lists, there's a multitude of issues with that.
 To make it perfectly clear, I'm not defending this person, I seriously
 doubt the seriousness of their statements and a lot of what they're saying
 makes no sense at all and looks like trying to maintain an image of
 competence while knowing little, but responsible disclosure still applies.
 If this person has a vulnerability to report, they should do so with the
 information listed at http://www.valvesoftware.com/security/.
 And I think I 

Re: [Csgo_servers] Custom files exploit

[Nomaan Ahmad]

Can you please not spam this thread with your advertisements? It's getting
rather annoying. Don't think anyone is interested here.
Submit PoC to Valve and kindly take a hike.

On 11 October 2017 at 02:29, Stealth Mode  wrote:

> Available for contract for PenTesting/SecurityAudits, Datacenter
> Migrations, and other IT infrastructure purposes. At the websites listed in
> an earlier mailing.
>
> /tips grey hat (only don the blackhat for government contracts) and exits
>
>
> No further communications. End of conversation.
>
> -StealthMode
>
> On Oct 10, 2017 14:00, "Ryan Bentley"  wrote:
>
> ITSec. PoC.
>
> Sincerely,
> Ryan "ExpertMode" Bentley
> Independent IT Field Engineer
>
>
> On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis 
> wrote:
>
>> hello I have injected a JavaScript into this email you are all now hacked
>>
>> what do you mean it won't run without an actual vulnerability
>>
>> you're super mega hacked
>>
>> 
>>
>> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>>
>>> I frankly don't care what / where / how you work, or what you have
>>> studied.
>>>
>>> The only thing I know is that this is clearly the wrong channel to do
>>> argue/disclose/chat about.
>>>
>>> http://www.valvesoftware.com/security/
>>>
>>> Hopefully you get thanked in a patch note, if not I'm sure the entire
>>> community will be grateful that you disclosed a major security issue to the
>>> people that *actually *get paid to take care of this.
>>>
>>> Thanks.
>>>
>>>
>>>
>>> 2017-10-10 18:54 GMT+02:00 Saint K. :
>>>
 Christopher,



 I work in “the field” as you like to call it. It’s customary to explain
 the exploit in detail and provide proof the concept (hence the request for
 a PoC) in any form or way.



 Please demonstrate the issue, it be by posting the offending code, you
 recording a video showing a working exploit, or anything along these lines.



 You should know this, if you work in “the field”.



 Regards,



 Saint K.



 *From:* Csgo_servers [mailto:csgo_servers-bounces@l
 ist.valvesoftware.com] *On Behalf Of *Stealth Mode
 *Sent:* 10 October 2017 18:34
 *To:* csgo_servers@list.valvesoftware.com
 *Subject:* Re: [Csgo_servers] Custom files exploit



 @Ryan, etc.



 I studied radio electronics before IT was a thing. NetSec and ITSec go
 hand in hand. My credentials aren't CS, because CS was radio electronics.
 The industry hasn't changed, just a little more vulnerable. Not like I am
 specifically stating how to inject code, or what code to inject on a public
 mailing list. Don't need to. Professionals here know what I am referring
 to. I guess the rest do not have the knowledge to understand what the
 exploit can actually do. You are aware. That is all that matters. Don't
 secure your servers, that is on you. When they get exploited, that is on
 you.



 Have a nice day! End of discussion. No further communications.



 Sincerely,

 Christopher "StealthMode" Stephen Larkins

 Independent IT Field Engineer

 fieldnation.com

 workmarket.com

 onforce.com

 clearancejobs.com





 On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley 
 wrote:

 My sides at this thread. At first I just rolled my eyes but now I
 actually believe that Stealth Mode is either a troll or delusional. Please
 stop saying "ITSec". Any first year CS student knows what PoC is but you
 don't? Please.

 You are embarrassing yourself. Which institution did you get your
 degree? It must be a very old BSc indeed. You talk complete nonsense and
 have a fundamental misunderstanding of basic computer science tenets.



 On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
 wrote:

 Nice hat there. Stealth might get this one though:
 https://i.imgur.com/329jfXt.gif



 On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:

 The person in question should never have written a message about an
 open vulnerability into a public mailing list in the first place. Just
 because they did doesn't mean that you should ask for PoCs in public
 mailing lists, there's a multitude of issues with that.
 To make it perfectly clear, I'm not defending this person, I seriously
 doubt the seriousness of their statements and a lot of what they're saying
 makes no sense at all and looks like trying to maintain an image of
 competence while knowing little, but responsible disclosure still applies.
 If this person has a vulnerability to report, they should do so with the
 information listed at 

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

Available for contract for PenTesting/SecurityAudits, Datacenter
Migrations, and other IT infrastructure purposes. At the websites listed in
an earlier mailing.

/tips grey hat (only don the blackhat for government contracts) and exits


No further communications. End of conversation.

-StealthMode

On Oct 10, 2017 14:00, "Ryan Bentley"  wrote:

ITSec. PoC.

Sincerely,
Ryan "ExpertMode" Bentley
Independent IT Field Engineer


On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis  wrote:

> hello I have injected a JavaScript into this email you are all now hacked
>
> what do you mean it won't run without an actual vulnerability
>
> you're super mega hacked
>
> 
>
> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>
>> I frankly don't care what / where / how you work, or what you have
>> studied.
>>
>> The only thing I know is that this is clearly the wrong channel to do
>> argue/disclose/chat about.
>>
>> http://www.valvesoftware.com/security/
>>
>> Hopefully you get thanked in a patch note, if not I'm sure the entire
>> community will be grateful that you disclosed a major security issue to the
>> people that *actually *get paid to take care of this.
>>
>> Thanks.
>>
>>
>>
>> 2017-10-10 18:54 GMT+02:00 Saint K. :
>>
>>> Christopher,
>>>
>>>
>>>
>>> I work in “the field” as you like to call it. It’s customary to explain
>>> the exploit in detail and provide proof the concept (hence the request for
>>> a PoC) in any form or way.
>>>
>>>
>>>
>>> Please demonstrate the issue, it be by posting the offending code, you
>>> recording a video showing a working exploit, or anything along these lines.
>>>
>>>
>>>
>>> You should know this, if you work in “the field”.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Saint K.
>>>
>>>
>>>
>>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com]
>>> *On Behalf Of *Stealth Mode
>>> *Sent:* 10 October 2017 18:34
>>> *To:* csgo_servers@list.valvesoftware.com
>>> *Subject:* Re: [Csgo_servers] Custom files exploit
>>>
>>>
>>>
>>> @Ryan, etc.
>>>
>>>
>>>
>>> I studied radio electronics before IT was a thing. NetSec and ITSec go
>>> hand in hand. My credentials aren't CS, because CS was radio electronics.
>>> The industry hasn't changed, just a little more vulnerable. Not like I am
>>> specifically stating how to inject code, or what code to inject on a public
>>> mailing list. Don't need to. Professionals here know what I am referring
>>> to. I guess the rest do not have the knowledge to understand what the
>>> exploit can actually do. You are aware. That is all that matters. Don't
>>> secure your servers, that is on you. When they get exploited, that is on
>>> you.
>>>
>>>
>>>
>>> Have a nice day! End of discussion. No further communications.
>>>
>>>
>>>
>>> Sincerely,
>>>
>>> Christopher "StealthMode" Stephen Larkins
>>>
>>> Independent IT Field Engineer
>>>
>>> fieldnation.com
>>>
>>> workmarket.com
>>>
>>> onforce.com
>>>
>>> clearancejobs.com
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>>>
>>> My sides at this thread. At first I just rolled my eyes but now I
>>> actually believe that Stealth Mode is either a troll or delusional. Please
>>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>>> don't? Please.
>>>
>>> You are embarrassing yourself. Which institution did you get your
>>> degree? It must be a very old BSc indeed. You talk complete nonsense and
>>> have a fundamental misunderstanding of basic computer science tenets.
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>>> wrote:
>>>
>>> Nice hat there. Stealth might get this one though:
>>> https://i.imgur.com/329jfXt.gif
>>>
>>>
>>>
>>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>>
>>> The person in question should never have written a message about an open
>>> vulnerability into a public mailing list in the first place. Just because
>>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>>> there's a multitude of issues with that.
>>> To make it perfectly clear, I'm not defending this person, I seriously
>>> doubt the seriousness of their statements and a lot of what they're saying
>>> makes no sense at all and looks like trying to maintain an image of
>>> competence while knowing little, but responsible disclosure still applies.
>>> If this person has a vulnerability to report, they should do so with the
>>> information listed at http://www.valvesoftware.com/security/.
>>> And I think I know what I'm talking about seeing as I have two Finder's
>>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>>
>>> On 10.10.2017 17:08, Vaya wrote:
>>>
>>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>>> just noise without a repeatable Test
>>>
>>> Sent from my iPhone

Re: [Csgo_servers] Custom files exploit

[Nathaniel Theis]

but setting up certbot to auto renew is like 3 commands and I'm lazy



On Oct 10, 2017 11:02 AM, "Daniel Saewitz"  wrote:

> You may want to fix your SSL cert bud ;)
>
>
> On October 10, 2017 at 1:53:00 PM, Nathaniel Theis (ntth...@gmail.com)
> wrote:
>
> hello I have injected a JavaScript into this email you are all now hacked
>
> what do you mean it won't run without an actual vulnerability
>
> you're super mega hacked
>
> 
>
> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>
>> I frankly don't care what / where / how you work, or what you have
>> studied.
>>
>> The only thing I know is that this is clearly the wrong channel to do
>> argue/disclose/chat about.
>>
>> http://www.valvesoftware.com/security/
>>
>> Hopefully you get thanked in a patch note, if not I'm sure the entire
>> community will be grateful that you disclosed a major security issue to the
>> people that *actually* get paid to take care of this.
>>
>> Thanks.
>>
>>
>>
>> 2017-10-10 18:54 GMT+02:00 Saint K. :
>>
>>> Christopher,
>>>
>>>
>>>
>>> I work in “the field” as you like to call it. It’s customary to explain
>>> the exploit in detail and provide proof the concept (hence the request for
>>> a PoC) in any form or way.
>>>
>>>
>>>
>>> Please demonstrate the issue, it be by posting the offending code, you
>>> recording a video showing a working exploit, or anything along these lines.
>>>
>>>
>>>
>>> You should know this, if you work in “the field”.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Saint K.
>>>
>>>
>>>
>>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com]
>>> *On Behalf Of* Stealth Mode
>>> *Sent:* 10 October 2017 18:34
>>> *To:* csgo_servers@list.valvesoftware.com
>>> *Subject:* Re: [Csgo_servers] Custom files exploit
>>>
>>>
>>>
>>> @Ryan, etc.
>>>
>>>
>>>
>>> I studied radio electronics before IT was a thing. NetSec and ITSec go
>>> hand in hand. My credentials aren't CS, because CS was radio electronics.
>>> The industry hasn't changed, just a little more vulnerable. Not like I am
>>> specifically stating how to inject code, or what code to inject on a public
>>> mailing list. Don't need to. Professionals here know what I am referring
>>> to. I guess the rest do not have the knowledge to understand what the
>>> exploit can actually do. You are aware. That is all that matters. Don't
>>> secure your servers, that is on you. When they get exploited, that is on
>>> you.
>>>
>>>
>>>
>>> Have a nice day! End of discussion. No further communications.
>>>
>>>
>>>
>>> Sincerely,
>>>
>>> Christopher "StealthMode" Stephen Larkins
>>>
>>> Independent IT Field Engineer
>>>
>>> fieldnation.com
>>>
>>> workmarket.com
>>>
>>> onforce.com
>>>
>>> clearancejobs.com
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>>>
>>> My sides at this thread. At first I just rolled my eyes but now I
>>> actually believe that Stealth Mode is either a troll or delusional. Please
>>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>>> don't? Please.
>>>
>>> You are embarrassing yourself. Which institution did you get your
>>> degree? It must be a very old BSc indeed. You talk complete nonsense and
>>> have a fundamental misunderstanding of basic computer science tenets.
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>>> wrote:
>>>
>>> Nice hat there. Stealth might get this one though:
>>> https://i.imgur.com/329jfXt.gif
>>>
>>>
>>>
>>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>>
>>> The person in question should never have written a message about an open
>>> vulnerability into a public mailing list in the first place. Just because
>>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>>> there's a multitude of issues with that.
>>> To make it perfectly clear, I'm not defending this person, I seriously
>>> doubt the seriousness of their statements and a lot of what they're saying
>>> makes no sense at all and looks like trying to maintain an image of
>>> competence while knowing little, but responsible disclosure still applies.
>>> If this person has a vulnerability to report, they should do so with the
>>> information listed at http://www.valvesoftware.com/security/.
>>> And I think I know what I'm talking about seeing as I have two Finder's
>>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>>
>>> On 10.10.2017 17:08, Vaya wrote:
>>>
>>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>>> just noise without a repeatable Test
>>>
>>> Sent from my iPhone
>>>
>>>
>>> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>>>
>>> If you have a vulnerability to report, don't do it in a public mailing
>>> list. Report it directly to Valve, and no place else. This conversation has
>>> so 

