Re: [Csgo_servers] Custom files exploit
#purgethemailinglist On Tue, Oct 10, 2017 at 7:13 PM, Ryan Bentley <rdp...@gmail.com> wrote: > Cringe. Please get self-aware and realize how transparent you are. Any 21 > year old CS grad can see how stupid this thread is. > > On Wed, Oct 11, 2017 at 2:29 AM, Stealth Mode <stealthmode1...@gmail.com> > wrote: > >> Available for contract for PenTesting/SecurityAudits, Datacenter >> Migrations, and other IT infrastructure purposes. At the websites listed in >> an earlier mailing. >> >> /tips grey hat (only don the blackhat for government contracts) and exits >> >> >> No further communications. End of conversation. >> >> -StealthMode >> >> On Oct 10, 2017 14:00, "Ryan Bentley" <rdp...@gmail.com> wrote: >> >> ITSec. PoC. >> >> Sincerely, >> Ryan "ExpertMode" Bentley >> Independent IT Field Engineer >> >> >> On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <ntth...@gmail.com> >> wrote: >> >>> hello I have injected a JavaScript into this email you are all now hacked >>> >>> what do you mean it won't run without an actual vulnerability >>> >>> you're super mega hacked >>> >>> >>> >>> On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: >>> >>>> I frankly don't care what / where / how you work, or what you have >>>> studied. >>>> >>>> The only thing I know is that this is clearly the wrong channel to do >>>> argue/disclose/chat about. >>>> >>>> http://www.valvesoftware.com/security/ >>>> >>>> Hopefully you get thanked in a patch note, if not I'm sure the entire >>>> community will be grateful that you disclosed a major security issue to the >>>> people that *actually *get paid to take care of this. >>>> >>>> Thanks. >>>> >>>> >>>> >>>> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >>>> >>>>> Christopher, >>>>> >>>>> >>>>> >>>>> I work in “the field” as you like to call it. It’s customary to >>>>> explain the exploit in detail and provide proof the concept (hence the >>>>> request for a PoC) in any form or way. >>>>> >>>>> >>>>> >>>>> Please demonstrate the issue, it be by posting the offending code, you >>>>> recording a video showing a working exploit, or anything along these >>>>> lines. >>>>> >>>>> >>>>> >>>>> You should know this, if you work in “the field”. >>>>> >>>>> >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> Saint K. >>>>> >>>>> >>>>> >>>>> *From:* Csgo_servers [mailto:csgo_servers-bounces@l >>>>> ist.valvesoftware.com] *On Behalf Of *Stealth Mode >>>>> *Sent:* 10 October 2017 18:34 >>>>> *To:* csgo_servers@list.valvesoftware.com >>>>> *Subject:* Re: [Csgo_servers] Custom files exploit >>>>> >>>>> >>>>> >>>>> @Ryan, etc. >>>>> >>>>> >>>>> >>>>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>>>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>>>> The industry hasn't changed, just a little more vulnerable. Not like I am >>>>> specifically stating how to inject code, or what code to inject on a >>>>> public >>>>> mailing list. Don't need to. Professionals here know what I am referring >>>>> to. I guess the rest do not have the knowledge to understand what the >>>>> exploit can actually do. You are aware. That is all that matters. Don't >>>>> secure your servers, that is on you. When they get exploited, that is on >>>>> you. >>>>> >>>>> >>>>> >>>