Re: [Csgo_servers] Custom files exploit

[Daniel Saewitz]

You may want to fix your SSL cert bud ;)


On October 10, 2017 at 1:53:00 PM, Nathaniel Theis (ntth...@gmail.com) wrote:

hello I have injected a JavaScript into this email you are all now hacked

what do you mean it won't run without an actual vulnerability

you're super mega hacked



On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
I frankly don't care what / where / how you work, or what you have studied.

The only thing I know is that this is clearly the wrong channel to do 
argue/disclose/chat about.

http://www.valvesoftware.com/security/

Hopefully you get thanked in a patch note, if not I'm sure the entire community 
will be grateful that you disclosed a major security issue to the people that 
actually get paid to take care of this.

Thanks.



2017-10-10 18:54 GMT+02:00 Saint K. :
Christopher,

 

I work in “the field” as you like to call it. It’s customary to explain the 
exploit in detail and provide proof the concept (hence the request for a PoC) 
in any form or way.

 

Please demonstrate the issue, it be by posting the offending code, you 
recording a video showing a working exploit, or anything along these lines.

 

You should know this, if you work in “the field”.

 

Regards,

 

Saint K.

 

From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On 
Behalf Of Stealth Mode
Sent: 10 October 2017 18:34
To: csgo_servers@list.valvesoftware.com
Subject: Re: [Csgo_servers] Custom files exploit

 

@Ryan, etc.

 

I studied radio electronics before IT was a thing. NetSec and ITSec go hand in 
hand. My credentials aren't CS, because CS was radio electronics. The industry 
hasn't changed, just a little more vulnerable. Not like I am specifically 
stating how to inject code, or what code to inject on a public mailing list. 
Don't need to. Professionals here know what I am referring to. I guess the rest 
do not have the knowledge to understand what the exploit can actually do. You 
are aware. That is all that matters. Don't secure your servers, that is on you. 
When they get exploited, that is on you. 

 

Have a nice day! End of discussion. No further communications.

 

Sincerely,

Christopher "StealthMode" Stephen Larkins

Independent IT Field Engineer

fieldnation.com

workmarket.com

onforce.com

clearancejobs.com

 

 

On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:

My sides at this thread. At first I just rolled my eyes but now I actually 
believe that Stealth Mode is either a troll or delusional. Please stop saying 
"ITSec". Any first year CS student knows what PoC is but you don't? Please.

You are embarrassing yourself. Which institution did you get your degree? It 
must be a very old BSc indeed. You talk complete nonsense and have a 
fundamental misunderstanding of basic computer science tenets.

 

On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad  wrote:

Nice hat there. Stealth might get this one though: 
https://i.imgur.com/329jfXt.gif

 

On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:

The person in question should never have written a message about an open 
vulnerability into a public mailing list in the first place. Just because they 
did doesn't mean that you should ask for PoCs in public mailing lists, there's 
a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt 
the seriousness of their statements and a lot of what they're saying makes no 
sense at all and looks like trying to maintain an image of competence while 
knowing little, but responsible disclosure still applies. If this person has a 
vulnerability to report, they should do so with the information listed at 
http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees. 
See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and 
https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

On 10.10.2017 17:08, Vaya wrote:

I think someone needs to ‘stealth mode’ out of this email chain. This is just 
noise without a repeatable Test

Sent from my iPhone


On 10 Oct 2017, at 16:01, PistonMiner  wrote:

If you have a vulnerability to report, don't do it in a public mailing list. 
Report it directly to Valve, and no place else. This conversation has so many 
problems, but asking for a PoC in a public mailing list is one of them. Look up 
responsible disclosure. (I should note though, at this point I am not convinced 
a vulnerability even exists.)

--  
PistonMiner (Linus S.)
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

 

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



--  
PistonMiner (Linus S.)

Re: [Csgo_servers] Custom files exploit

[Ryan Bentley]

ITSec. PoC.

Sincerely,
Ryan "ExpertMode" Bentley
Independent IT Field Engineer


On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis  wrote:

> hello I have injected a JavaScript into this email you are all now hacked
>
> what do you mean it won't run without an actual vulnerability
>
> you're super mega hacked
>
> 
>
> On Oct 10, 2017 10:02 AM, "iNilo"  wrote:
>
>> I frankly don't care what / where / how you work, or what you have
>> studied.
>>
>> The only thing I know is that this is clearly the wrong channel to do
>> argue/disclose/chat about.
>>
>> http://www.valvesoftware.com/security/
>>
>> Hopefully you get thanked in a patch note, if not I'm sure the entire
>> community will be grateful that you disclosed a major security issue to the
>> people that *actually *get paid to take care of this.
>>
>> Thanks.
>>
>>
>>
>> 2017-10-10 18:54 GMT+02:00 Saint K. :
>>
>>> Christopher,
>>>
>>>
>>>
>>> I work in “the field” as you like to call it. It’s customary to explain
>>> the exploit in detail and provide proof the concept (hence the request for
>>> a PoC) in any form or way.
>>>
>>>
>>>
>>> Please demonstrate the issue, it be by posting the offending code, you
>>> recording a video showing a working exploit, or anything along these lines.
>>>
>>>
>>>
>>> You should know this, if you work in “the field”.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Saint K.
>>>
>>>
>>>
>>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com]
>>> *On Behalf Of *Stealth Mode
>>> *Sent:* 10 October 2017 18:34
>>> *To:* csgo_servers@list.valvesoftware.com
>>> *Subject:* Re: [Csgo_servers] Custom files exploit
>>>
>>>
>>>
>>> @Ryan, etc.
>>>
>>>
>>>
>>> I studied radio electronics before IT was a thing. NetSec and ITSec go
>>> hand in hand. My credentials aren't CS, because CS was radio electronics.
>>> The industry hasn't changed, just a little more vulnerable. Not like I am
>>> specifically stating how to inject code, or what code to inject on a public
>>> mailing list. Don't need to. Professionals here know what I am referring
>>> to. I guess the rest do not have the knowledge to understand what the
>>> exploit can actually do. You are aware. That is all that matters. Don't
>>> secure your servers, that is on you. When they get exploited, that is on
>>> you.
>>>
>>>
>>>
>>> Have a nice day! End of discussion. No further communications.
>>>
>>>
>>>
>>> Sincerely,
>>>
>>> Christopher "StealthMode" Stephen Larkins
>>>
>>> Independent IT Field Engineer
>>>
>>> fieldnation.com
>>>
>>> workmarket.com
>>>
>>> onforce.com
>>>
>>> clearancejobs.com
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>>>
>>> My sides at this thread. At first I just rolled my eyes but now I
>>> actually believe that Stealth Mode is either a troll or delusional. Please
>>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>>> don't? Please.
>>>
>>> You are embarrassing yourself. Which institution did you get your
>>> degree? It must be a very old BSc indeed. You talk complete nonsense and
>>> have a fundamental misunderstanding of basic computer science tenets.
>>>
>>>
>>>
>>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>>> wrote:
>>>
>>> Nice hat there. Stealth might get this one though:
>>> https://i.imgur.com/329jfXt.gif
>>>
>>>
>>>
>>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>>
>>> The person in question should never have written a message about an open
>>> vulnerability into a public mailing list in the first place. Just because
>>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>>> there's a multitude of issues with that.
>>> To make it perfectly clear, I'm not defending this person, I seriously
>>> doubt the seriousness of their statements and a lot of what they're saying
>>> makes no sense at all and looks like trying to maintain an image of
>>> competence while knowing little, but responsible disclosure still applies.
>>> If this person has a vulnerability to report, they should do so with the
>>> information listed at http://www.valvesoftware.com/security/.
>>> And I think I know what I'm talking about seeing as I have two Finder's
>>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>>
>>> On 10.10.2017 17:08, Vaya wrote:
>>>
>>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>>> just noise without a repeatable Test
>>>
>>> Sent from my iPhone
>>>
>>>
>>> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>>>
>>> If you have a vulnerability to report, don't do it in a public mailing
>>> list. Report it directly to Valve, and no place else. This conversation has
>>> so many problems, but asking for a PoC in a *public* mailing list is
>>> one of them. Look up responsible disclosure. (I 

Re: [Csgo_servers] Custom files exploit

[Nathaniel Theis]

hello I have injected a JavaScript into this email you are all now hacked

what do you mean it won't run without an actual vulnerability

you're super mega hacked



On Oct 10, 2017 10:02 AM, "iNilo"  wrote:

> I frankly don't care what / where / how you work, or what you have studied.
>
> The only thing I know is that this is clearly the wrong channel to do
> argue/disclose/chat about.
>
> http://www.valvesoftware.com/security/
>
> Hopefully you get thanked in a patch note, if not I'm sure the entire
> community will be grateful that you disclosed a major security issue to the
> people that *actually *get paid to take care of this.
>
> Thanks.
>
>
>
> 2017-10-10 18:54 GMT+02:00 Saint K. :
>
>> Christopher,
>>
>>
>>
>> I work in “the field” as you like to call it. It’s customary to explain
>> the exploit in detail and provide proof the concept (hence the request for
>> a PoC) in any form or way.
>>
>>
>>
>> Please demonstrate the issue, it be by posting the offending code, you
>> recording a video showing a working exploit, or anything along these lines.
>>
>>
>>
>> You should know this, if you work in “the field”.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Saint K.
>>
>>
>>
>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com]
>> *On Behalf Of *Stealth Mode
>> *Sent:* 10 October 2017 18:34
>> *To:* csgo_servers@list.valvesoftware.com
>> *Subject:* Re: [Csgo_servers] Custom files exploit
>>
>>
>>
>> @Ryan, etc.
>>
>>
>>
>> I studied radio electronics before IT was a thing. NetSec and ITSec go
>> hand in hand. My credentials aren't CS, because CS was radio electronics.
>> The industry hasn't changed, just a little more vulnerable. Not like I am
>> specifically stating how to inject code, or what code to inject on a public
>> mailing list. Don't need to. Professionals here know what I am referring
>> to. I guess the rest do not have the knowledge to understand what the
>> exploit can actually do. You are aware. That is all that matters. Don't
>> secure your servers, that is on you. When they get exploited, that is on
>> you.
>>
>>
>>
>> Have a nice day! End of discussion. No further communications.
>>
>>
>>
>> Sincerely,
>>
>> Christopher "StealthMode" Stephen Larkins
>>
>> Independent IT Field Engineer
>>
>> fieldnation.com
>>
>> workmarket.com
>>
>> onforce.com
>>
>> clearancejobs.com
>>
>>
>>
>>
>>
>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>>
>> My sides at this thread. At first I just rolled my eyes but now I
>> actually believe that Stealth Mode is either a troll or delusional. Please
>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>> don't? Please.
>>
>> You are embarrassing yourself. Which institution did you get your degree?
>> It must be a very old BSc indeed. You talk complete nonsense and have a
>> fundamental misunderstanding of basic computer science tenets.
>>
>>
>>
>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>> wrote:
>>
>> Nice hat there. Stealth might get this one though: https://i.imgur.com/32
>> 9jfXt.gif
>>
>>
>>
>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>
>> The person in question should never have written a message about an open
>> vulnerability into a public mailing list in the first place. Just because
>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>> there's a multitude of issues with that.
>> To make it perfectly clear, I'm not defending this person, I seriously
>> doubt the seriousness of their statements and a lot of what they're saying
>> makes no sense at all and looks like trying to maintain an image of
>> competence while knowing little, but responsible disclosure still applies.
>> If this person has a vulnerability to report, they should do so with the
>> information listed at http://www.valvesoftware.com/security/.
>> And I think I know what I'm talking about seeing as I have two Finder's
>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>
>> On 10.10.2017 17:08, Vaya wrote:
>>
>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>> just noise without a repeatable Test
>>
>> Sent from my iPhone
>>
>>
>> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>>
>> If you have a vulnerability to report, don't do it in a public mailing
>> list. Report it directly to Valve, and no place else. This conversation has
>> so many problems, but asking for a PoC in a *public* mailing list is one
>> of them. Look up responsible disclosure. (I should note though, at this
>> point I am not convinced a vulnerability even exists.)
>>
>> --
>>
>> PistonMiner (Linus S.)
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[iNilo]

I frankly don't care what / where / how you work, or what you have studied.

The only thing I know is that this is clearly the wrong channel to do
argue/disclose/chat about.

http://www.valvesoftware.com/security/

Hopefully you get thanked in a patch note, if not I'm sure the entire
community will be grateful that you disclosed a major security issue to the
people that *actually *get paid to take care of this.

Thanks.



2017-10-10 18:54 GMT+02:00 Saint K. :

> Christopher,
>
>
>
> I work in “the field” as you like to call it. It’s customary to explain
> the exploit in detail and provide proof the concept (hence the request for
> a PoC) in any form or way.
>
>
>
> Please demonstrate the issue, it be by posting the offending code, you
> recording a video showing a working exploit, or anything along these lines.
>
>
>
> You should know this, if you work in “the field”.
>
>
>
> Regards,
>
>
>
> Saint K.
>
>
>
> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] *On
> Behalf Of *Stealth Mode
> *Sent:* 10 October 2017 18:34
> *To:* csgo_servers@list.valvesoftware.com
> *Subject:* Re: [Csgo_servers] Custom files exploit
>
>
>
> @Ryan, etc.
>
>
>
> I studied radio electronics before IT was a thing. NetSec and ITSec go
> hand in hand. My credentials aren't CS, because CS was radio electronics.
> The industry hasn't changed, just a little more vulnerable. Not like I am
> specifically stating how to inject code, or what code to inject on a public
> mailing list. Don't need to. Professionals here know what I am referring
> to. I guess the rest do not have the knowledge to understand what the
> exploit can actually do. You are aware. That is all that matters. Don't
> secure your servers, that is on you. When they get exploited, that is on
> you.
>
>
>
> Have a nice day! End of discussion. No further communications.
>
>
>
> Sincerely,
>
> Christopher "StealthMode" Stephen Larkins
>
> Independent IT Field Engineer
>
> fieldnation.com
>
> workmarket.com
>
> onforce.com
>
> clearancejobs.com
>
>
>
>
>
> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>
> My sides at this thread. At first I just rolled my eyes but now I actually
> believe that Stealth Mode is either a troll or delusional. Please stop
> saying "ITSec". Any first year CS student knows what PoC is but you don't?
> Please.
>
> You are embarrassing yourself. Which institution did you get your degree?
> It must be a very old BSc indeed. You talk complete nonsense and have a
> fundamental misunderstanding of basic computer science tenets.
>
>
>
> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad  wrote:
>
> Nice hat there. Stealth might get this one though: https://i.imgur.com/
> 329jfXt.gif
>
>
>
> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>
> The person in question should never have written a message about an open
> vulnerability into a public mailing list in the first place. Just because
> they did doesn't mean that you should ask for PoCs in public mailing lists,
> there's a multitude of issues with that.
> To make it perfectly clear, I'm not defending this person, I seriously
> doubt the seriousness of their statements and a lot of what they're saying
> makes no sense at all and looks like trying to maintain an image of
> competence while knowing little, but responsible disclosure still applies.
> If this person has a vulnerability to report, they should do so with the
> information listed at http://www.valvesoftware.com/security/.
> And I think I know what I'm talking about seeing as I have two Finder's
> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>
> On 10.10.2017 17:08, Vaya wrote:
>
> I think someone needs to ‘stealth mode’ out of this email chain. This is
> just noise without a repeatable Test
>
> Sent from my iPhone
>
>
> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>
> If you have a vulnerability to report, don't do it in a public mailing
> list. Report it directly to Valve, and no place else. This conversation has
> so many problems, but asking for a PoC in a *public* mailing list is one
> of them. Look up responsible disclosure. (I should note though, at this
> point I am not convinced a vulnerability even exists.)
>
> --
>
> PistonMiner (Linus S.)
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> ___
>
> Csgo_servers mailing list
>
> Csgo_servers@list.valvesoftware.com
>
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> --
>
> PistonMiner (Linus S.)
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> 

Re: [Csgo_servers] Custom files exploit

[Saint K.]

Christopher,
 
I work in “the field” as you like to call it. It’s customary to explain the 
exploit in detail and provide proof the concept (hence the request for a PoC) 
in any form or way.
 
Please demonstrate the issue, it be by posting the offending code, you 
recording a video showing a working exploit, or anything along these lines.
 
You should know this, if you work in “the field”.
 
Regards,
 
Saint K.
 
From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On 
Behalf Of Stealth Mode
Sent: 10 October 2017 18:34
To: csgo_servers@list.valvesoftware.com
Subject: Re: [Csgo_servers] Custom files exploit
 
@Ryan, etc.
 
I studied radio electronics before IT was a thing. NetSec and ITSec go hand in 
hand. My credentials aren't CS, because CS was radio electronics. The industry 
hasn't changed, just a little more vulnerable. Not like I am specifically 
stating how to inject code, or what code to inject on a public mailing list. 
Don't need to. Professionals here know what I am referring to. I guess the rest 
do not have the knowledge to understand what the exploit can actually do. You 
are aware. That is all that matters. Don't secure your servers, that is on you. 
When they get exploited, that is on you. 
 
Have a nice day! End of discussion. No further communications.
 
Sincerely,
Christopher "StealthMode" Stephen Larkins
Independent IT Field Engineer
fieldnation.com
workmarket.com
onforce.com
clearancejobs.com
 
 
On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
My sides at this thread. At first I just rolled my eyes but now I actually 
believe that Stealth Mode is either a troll or delusional. Please stop saying 
"ITSec". Any first year CS student knows what PoC is but you don't? Please.
You are embarrassing yourself. Which institution did you get your degree? It 
must be a very old BSc indeed. You talk complete nonsense and have a 
fundamental misunderstanding of basic computer science tenets.
 
On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad  wrote:
Nice hat there. Stealth might get this one though: 
https://i.imgur.com/329jfXt.gif
 
On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
The person in question should never have written a message about an open 
vulnerability into a public mailing list in the first place. Just because they 
did doesn't mean that you should ask for PoCs in public mailing lists, there's 
a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt 
the seriousness of their statements and a lot of what they're saying makes no 
sense at all and looks like trying to maintain an image of competence while 
knowing little, but responsible disclosure still applies. If this person has a 
vulnerability to report, they should do so with the information listed at 
http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees. 
See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and 
https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
On 10.10.2017 17:08, Vaya wrote:
I think someone needs to ‘stealth mode’ out of this email chain. This is just 
noise without a repeatable Test
Sent from my iPhone

On 10 Oct 2017, at 16:01, PistonMiner  wrote:
If you have a vulnerability to report, don't do it in a public mailing list. 
Report it directly to Valve, and no place else. This conversation has so many 
problems, but asking for a PoC in a public mailing list is one of them. Look up 
responsible disclosure. (I should note though, at this point I am not convinced 
a vulnerability even exists.)
-- PistonMiner (Linus S.)
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
 
___Csgo_servers mailing 
listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

-- PistonMiner (Linus S.)

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
 

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Kristin A]

As an independent contractor, I'm going to assume you "fix" people's broken
networks by spreading FUD then correcting a problem that was never there in
the first place? What kind of incompetent people do you think frequent this
list; people abusing !ws and !knife, allow uploads ever from clients, and
gawd knows what other insecure rubbish?

Nobody is harassing you; instead, they're responding to your vagueries that
are about as useful as that spambot that was here last year, and your
search results that are obsolete.

On Tue, Oct 10, 2017 at 12:34 PM, Stealth Mode 
wrote:

> @Ryan, etc.
>
> I studied radio electronics before IT was a thing. NetSec and ITSec go
> hand in hand. My credentials aren't CS, because CS was radio electronics.
> The industry hasn't changed, just a little more vulnerable. Not like I am
> specifically stating how to inject code, or what code to inject on a public
> mailing list. Don't need to. Professionals here know what I am referring
> to. I guess the rest do not have the knowledge to understand what the
> exploit can actually do. You are aware. That is all that matters. Don't
> secure your servers, that is on you. When they get exploited, that is on
> you.
>
> Have a nice day! End of discussion. No further communications.
>
> Sincerely,
> Christopher "StealthMode" Stephen Larkins
> Independent IT Field Engineer
> fieldnation.com
> workmarket.com
> onforce.com
> clearancejobs.com
>
>
> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>
>> My sides at this thread. At first I just rolled my eyes but now I
>> actually believe that Stealth Mode is either a troll or delusional. Please
>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>> don't? Please.
>>
>> You are embarrassing yourself. Which institution did you get your degree?
>> It must be a very old BSc indeed. You talk complete nonsense and have a
>> fundamental misunderstanding of basic computer science tenets.
>>
>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>> wrote:
>>
>>> Nice hat there. Stealth might get this one though:
>>> https://i.imgur.com/329jfXt.gif
>>>
>>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>>
 The person in question should never have written a message about an
 open vulnerability into a public mailing list in the first place. Just
 because they did doesn't mean that you should ask for PoCs in public
 mailing lists, there's a multitude of issues with that.
 To make it perfectly clear, I'm not defending this person, I seriously
 doubt the seriousness of their statements and a lot of what they're saying
 makes no sense at all and looks like trying to maintain an image of
 competence while knowing little, but responsible disclosure still applies.
 If this person has a vulnerability to report, they should do so with the
 information listed at http://www.valvesoftware.com/security/.
 And I think I know what I'm talking about seeing as I have two Finder's
 Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
 https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

 On 10.10.2017 17:08, Vaya wrote:

 I think someone needs to ‘stealth mode’ out of this email chain. This
 is just noise without a repeatable Test

 Sent from my iPhone

 On 10 Oct 2017, at 16:01, PistonMiner  wrote:

 If you have a vulnerability to report, don't do it in a public mailing
 list. Report it directly to Valve, and no place else. This conversation has
 so many problems, but asking for a PoC in a *public* mailing list is
 one of them. Look up responsible disclosure. (I should note though, at this
 point I am not convinced a vulnerability even exists.)

 --
 PistonMiner (Linus S.)

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



 ___
 Csgo_servers mailing 
 listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


 --
 PistonMiner (Linus S.)


 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> 

Re: [Csgo_servers] Custom files exploit

[David]

none of these videos looks current or relevant? 1.6/CZ server exploits have
no baring on CSGO server installations.

On 10 October 2017 at 17:34, Stealth Mode  wrote:

> @Ryan, etc.
>
> I studied radio electronics before IT was a thing. NetSec and ITSec go
> hand in hand. My credentials aren't CS, because CS was radio electronics.
> The industry hasn't changed, just a little more vulnerable. Not like I am
> specifically stating how to inject code, or what code to inject on a public
> mailing list. Don't need to. Professionals here know what I am referring
> to. I guess the rest do not have the knowledge to understand what the
> exploit can actually do. You are aware. That is all that matters. Don't
> secure your servers, that is on you. When they get exploited, that is on
> you.
>
> Have a nice day! End of discussion. No further communications.
>
> Sincerely,
> Christopher "StealthMode" Stephen Larkins
> Independent IT Field Engineer
> fieldnation.com
> workmarket.com
> onforce.com
> clearancejobs.com
>
>
> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:
>
>> My sides at this thread. At first I just rolled my eyes but now I
>> actually believe that Stealth Mode is either a troll or delusional. Please
>> stop saying "ITSec". Any first year CS student knows what PoC is but you
>> don't? Please.
>>
>> You are embarrassing yourself. Which institution did you get your degree?
>> It must be a very old BSc indeed. You talk complete nonsense and have a
>> fundamental misunderstanding of basic computer science tenets.
>>
>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad 
>> wrote:
>>
>>> Nice hat there. Stealth might get this one though:
>>> https://i.imgur.com/329jfXt.gif
>>>
>>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>>
 The person in question should never have written a message about an
 open vulnerability into a public mailing list in the first place. Just
 because they did doesn't mean that you should ask for PoCs in public
 mailing lists, there's a multitude of issues with that.
 To make it perfectly clear, I'm not defending this person, I seriously
 doubt the seriousness of their statements and a lot of what they're saying
 makes no sense at all and looks like trying to maintain an image of
 competence while knowing little, but responsible disclosure still applies.
 If this person has a vulnerability to report, they should do so with the
 information listed at http://www.valvesoftware.com/security/.
 And I think I know what I'm talking about seeing as I have two Finder's
 Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
 https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners

 On 10.10.2017 17:08, Vaya wrote:

 I think someone needs to ‘stealth mode’ out of this email chain. This
 is just noise without a repeatable Test

 Sent from my iPhone

 On 10 Oct 2017, at 16:01, PistonMiner  wrote:

 If you have a vulnerability to report, don't do it in a public mailing
 list. Report it directly to Valve, and no place else. This conversation has
 so many problems, but asking for a PoC in a *public* mailing list is
 one of them. Look up responsible disclosure. (I should note though, at this
 point I am not convinced a vulnerability even exists.)

 --
 PistonMiner (Linus S.)

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



 ___
 Csgo_servers mailing 
 listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


 --
 PistonMiner (Linus S.)


 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

@Ryan, etc.

I studied radio electronics before IT was a thing. NetSec and ITSec go hand
in hand. My credentials aren't CS, because CS was radio electronics. The
industry hasn't changed, just a little more vulnerable. Not like I am
specifically stating how to inject code, or what code to inject on a public
mailing list. Don't need to. Professionals here know what I am referring
to. I guess the rest do not have the knowledge to understand what the
exploit can actually do. You are aware. That is all that matters. Don't
secure your servers, that is on you. When they get exploited, that is on
you.

Have a nice day! End of discussion. No further communications.

Sincerely,
Christopher "StealthMode" Stephen Larkins
Independent IT Field Engineer
fieldnation.com
workmarket.com
onforce.com
clearancejobs.com


On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley  wrote:

> My sides at this thread. At first I just rolled my eyes but now I actually
> believe that Stealth Mode is either a troll or delusional. Please stop
> saying "ITSec". Any first year CS student knows what PoC is but you don't?
> Please.
>
> You are embarrassing yourself. Which institution did you get your degree?
> It must be a very old BSc indeed. You talk complete nonsense and have a
> fundamental misunderstanding of basic computer science tenets.
>
> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad  wrote:
>
>> Nice hat there. Stealth might get this one though: https://i.imgur.com/32
>> 9jfXt.gif
>>
>> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>>
>>> The person in question should never have written a message about an open
>>> vulnerability into a public mailing list in the first place. Just because
>>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>>> there's a multitude of issues with that.
>>> To make it perfectly clear, I'm not defending this person, I seriously
>>> doubt the seriousness of their statements and a lot of what they're saying
>>> makes no sense at all and looks like trying to maintain an image of
>>> competence while knowing little, but responsible disclosure still applies.
>>> If this person has a vulnerability to report, they should do so with the
>>> information listed at http://www.valvesoftware.com/security/.
>>> And I think I know what I'm talking about seeing as I have two Finder's
>>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>>
>>> On 10.10.2017 17:08, Vaya wrote:
>>>
>>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>>> just noise without a repeatable Test
>>>
>>> Sent from my iPhone
>>>
>>> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>>>
>>> If you have a vulnerability to report, don't do it in a public mailing
>>> list. Report it directly to Valve, and no place else. This conversation has
>>> so many problems, but asking for a PoC in a *public* mailing list is
>>> one of them. Look up responsible disclosure. (I should note though, at this
>>> point I am not convinced a vulnerability even exists.)
>>>
>>> --
>>> PistonMiner (Linus S.)
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing 
>>> listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>> --
>>> PistonMiner (Linus S.)
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

@ Vaya

Indeed.

https://www.google.com/search?num=20=off=1C1GGRV_enUS766US766=hlds+server+exploits=hlds+server+exploits_l=psy-ab.3..33i22i29i30k1.29788.34204.0.34882.26.20.0.0.0.0.428.3202.0j5j1j5j1.12.00...1.1.64.psy-ab..14.12.3195...0j35i39k1j0i67k1j0i22i30k1j0i22i10i30k1j33i160k1j0i8i13i10i30k1.0.5ObNmdqq2dI

https://www.google.com/search?num=20=off=1C1GGRV_enUS766US766=csgo+server+exploits=csgo+server+exploits_l=psy-ab.3...70429.71541.0.71853.5.5.0.0.0.0.192.378.0j2.2.00...1.1.64.psy-ab..3.0.00.HFf4SiZKnLo

And these are the more common exploits. The image/skin exploit isn't widely
known yet. Far as to why I have submitted it to this list, was to let
owners/admins know to disable custom files/skins with the svar for
allowupload, and customfiles. The maturity of some of this lists members is
lacking. So I will be ignoring them, and blocking them in the future.
Possibly will contact Alfred about the harrassment over the legitimate
exploit being being spoken of with other owners/admins.

-StealthMode

On Tue, Oct 10, 2017 at 11:08 AM, Vaya  wrote:

> I think someone needs to ‘stealth mode’ out of this email chain. This is
> just noise without a repeatable Test
>
> Sent from my iPhone
>
> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>
> If you have a vulnerability to report, don't do it in a public mailing
> list. Report it directly to Valve, and no place else. This conversation has
> so many problems, but asking for a PoC in a *public* mailing list is one
> of them. Look up responsible disclosure. (I should note though, at this
> point I am not convinced a vulnerability even exists.)
>
> --
> PistonMiner (Linus S.)
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Ryan Bentley]

My sides at this thread. At first I just rolled my eyes but now I actually
believe that Stealth Mode is either a troll or delusional. Please stop
saying "ITSec". Any first year CS student knows what PoC is but you don't?
Please.

You are embarrassing yourself. Which institution did you get your degree?
It must be a very old BSc indeed. You talk complete nonsense and have a
fundamental misunderstanding of basic computer science tenets.

On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad  wrote:

> Nice hat there. Stealth might get this one though: https://i.imgur.com/
> 329jfXt.gif
>
> On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:
>
>> The person in question should never have written a message about an open
>> vulnerability into a public mailing list in the first place. Just because
>> they did doesn't mean that you should ask for PoCs in public mailing lists,
>> there's a multitude of issues with that.
>> To make it perfectly clear, I'm not defending this person, I seriously
>> doubt the seriousness of their statements and a lot of what they're saying
>> makes no sense at all and looks like trying to maintain an image of
>> competence while knowing little, but responsible disclosure still applies.
>> If this person has a vulnerability to report, they should do so with the
>> information listed at http://www.valvesoftware.com/security/.
>> And I think I know what I'm talking about seeing as I have two Finder's
>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>>
>> On 10.10.2017 17:08, Vaya wrote:
>>
>> I think someone needs to ‘stealth mode’ out of this email chain. This is
>> just noise without a repeatable Test
>>
>> Sent from my iPhone
>>
>> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>>
>> If you have a vulnerability to report, don't do it in a public mailing
>> list. Report it directly to Valve, and no place else. This conversation has
>> so many problems, but asking for a PoC in a *public* mailing list is one
>> of them. Look up responsible disclosure. (I should note though, at this
>> point I am not convinced a vulnerability even exists.)
>>
>> --
>> PistonMiner (Linus S.)
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>> ___
>> Csgo_servers mailing 
>> listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>> --
>> PistonMiner (Linus S.)
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Nomaan Ahmad]

Nice hat there. Stealth might get this one though:
https://i.imgur.com/329jfXt.gif

On 10 Oct 2017 4:29 pm, "PistonMiner"  wrote:

> The person in question should never have written a message about an open
> vulnerability into a public mailing list in the first place. Just because
> they did doesn't mean that you should ask for PoCs in public mailing lists,
> there's a multitude of issues with that.
> To make it perfectly clear, I'm not defending this person, I seriously
> doubt the seriousness of their statements and a lot of what they're saying
> makes no sense at all and looks like trying to maintain an image of
> competence while knowing little, but responsible disclosure still applies.
> If this person has a vulnerability to report, they should do so with the
> information listed at http://www.valvesoftware.com/security/.
> And I think I know what I'm talking about seeing as I have two Finder's
> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
>
> On 10.10.2017 17:08, Vaya wrote:
>
> I think someone needs to ‘stealth mode’ out of this email chain. This is
> just noise without a repeatable Test
>
> Sent from my iPhone
>
> On 10 Oct 2017, at 16:01, PistonMiner  wrote:
>
> If you have a vulnerability to report, don't do it in a public mailing
> list. Report it directly to Valve, and no place else. This conversation has
> so many problems, but asking for a PoC in a *public* mailing list is one
> of them. Look up responsible disclosure. (I should note though, at this
> point I am not convinced a vulnerability even exists.)
>
> --
> PistonMiner (Linus S.)
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> ___
> Csgo_servers mailing 
> listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> --
> PistonMiner (Linus S.)
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Don Park]

Please send an actual working proof of concept (PoC) (also the
configuration of the server/environment if applicable).  A working Proof of
Concept will prove your point.  At the current level, this is nothing more
than a theory and a hypothesis.  The PoC is the only thing we need.

Cheers.
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Ben Steiger]

Please stop. I have been watching this conversation since it started.
Provide a case-specific example if you can. If not, please keep your
solutions to yourself.

I may not be an IT graduate, but I have a keen understanding of when
someone is full of themself.

Besides: your server has custom files disabled, why bother talking to a
brick wall anymore just to have a bunch of people you clearly don't respect
do the same?

-OF

On Oct 10, 2017 10:41 AM, "Stealth Mode"  wrote:

> So clueless I hold an electronics engineering degree, an IT industry
> degree, and am currently studying CCIE/CCDE and contracting with Cisco to
> develop electronics safeguards to protect from binary injections into IT
> infrastructure.
>
> Please refrain from trolling, flaming, etc. You do not have an education
> in this field.
>
> -StealthMode
>
> On Tue, Oct 10, 2017 at 10:27 AM, Nomaan Ahmad 
> wrote:
>
>> This guy is clueless.
>>
>> On 10 Oct 2017 3:25 pm, "Stealth Mode"  wrote:
>>
>>> Actually my information is grounded in fact and 100% replicatable if you
>>> know the field. I've listed a few resources to educate yourself. Please
>>> refrain from speaking if you do not have an education in ITSec.
>>>
>>> https://books.google.com/books?id=0OlIT9eEEsoC=PA193=
>>> PA193=image+file+injection+compromsing+server=bl
>>> ts=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E=en=X
>>> =0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=onepage=
>>> image%20file%20injection%20compromsing%20server=false
>>>
>>> The links I've provided are just a few examples. Anyone can make a
>>> custom image file (weapon skin, or spray paint, or wad in a .bsp) inject
>>> code into it, and use your server, and clients connected to it to launch
>>> whatever code they want. In the links provided, these are image files used
>>> to inject code into web servers once the image is loaded. Meaning, once a
>>> spray is sprayed, or a client uses x weapon skin through GO market. Once
>>> sent to server/client cache, it then executes spraying a benign image, or
>>> rendering a benign looking skin, while behind the scenes it is also
>>> executing code. Now most of these script kiddies probably are just using
>>> the images to run hacks, which yes they can be just that benign. However,
>>> more sophisticated hackers can also use this to compromise entire networks,
>>> backbones, etc.
>>>
>>> On Mon, Oct 9, 2017 at 8:28 PM, devu4  wrote:
>>>
 This is such a pointless thread, no proof and a big headed clueless guy
 coming out with irrelevant crap!



 --
 Sent from: http://csgo-servers.1073505.n5.nabble.com/

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Joe Brown]

If you are pointing to an exploit, you should be able to replicate the exploit 
and maybe even go further to give what function resulted in this exploit (not 
checking types, not sanitizing input, etc.) There should also be a description 
on what the exploit leads to (Remote Code Execution, Denial of Service, etc)

From: Csgo_servers  on behalf of 
thedudeguy1 
Sent: Tuesday, October 10, 2017 10:38 AM
To: csgo_servers@list.valvesoftware.com
Subject: Re: [Csgo_servers] Custom files exploit

Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump
chumps ring a bell? I don't have time tbh to provide anything other than
information. This is a side issue I discovered on my own lan server using a
.gif spray paint image. It can be replicated. Build a graphics file, inject
it with a script to execute a shell window, and display a message,  has
set us up the bomb. Inject into the image file, select as a spray paint.
Spray it on your server, log into your server, look at the shell window.

Have a nice day. Off to work.

-StealthMode

On Tue, Oct 10, 2017 at 10:29 AM, epi  wrote:

> PoC stands for Proof of Concept. We are asking you to provide proof that
> you are not just pasting random articles on PHP. You have yet to show us
> anything that would trigger any issues in srcds.
>
> On 10/10/2017 10:26 AM, Stealth Mode wrote:
>
>> POC far as I know is always Point Of Contact. Or Professional Overseas
>> Contractor.
>>
>> Unless you are referring to Packet Order Correction in reference to
>> networking. Which yes, even then, does not apply in this situation.
>>
>> -StealthMode
>>
>> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love  mumphs...@gmail.com>> wrote:
>>
>> Did you read how that's actually exploited? It would require another
>> malicious script to parse the exif tag and eval some PHP. How
>> exactly would a similar situation occur on a hosted game server? Do
>> you have a poc? You say this email chain is one but I dont think you
>> quite know what you're talking about.
>>
>> On Oct 10, 2017 9:15 AM, "Stealth Mode" > > wrote:
>>
>> This email is fine for a POC. Far as the exploit, for those who
>> arent familiar, this is an example.
>>
>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-
>> Webshell-Backdoor-Code-in-Image-Files/
>> > Webshell-Backdoor-Code-in-Image-Files/>
>>
>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
>> >
>> wrote:
>>
>> Do you have a POC?
>>
>>
>> *From: * Stealth Mode > >
>> *To: * > >
>> *Sent: * 10/10/2017 12:44 AM
>> *Subject: * Re: [Csgo_servers] Custom files exploit
>>
>> Yes, IT skills. Electronics skills. And old school
>> knowledge of how to inject image files with malicious
>> code (NetSec/ITSec). This is an older style of
>> "hacking". Remember those warnings about clicking
>> download attachments from the 90s onward? Same thing
>> still applies. Except, there is no detection for any
>> hlds/go server, so an injected image can contaminate a
>> server cache. Which in turn will infect clients. Any
>> image file, any data file really, can be modified like
>> this. Willing to bet good money those $500. go weapon
>> skins have hack code scripted and injected into the image.
>>
>>
>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo
>> >
>> wrote:
>>
>> Sure,
>>
>> But you have anything to back this up? (don't take
>> it the wrong way)
>>
>> Nilo.
>>
>> 2017-10-09 16:54 GMT+02:00 Stealth Mode
>> > >:
>>
>> Headsup admins/owners. Might want to disable
>> custom files till valve addresses this issue
>> brought to their attention a month ago.
>> There is an exploit where any client with minor
>> skill can inject custom files with all types of
>> malicious code. From hacks in weapon skins, to
>> ransomware in custom .bsp, to remote backdoors
>> in custom spray paints.
>>
>> The exploit is injecting code into any image,
>> sound, or data file. You can take weapon skins
>> (csgo), sound files, spray paint image files,
>> even .bsp/etc. and inject hack code, or actual
>> ransomware, viruses, or Trojans/rootkits
>> directly into a server cache, or client cache
>> via the custom file.
>>
>> Might want 

Re: [Csgo_servers] Custom files exploit

[Thomas D]

How did we jump from a server issue to AMX lol? Who even still uses AMX?!!?

On Tue, Oct 10, 2017 at 10:39 AM Stealth Mode 
wrote:

> @Kevin
>
> Yes this is what I was suggesting, also the Custom_files svar set to 0
> will disable this until vALVE can build a fix into the engine. EG: VAC
> custom file checks, skin checks, .bsp submission system for addition to
> market/game, etc. Right now the custom.hpk file is what will store spray
> paints. This is the file server side that should be scanned. As each new
> custom spray goes into this file, when it is written and accessed is when
> this exploit can occur.
>
> There are also sql database injection vulnerabilities using AMX. But this
> is another issue not valve related.
>
> On Tue, Oct 10, 2017 at 10:29 AM, Kevin C  wrote:
>
>> Pretty sure by context it means proof of concept.
>>
>>
>> For CS:GO sv_allowupload 0 could easily be used to counter what you are
>> claiming. This goes for any source game server but for games that allow
>> sprays this would disable them.
>>
>> On 10/10/2017 10:26 AM, Stealth Mode wrote:
>>
>> POC far as I know is always Point Of Contact. Or Professional Overseas
>> Contractor.
>>
>> Unless you are referring to Packet Order Correction in reference to
>> networking. Which yes, even then, does not apply in this situation.
>>
>> -StealthMode
>>
>> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love  wrote:
>>
>>> Did you read how that's actually exploited? It would require another
>>> malicious script to parse the exif tag and eval some PHP. How exactly would
>>> a similar situation occur on a hosted game server? Do you have a poc? You
>>> say this email chain is one but I dont think you quite know what you're
>>> talking about.
>>>
>>> On Oct 10, 2017 9:15 AM, "Stealth Mode" 
>>> wrote:
>>>
 This email is fine for a POC. Far as the exploit, for those who arent
 familiar, this is an example.


 https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/

 On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
 wrote:

> Do you have a POC?
>
>
> * From: * Stealth Mode 
> * To: * 
> * Sent: * 10/10/2017 12:44 AM
> * Subject: * Re: [Csgo_servers] Custom files exploit
>
> Yes, IT skills. Electronics skills. And old school knowledge of how to
> inject image files with malicious code (NetSec/ITSec). This is an older
> style of "hacking". Remember those warnings about clicking download
> attachments from the 90s onward? Same thing still applies. Except, there 
> is
> no detection for any hlds/go server, so an injected image can contaminate 
> a
> server cache. Which in turn will infect clients. Any image file, any data
> file really, can be modified like this. Willing to bet good money those
> $500. go weapon skins have hack code scripted and injected into the image.
>
>
> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>
> Sure,
>
> But you have anything to back this up? (don't take it the wrong way)
>
> Nilo.
>
> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>
> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject
> custom files with all types of malicious code. From hacks in weapon skins,
> to ransomware in custom .bsp, to remote backdoors in custom spray paints.
>
> The exploit is injecting code into any image, sound, or data file. You
> can take weapon skins (csgo), sound files, spray paint image files, even
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
> Trojans/rootkits directly into a server cache, or client cache via the
> custom file.
>
> Might want to disable custom files till valve decides to correct this
> issue.
>
> -StealthMode
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> ___
> Csgo_servers mailing list
> 

Re: [Csgo_servers] Custom files exploit

[thedudeguy1]

Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.



--
Sent from: http://csgo-servers.1073505.n5.nabble.com/

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Alan Love]

Just because something is in memory doesn't mean it's executing code..
that's not how memory works.

Good luck at your conference :)

On Oct 10, 2017 9:33 AM, "Stealth Mode"  wrote:

> Actually the parsing involves the operating system and how the os
> rendering occurs is dependent upon software, or hardware rendering. Which
> is universal. If you know OSI layer, then you know once it is transported,
> and in the server cache (memory) it is already executing.
>
> On Tue, Oct 10, 2017 at 10:23 AM, Alan Love  wrote:
>
>> Just because you can upload a file doesn't mean the server will parse it
>> in a way that would compromise it. That's not how it works. There's a
>> reason why most of your examples are around exploiting php applications.
>>
>> On Oct 10, 2017 9:20 AM, "Stealth Mode" 
>> wrote:
>>
>>> Another set of examples
>>>
>>> https://securelist.com/png-embedded-malicious-payload-hidden
>>> -in-a-png-file/74297/
>>>
>>> https://phocean.net/2013/09/29/file-upload-vulnerabilities-a
>>> ppending-php-code-to-an-image.html
>>>
>>> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili
>>> ty-exploitation/
>>>
>>> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
>>>
>>> Really good book on image file injections...
>>>
>>> https://books.google.com/books?id=lG_XdxA5LRUC=PA21=P
>>> A21=image+file+injection+compromsing+server=bl
>>> =E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X=
>>> 0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image%
>>> 20file%20injection%20compromsing%20server=false
>>>
>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
>>> wrote:
>>>
 Do you have a POC?


 * From: * Stealth Mode 
 * To: * 
 * Sent: * 10/10/2017 12:44 AM
 * Subject: * Re: [Csgo_servers] Custom files exploit

 Yes, IT skills. Electronics skills. And old school knowledge of how to
 inject image files with malicious code (NetSec/ITSec). This is an older
 style of "hacking". Remember those warnings about clicking download
 attachments from the 90s onward? Same thing still applies. Except, there is
 no detection for any hlds/go server, so an injected image can contaminate a
 server cache. Which in turn will infect clients. Any image file, any data
 file really, can be modified like this. Willing to bet good money those
 $500. go weapon skins have hack code scripted and injected into the image.


 On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:

 Sure,

 But you have anything to back this up? (don't take it the wrong way)

 Nilo.

 2017-10-09 16:54 GMT+02:00 Stealth Mode :

 Headsup admins/owners. Might want to disable custom files till valve
 addresses this issue brought to their attention a month ago.
 There is an exploit where any client with minor skill can inject custom
 files with all types of malicious code. From hacks in weapon skins, to
 ransomware in custom .bsp, to remote backdoors in custom spray paints.

 The exploit is injecting code into any image, sound, or data file. You
 can take weapon skins (csgo), sound files, spray paint image files, even
 .bsp/etc. and inject hack code, or actual ransomware, viruses, or
 Trojans/rootkits directly into a server cache, or client cache via the
 custom file.

 Might want to disable custom files till valve decides to correct this
 issue.

 -StealthMode

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> 

Re: [Csgo_servers] Custom files exploit

[Misiu Pajor]

This is not the correct place to make assumptions of this type. Please be
concrete with your security reports whereby you include a summary of what
you are trying to make a point out of here, and not baffle on high-level
details that is not of relevance.

POC stands for Proof of Concept, and nothing else.


On Tue, Oct 10, 2017 at 4:26 PM, Stealth Mode 
wrote:

> POC far as I know is always Point Of Contact. Or Professional Overseas
> Contractor.
>
> Unless you are referring to Packet Order Correction in reference to
> networking. Which yes, even then, does not apply in this situation.
>
> -StealthMode
>
> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love  wrote:
>
>> Did you read how that's actually exploited? It would require another
>> malicious script to parse the exif tag and eval some PHP. How exactly would
>> a similar situation occur on a hosted game server? Do you have a poc? You
>> say this email chain is one but I dont think you quite know what you're
>> talking about.
>>
>> On Oct 10, 2017 9:15 AM, "Stealth Mode" 
>> wrote:
>>
>>> This email is fine for a POC. Far as the exploit, for those who arent
>>> familiar, this is an example.
>>>
>>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-W
>>> ebshell-Backdoor-Code-in-Image-Files/
>>>
>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
>>> wrote:
>>>
 Do you have a POC?


 * From: * Stealth Mode 
 * To: * 
 * Sent: * 10/10/2017 12:44 AM
 * Subject: * Re: [Csgo_servers] Custom files exploit

 Yes, IT skills. Electronics skills. And old school knowledge of how to
 inject image files with malicious code (NetSec/ITSec). This is an older
 style of "hacking". Remember those warnings about clicking download
 attachments from the 90s onward? Same thing still applies. Except, there is
 no detection for any hlds/go server, so an injected image can contaminate a
 server cache. Which in turn will infect clients. Any image file, any data
 file really, can be modified like this. Willing to bet good money those
 $500. go weapon skins have hack code scripted and injected into the image.


 On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:

 Sure,

 But you have anything to back this up? (don't take it the wrong way)

 Nilo.

 2017-10-09 16:54 GMT+02:00 Stealth Mode :

 Headsup admins/owners. Might want to disable custom files till valve
 addresses this issue brought to their attention a month ago.
 There is an exploit where any client with minor skill can inject custom
 files with all types of malicious code. From hacks in weapon skins, to
 ransomware in custom .bsp, to remote backdoors in custom spray paints.

 The exploit is injecting code into any image, sound, or data file. You
 can take weapon skins (csgo), sound files, spray paint image files, even
 .bsp/etc. and inject hack code, or actual ransomware, viruses, or
 Trojans/rootkits directly into a server cache, or client cache via the
 custom file.

 Might want to disable custom files till valve decides to correct this
 issue.

 -StealthMode

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers



 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers




 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com

Re: [Csgo_servers] Custom files exploit

[Alan Love]

How is it executing code? What exactly is the mechanism in play here that
is evaluating your exploit code? You keep mentioning images, but that would
require the backend to parse and execute an exploit attached to said image.
There's nothing that would do that. If this was the case large sites like
imgur and Facebook would be compromised every day.

You keep mentioning you work in the field of IT or whatever but that's just
hard to believe as someone who actually does. This is such a dumb thing to
make a fuss over and clearly shows you have no clue what you're talking
about. Going to assume you're just a troll until you can actually come up
with an actual poc.

Good luck and have fun out there. If you ever want some good resources on
how to properly learn this stuff feel free to ask and I can provide.

On Oct 10, 2017 9:25 AM, "Stealth Mode"  wrote:

> Actually my information is grounded in fact and 100% replicatable if you
> know the field. I've listed a few resources to educate yourself. Please
> refrain from speaking if you do not have an education in ITSec.
>
> https://books.google.com/books?id=0OlIT9eEEsoC=
> PA193=PA193=image+file+injection+compromsing+server&
> source=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E&
> hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=
> onepage=image%20file%20injection%20compromsing%20server=false
>
> The links I've provided are just a few examples. Anyone can make a custom
> image file (weapon skin, or spray paint, or wad in a .bsp) inject code into
> it, and use your server, and clients connected to it to launch whatever
> code they want. In the links provided, these are image files used to inject
> code into web servers once the image is loaded. Meaning, once a spray is
> sprayed, or a client uses x weapon skin through GO market. Once sent to
> server/client cache, it then executes spraying a benign image, or rendering
> a benign looking skin, while behind the scenes it is also executing code.
> Now most of these script kiddies probably are just using the images to run
> hacks, which yes they can be just that benign. However, more sophisticated
> hackers can also use this to compromise entire networks, backbones, etc.
>
> On Mon, Oct 9, 2017 at 8:28 PM, devu4  wrote:
>
>> This is such a pointless thread, no proof and a big headed clueless guy
>> coming out with irrelevant crap!
>>
>>
>>
>> --
>> Sent from: http://csgo-servers.1073505.n5.nabble.com/
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

Actually the parsing involves the operating system and how the os rendering
occurs is dependent upon software, or hardware rendering. Which is
universal. If you know OSI layer, then you know once it is transported, and
in the server cache (memory) it is already executing.

On Tue, Oct 10, 2017 at 10:23 AM, Alan Love  wrote:

> Just because you can upload a file doesn't mean the server will parse it
> in a way that would compromise it. That's not how it works. There's a
> reason why most of your examples are around exploiting php applications.
>
> On Oct 10, 2017 9:20 AM, "Stealth Mode"  wrote:
>
>> Another set of examples
>>
>> https://securelist.com/png-embedded-malicious-payload-hidden
>> -in-a-png-file/74297/
>>
>> https://phocean.net/2013/09/29/file-upload-vulnerabilities-
>> appending-php-code-to-an-image.html
>>
>> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili
>> ty-exploitation/
>>
>> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
>>
>> Really good book on image file injections...
>>
>> https://books.google.com/books?id=lG_XdxA5LRUC=PA21=
>> PA21=image+file+injection+compromsing+server=bl&
>> ots=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X&
>> ved=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage&
>> q=image%20file%20injection%20compromsing%20server=false
>>
>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
>> wrote:
>>
>>> Do you have a POC?
>>>
>>>
>>> * From: * Stealth Mode 
>>> * To: * 
>>> * Sent: * 10/10/2017 12:44 AM
>>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>>
>>> Yes, IT skills. Electronics skills. And old school knowledge of how to
>>> inject image files with malicious code (NetSec/ITSec). This is an older
>>> style of "hacking". Remember those warnings about clicking download
>>> attachments from the 90s onward? Same thing still applies. Except, there is
>>> no detection for any hlds/go server, so an injected image can contaminate a
>>> server cache. Which in turn will infect clients. Any image file, any data
>>> file really, can be modified like this. Willing to bet good money those
>>> $500. go weapon skins have hack code scripted and injected into the image.
>>>
>>>
>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>>
>>> Sure,
>>>
>>> But you have anything to back this up? (don't take it the wrong way)
>>>
>>> Nilo.
>>>
>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>>
>>> Headsup admins/owners. Might want to disable custom files till valve
>>> addresses this issue brought to their attention a month ago.
>>> There is an exploit where any client with minor skill can inject custom
>>> files with all types of malicious code. From hacks in weapon skins, to
>>> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>>>
>>> The exploit is injecting code into any image, sound, or data file. You
>>> can take weapon skins (csgo), sound files, spray paint image files, even
>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
>>> Trojans/rootkits directly into a server cache, or client cache via the
>>> custom file.
>>>
>>> Might want to disable custom files till valve decides to correct this
>>> issue.
>>>
>>> -StealthMode
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

One last example, even references POC for those that wish to read. I have
work to do so I will be unable to reply until later this evening, or
tommorow. Currently working on securing electronics in IT infrastructure
from binary injections below the JTAG/Hardware Protection Layer. Have a
good day.

http://securityaffairs.co/wordpress/36130/hacking/malicious-jpeg-hack-corporate-networks.html

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love  wrote:

> Did you read how that's actually exploited? It would require another
> malicious script to parse the exif tag and eval some PHP. How exactly would
> a similar situation occur on a hosted game server? Do you have a poc? You
> say this email chain is one but I dont think you quite know what you're
> talking about.
>
> On Oct 10, 2017 9:15 AM, "Stealth Mode"  wrote:
>
>> This email is fine for a POC. Far as the exploit, for those who arent
>> familiar, this is an example.
>>
>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-
>> Webshell-Backdoor-Code-in-Image-Files/
>>
>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
>> wrote:
>>
>>> Do you have a POC?
>>>
>>>
>>> * From: * Stealth Mode 
>>> * To: * 
>>> * Sent: * 10/10/2017 12:44 AM
>>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>>
>>> Yes, IT skills. Electronics skills. And old school knowledge of how to
>>> inject image files with malicious code (NetSec/ITSec). This is an older
>>> style of "hacking". Remember those warnings about clicking download
>>> attachments from the 90s onward? Same thing still applies. Except, there is
>>> no detection for any hlds/go server, so an injected image can contaminate a
>>> server cache. Which in turn will infect clients. Any image file, any data
>>> file really, can be modified like this. Willing to bet good money those
>>> $500. go weapon skins have hack code scripted and injected into the image.
>>>
>>>
>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>>
>>> Sure,
>>>
>>> But you have anything to back this up? (don't take it the wrong way)
>>>
>>> Nilo.
>>>
>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>>
>>> Headsup admins/owners. Might want to disable custom files till valve
>>> addresses this issue brought to their attention a month ago.
>>> There is an exploit where any client with minor skill can inject custom
>>> files with all types of malicious code. From hacks in weapon skins, to
>>> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>>>
>>> The exploit is injecting code into any image, sound, or data file. You
>>> can take weapon skins (csgo), sound files, spray paint image files, even
>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
>>> Trojans/rootkits directly into a server cache, or client cache via the
>>> custom file.
>>>
>>> Might want to disable custom files till valve decides to correct this
>>> issue.
>>>
>>> -StealthMode
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Sven 'Chaos' Pachnit]

> It would require another malicious script to parse the exif tag and eval some 
> PHP.

It would require another, poorly written script that handles the data in a poor 
and unsafe way.

ftfy ;)

He also - on multiple occasions - reminded us that this is a „old style of 
hacking“ and indeed, if you learned programming seriously in the last decade 
you should know that you don’t trust untrusted data, ever.
By his logic a .txt is completely unsecure (given that you eval() it in your 
shitty PHP code).

Am 10.10.2017 um 16:19 schrieb Alan Love :

> Did you read how that's actually exploited? It would require another 
> malicious script to parse the exif tag and eval some PHP. How exactly would a 
> similar situation occur on a hosted game server? Do you have a poc? You say 
> this email chain is one but I dont think you quite know what you're talking 
> about.
> 
> On Oct 10, 2017 9:15 AM, "Stealth Mode"  wrote:
> This email is fine for a POC. Far as the exploit, for those who arent 
> familiar, this is an example. 
> 
> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/
> 
> On Tue, Oct 10, 2017 at 5:19 AM, Saint K.  wrote:
> Do you have a POC?
> 
> 
> From: Stealth Mode  
> To:  
> Sent: 10/10/2017 12:44 AM 
> Subject: Re: [Csgo_servers] Custom files exploit 
> 
> Yes, IT skills. Electronics skills. And old school knowledge of how to inject 
> image files with malicious code (NetSec/ITSec). This is an older style of 
> "hacking". Remember those warnings about clicking download attachments from 
> the 90s onward? Same thing still applies. Except, there is no detection for 
> any hlds/go server, so an injected image can contaminate a server cache. 
> Which in turn will infect clients. Any image file, any data file really, can 
> be modified like this. Willing to bet good money those $500. go weapon skins 
> have hack code scripted and injected into the image.
> 
> 
> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
> Sure,
> 
> But you have anything to back this up? (don't take it the wrong way)
> 
> Nilo.
> 
> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
> Headsup admins/owners. Might want to disable custom files till valve 
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject custom files 
> with all types of malicious code. From hacks in weapon skins, to ransomware 
> in custom .bsp, to remote backdoors in custom spray paints.
> 
> The exploit is injecting code into any image, sound, or data file. You can 
> take weapon skins (csgo), sound files, spray paint image files, even 
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or 
> Trojans/rootkits directly into a server cache, or client cache via the custom 
> file. 
> 
> Might want to disable custom files till valve decides to correct this issue.
> 
> -StealthMode
> 
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
> 
> 
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
> 
> 
> 
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
> 
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
> 
> 
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[epi]

PoC stands for Proof of Concept. We are asking you to provide proof that 
you are not just pasting random articles on PHP. You have yet to show us 
anything that would trigger any issues in srcds.


On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas 
Contractor.


Unless you are referring to Packet Order Correction in reference to 
networking. Which yes, even then, does not apply in this situation.


-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love > wrote:


Did you read how that's actually exploited? It would require another
malicious script to parse the exif tag and eval some PHP. How
exactly would a similar situation occur on a hosted game server? Do
you have a poc? You say this email chain is one but I dont think you
quite know what you're talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode" > wrote:

This email is fine for a POC. Far as the exploit, for those who
arent familiar, this is an example.


https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/



On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
> wrote:

Do you have a POC?


*From: * Stealth Mode >
*To: * >
*Sent: * 10/10/2017 12:44 AM
*Subject: * Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school
knowledge of how to inject image files with malicious
code (NetSec/ITSec). This is an older style of
"hacking". Remember those warnings about clicking
download attachments from the 90s onward? Same thing
still applies. Except, there is no detection for any
hlds/go server, so an injected image can contaminate a
server cache. Which in turn will infect clients. Any
image file, any data file really, can be modified like
this. Willing to bet good money those $500. go weapon
skins have hack code scripted and injected into the image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo
>
wrote:

Sure,

But you have anything to back this up? (don't take
it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode
>:

Headsup admins/owners. Might want to disable
custom files till valve addresses this issue
brought to their attention a month ago.
There is an exploit where any client with minor
skill can inject custom files with all types of
malicious code. From hacks in weapon skins, to
ransomware in custom .bsp, to remote backdoors
in custom spray paints.

The exploit is injecting code into any image,
sound, or data file. You can take weapon skins
(csgo), sound files, spray paint image files,
even .bsp/etc. and inject hack code, or actual
ransomware, viruses, or Trojans/rootkits
directly into a server cache, or client cache
via the custom file.

Might want to disable custom files till valve
decides to correct this issue.

-StealthMode

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com


https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers





___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com

Re: [Csgo_servers] Custom files exploit

[Nomaan Ahmad]

This guy is clueless.

On 10 Oct 2017 3:25 pm, "Stealth Mode"  wrote:

> Actually my information is grounded in fact and 100% replicatable if you
> know the field. I've listed a few resources to educate yourself. Please
> refrain from speaking if you do not have an education in ITSec.
>
> https://books.google.com/books?id=0OlIT9eEEsoC=
> PA193=PA193=image+file+injection+compromsing+server&
> source=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E&
> hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=
> onepage=image%20file%20injection%20compromsing%20server=false
>
> The links I've provided are just a few examples. Anyone can make a custom
> image file (weapon skin, or spray paint, or wad in a .bsp) inject code into
> it, and use your server, and clients connected to it to launch whatever
> code they want. In the links provided, these are image files used to inject
> code into web servers once the image is loaded. Meaning, once a spray is
> sprayed, or a client uses x weapon skin through GO market. Once sent to
> server/client cache, it then executes spraying a benign image, or rendering
> a benign looking skin, while behind the scenes it is also executing code.
> Now most of these script kiddies probably are just using the images to run
> hacks, which yes they can be just that benign. However, more sophisticated
> hackers can also use this to compromise entire networks, backbones, etc.
>
> On Mon, Oct 9, 2017 at 8:28 PM, devu4  wrote:
>
>> This is such a pointless thread, no proof and a big headed clueless guy
>> coming out with irrelevant crap!
>>
>>
>>
>> --
>> Sent from: http://csgo-servers.1073505.n5.nabble.com/
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Kevin C]

Pretty sure by context it means proof of concept.


For CS:GO sv_allowupload 0 could easily be used to counter what you are 
claiming. This goes for any source game server but for games that allow 
sprays this would disable them.



On 10/10/2017 10:26 AM, Stealth Mode wrote:
POC far as I know is always Point Of Contact. Or Professional Overseas 
Contractor.


Unless you are referring to Packet Order Correction in reference to 
networking. Which yes, even then, does not apply in this situation.


-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love > wrote:


Did you read how that's actually exploited? It would require
another malicious script to parse the exif tag and eval some PHP.
How exactly would a similar situation occur on a hosted game
server? Do you have a poc? You say this email chain is one but I
dont think you quite know what you're talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode" > wrote:

This email is fine for a POC. Far as the exploit, for those
who arent familiar, this is an example.


https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/



On Tue, Oct 10, 2017 at 5:19 AM, Saint K.
>
wrote:

Do you have a POC?


*From: * Stealth Mode >
*To: * >
*Sent: * 10/10/2017 12:44 AM
*Subject: * Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school
knowledge of how to inject image files with malicious
code (NetSec/ITSec). This is an older style of
"hacking". Remember those warnings about clicking
download attachments from the 90s onward? Same thing
still applies. Except, there is no detection for any
hlds/go server, so an injected image can contaminate a
server cache. Which in turn will infect clients. Any
image file, any data file really, can be modified like
this. Willing to bet good money those $500. go weapon
skins have hack code scripted and injected into the
image.


On Mon, Oct 9, 2017 at 11:59 AM, iNilo
>
wrote:

Sure,

But you have anything to back this up? (don't take
it the wrong way)

Nilo.

2017-10-09 16:54 GMT+02:00 Stealth Mode
>:

Headsup admins/owners. Might want to disable
custom files till valve addresses this issue
brought to their attention a month ago.
There is an exploit where any client with
minor skill can inject custom files with all
types of malicious code. From hacks in weapon
skins, to ransomware in custom .bsp, to remote
backdoors in custom spray paints.

The exploit is injecting code into any image,
sound, or data file. You can take weapon skins
(csgo), sound files, spray paint image files,
even .bsp/etc. and inject hack code, or actual
ransomware, viruses, or Trojans/rootkits
directly into a server cache, or client cache
via the custom file.

Might want to disable custom files till valve
decides to correct this issue.

-StealthMode

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com


https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers





___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

POC far as I know is always Point Of Contact. Or Professional Overseas
Contractor.

Unless you are referring to Packet Order Correction in reference to
networking. Which yes, even then, does not apply in this situation.

-StealthMode

On Tue, Oct 10, 2017 at 10:19 AM, Alan Love  wrote:

> Did you read how that's actually exploited? It would require another
> malicious script to parse the exif tag and eval some PHP. How exactly would
> a similar situation occur on a hosted game server? Do you have a poc? You
> say this email chain is one but I dont think you quite know what you're
> talking about.
>
> On Oct 10, 2017 9:15 AM, "Stealth Mode"  wrote:
>
>> This email is fine for a POC. Far as the exploit, for those who arent
>> familiar, this is an example.
>>
>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-
>> Webshell-Backdoor-Code-in-Image-Files/
>>
>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
>> wrote:
>>
>>> Do you have a POC?
>>>
>>>
>>> * From: * Stealth Mode 
>>> * To: * 
>>> * Sent: * 10/10/2017 12:44 AM
>>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>>
>>> Yes, IT skills. Electronics skills. And old school knowledge of how to
>>> inject image files with malicious code (NetSec/ITSec). This is an older
>>> style of "hacking". Remember those warnings about clicking download
>>> attachments from the 90s onward? Same thing still applies. Except, there is
>>> no detection for any hlds/go server, so an injected image can contaminate a
>>> server cache. Which in turn will infect clients. Any image file, any data
>>> file really, can be modified like this. Willing to bet good money those
>>> $500. go weapon skins have hack code scripted and injected into the image.
>>>
>>>
>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>>
>>> Sure,
>>>
>>> But you have anything to back this up? (don't take it the wrong way)
>>>
>>> Nilo.
>>>
>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>>
>>> Headsup admins/owners. Might want to disable custom files till valve
>>> addresses this issue brought to their attention a month ago.
>>> There is an exploit where any client with minor skill can inject custom
>>> files with all types of malicious code. From hacks in weapon skins, to
>>> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>>>
>>> The exploit is injecting code into any image, sound, or data file. You
>>> can take weapon skins (csgo), sound files, spray paint image files, even
>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
>>> Trojans/rootkits directly into a server cache, or client cache via the
>>> custom file.
>>>
>>> Might want to disable custom files till valve decides to correct this
>>> issue.
>>>
>>> -StealthMode
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

Actually my information is grounded in fact and 100% replicatable if you
know the field. I've listed a few resources to educate yourself. Please
refrain from speaking if you do not have an education in ITSec.

https://books.google.com/books?id=0OlIT9eEEsoC=PA193=PA193=image+file+injection+compromsing+server=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=onepage=image%20file%20injection%20compromsing%20server=false

The links I've provided are just a few examples. Anyone can make a custom
image file (weapon skin, or spray paint, or wad in a .bsp) inject code into
it, and use your server, and clients connected to it to launch whatever
code they want. In the links provided, these are image files used to inject
code into web servers once the image is loaded. Meaning, once a spray is
sprayed, or a client uses x weapon skin through GO market. Once sent to
server/client cache, it then executes spraying a benign image, or rendering
a benign looking skin, while behind the scenes it is also executing code.
Now most of these script kiddies probably are just using the images to run
hacks, which yes they can be just that benign. However, more sophisticated
hackers can also use this to compromise entire networks, backbones, etc.

On Mon, Oct 9, 2017 at 8:28 PM, devu4  wrote:

> This is such a pointless thread, no proof and a big headed clueless guy
> coming out with irrelevant crap!
>
>
>
> --
> Sent from: http://csgo-servers.1073505.n5.nabble.com/
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Alan Love]

Just because you can upload a file doesn't mean the server will parse it in
a way that would compromise it. That's not how it works. There's a reason
why most of your examples are around exploiting php applications.

On Oct 10, 2017 9:20 AM, "Stealth Mode"  wrote:

> Another set of examples
>
> https://securelist.com/png-embedded-malicious-payload-
> hidden-in-a-png-file/74297/
>
> https://phocean.net/2013/09/29/file-upload-vulnerabilities-appending-php-
> code-to-an-image.html
>
> http://www.hackingarticles.in/5-ways-file-upload-
> vulnerability-exploitation/
>
> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
>
> Really good book on image file injections...
>
> https://books.google.com/books?id=lG_XdxA5LRUC=PA21;
> lpg=PA21=image+file+injection+compromsing+server&
> source=bl=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y&
> hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=
> onepage=image%20file%20injection%20compromsing%20server=false
>
> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
> wrote:
>
>> Do you have a POC?
>>
>>
>> * From: * Stealth Mode 
>> * To: * 
>> * Sent: * 10/10/2017 12:44 AM
>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>
>> Yes, IT skills. Electronics skills. And old school knowledge of how to
>> inject image files with malicious code (NetSec/ITSec). This is an older
>> style of "hacking". Remember those warnings about clicking download
>> attachments from the 90s onward? Same thing still applies. Except, there is
>> no detection for any hlds/go server, so an injected image can contaminate a
>> server cache. Which in turn will infect clients. Any image file, any data
>> file really, can be modified like this. Willing to bet good money those
>> $500. go weapon skins have hack code scripted and injected into the image.
>>
>>
>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>
>> Sure,
>>
>> But you have anything to back this up? (don't take it the wrong way)
>>
>> Nilo.
>>
>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>
>> Headsup admins/owners. Might want to disable custom files till valve
>> addresses this issue brought to their attention a month ago.
>> There is an exploit where any client with minor skill can inject custom
>> files with all types of malicious code. From hacks in weapon skins, to
>> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>>
>> The exploit is injecting code into any image, sound, or data file. You
>> can take weapon skins (csgo), sound files, spray paint image files, even
>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
>> Trojans/rootkits directly into a server cache, or client cache via the
>> custom file.
>>
>> Might want to disable custom files till valve decides to correct this
>> issue.
>>
>> -StealthMode
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Alan Love]

Did you read how that's actually exploited? It would require another
malicious script to parse the exif tag and eval some PHP. How exactly would
a similar situation occur on a hosted game server? Do you have a poc? You
say this email chain is one but I dont think you quite know what you're
talking about.

On Oct 10, 2017 9:15 AM, "Stealth Mode"  wrote:

> This email is fine for a POC. Far as the exploit, for those who arent
> familiar, this is an example.
>
> https://www.trustwave.com/Resources/SpiderLabs-Blog/
> Hiding-Webshell-Backdoor-Code-in-Image-Files/
>
> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. 
> wrote:
>
>> Do you have a POC?
>>
>>
>> * From: * Stealth Mode 
>> * To: * 
>> * Sent: * 10/10/2017 12:44 AM
>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>
>> Yes, IT skills. Electronics skills. And old school knowledge of how to
>> inject image files with malicious code (NetSec/ITSec). This is an older
>> style of "hacking". Remember those warnings about clicking download
>> attachments from the 90s onward? Same thing still applies. Except, there is
>> no detection for any hlds/go server, so an injected image can contaminate a
>> server cache. Which in turn will infect clients. Any image file, any data
>> file really, can be modified like this. Willing to bet good money those
>> $500. go weapon skins have hack code scripted and injected into the image.
>>
>>
>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>
>> Sure,
>>
>> But you have anything to back this up? (don't take it the wrong way)
>>
>> Nilo.
>>
>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>
>> Headsup admins/owners. Might want to disable custom files till valve
>> addresses this issue brought to their attention a month ago.
>> There is an exploit where any client with minor skill can inject custom
>> files with all types of malicious code. From hacks in weapon skins, to
>> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>>
>> The exploit is injecting code into any image, sound, or data file. You
>> can take weapon skins (csgo), sound files, spray paint image files, even
>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
>> Trojans/rootkits directly into a server cache, or client cache via the
>> custom file.
>>
>> Might want to disable custom files till valve decides to correct this
>> issue.
>>
>> -StealthMode
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

Another set of examples

https://securelist.com/png-embedded-malicious-payload-hidden-in-a-png-file/74297/

https://phocean.net/2013/09/29/file-upload-vulnerabilities-appending-php-code-to-an-image.html

http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection

Really good book on image file injections...

https://books.google.com/books?id=lG_XdxA5LRUC=PA21=PA21=image+file+injection+compromsing+server=bl=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image%20file%20injection%20compromsing%20server=false

On Tue, Oct 10, 2017 at 5:19 AM, Saint K.  wrote:

> Do you have a POC?
>
>
> * From: * Stealth Mode 
> * To: * 
> * Sent: * 10/10/2017 12:44 AM
> * Subject: * Re: [Csgo_servers] Custom files exploit
>
> Yes, IT skills. Electronics skills. And old school knowledge of how to
> inject image files with malicious code (NetSec/ITSec). This is an older
> style of "hacking". Remember those warnings about clicking download
> attachments from the 90s onward? Same thing still applies. Except, there is
> no detection for any hlds/go server, so an injected image can contaminate a
> server cache. Which in turn will infect clients. Any image file, any data
> file really, can be modified like this. Willing to bet good money those
> $500. go weapon skins have hack code scripted and injected into the image.
>
>
> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>
> Sure,
>
> But you have anything to back this up? (don't take it the wrong way)
>
> Nilo.
>
> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>
> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject custom
> files with all types of malicious code. From hacks in weapon skins, to
> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>
> The exploit is injecting code into any image, sound, or data file. You can
> take weapon skins (csgo), sound files, spray paint image files, even
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
> Trojans/rootkits directly into a server cache, or client cache via the
> custom file.
>
> Might want to disable custom files till valve decides to correct this
> issue.
>
> -StealthMode
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

This email is fine for a POC. Far as the exploit, for those who arent
familiar, this is an example.

https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/

On Tue, Oct 10, 2017 at 5:19 AM, Saint K.  wrote:

> Do you have a POC?
>
>
> * From: * Stealth Mode 
> * To: * 
> * Sent: * 10/10/2017 12:44 AM
> * Subject: * Re: [Csgo_servers] Custom files exploit
>
> Yes, IT skills. Electronics skills. And old school knowledge of how to
> inject image files with malicious code (NetSec/ITSec). This is an older
> style of "hacking". Remember those warnings about clicking download
> attachments from the 90s onward? Same thing still applies. Except, there is
> no detection for any hlds/go server, so an injected image can contaminate a
> server cache. Which in turn will infect clients. Any image file, any data
> file really, can be modified like this. Willing to bet good money those
> $500. go weapon skins have hack code scripted and injected into the image.
>
>
> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>
> Sure,
>
> But you have anything to back this up? (don't take it the wrong way)
>
> Nilo.
>
> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>
> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject custom
> files with all types of malicious code. From hacks in weapon skins, to
> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>
> The exploit is injecting code into any image, sound, or data file. You can
> take weapon skins (csgo), sound files, spray paint image files, even
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
> Trojans/rootkits directly into a server cache, or client cache via the
> custom file.
>
> Might want to disable custom files till valve decides to correct this
> issue.
>
> -StealthMode
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Stealth Mode]

No disrespect intended but you have no idea what you are speaking about.
The custom "texture", whether that be a .BMP, .jpg,.gif,etc. can be
injected with any code you want. This not only can then be selected as a
spray paint (which then transports to the server and is stored in cache
which is redistributed to the clients and then rendered on their screens),
but also as a weapons skin, model skin, or texture stored in a .bsp wad
file.

These files can be manipulated by injection of whatever code you want.
Suggest you research code injections into graphical files. And learn
networking, software, and operating system environments. Then study
NetSec/ITSec. This is an old way to hack computers. And go especially with
its market of weapon skins, and any hl mod with the spray paints, are
especially vulnerable. This isn't even touching on the non encrypted UDP
packet data that also can be injected.

So please research and know the field before speaking opinions not grounded
in education.

-StealthMode

On Oct 9, 2017 19:57, "Francois Dupont"  wrote:

> PoC||GTFO Chris. I mean despite the fact that clients don't upload
> textures, that you think it is a possible vector for a batch file to be
> executed after simply being put into memory shows how clueless you are. If
> you have anything productive please post, otherwise stop abusing computer
> security vernacular.
>
> -nfbush
>
> On 9 Oct 2017 11:47 p.m., "Stealth Mode" 
> wrote:
>
>> Like literally, I could place an autoexec batch script in a spraypaint,
>> or a weapon skin, or any custom file. And once it hits memory (server
>> cache) it will execute whatever is wanted.
>>
>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:
>>
>>> Sure,
>>>
>>> But you have anything to back this up? (don't take it the wrong way)
>>>
>>> Nilo.
>>>
>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode :
>>>
 Headsup admins/owners. Might want to disable custom files till valve
 addresses this issue brought to their attention a month ago.
 There is an exploit where any client with minor skill can inject custom
 files with all types of malicious code. From hacks in weapon skins, to
 ransomware in custom .bsp, to remote backdoors in custom spray paints.

 The exploit is injecting code into any image, sound, or data file. You
 can take weapon skins (csgo), sound files, spray paint image files, even
 .bsp/etc. and inject hack code, or actual ransomware, viruses, or
 Trojans/rootkits directly into a server cache, or client cache via the
 custom file.

 Might want to disable custom files till valve decides to correct this
 issue.

 -StealthMode

 ___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

>>>
>>>
>>> ___
>>> Csgo_servers mailing list
>>> Csgo_servers@list.valvesoftware.com
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>>
>>
>>
>> ___
>> Csgo_servers mailing list
>> Csgo_servers@list.valvesoftware.com
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>>
>
> ___
> Csgo_servers mailing list
> Csgo_servers@list.valvesoftware.com
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

Re: [Csgo_servers] Custom files exploit

[Saint K.]

Do you have a POC?



 From:   Stealth Mode  
 To:    
 Sent:   10/10/2017 12:44 AM 
 Subject:   Re: [Csgo_servers] Custom files exploit 


Yes, IT skills. Electronics skills. And old school knowledge of how to inject 
image files with malicious code (NetSec/ITSec). This is an older style of 
"hacking". Remember those warnings about clicking download attachments from the 
90s onward? Same thing still applies. Except, there is no detection for any 
hlds/go server, so an injected image can contaminate a server cache. Which in 
turn will infect clients. Any image file, any data file really, can be modified 
like this. Willing to bet good money those $500. go weapon skins have hack code 
scripted and injected into the image.




On Mon, Oct 9, 2017 at 11:59 AM, iNilo  wrote:

Sure,


But you have anything to back this up? (don't take it the wrong way)


Nilo.




2017-10-09 16:54 GMT+02:00 Stealth Mode :



Headsup admins/owners. Might want to disable custom files till valve addresses 
this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom files 
with all types of malicious code. From hacks in weapon skins, to ransomware in 
custom .bsp, to remote backdoors in custom spray paints.


The exploit is injecting code into any image, sound, or data file. You can take 
weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and 
inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly 
into a server cache, or client cache via the custom file. 



Might want to disable custom files till valve decides to correct this issue.


-StealthMode 
___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

 
___
 Csgo_servers mailing list
 Csgo_servers@list.valvesoftware.com
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

 

___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers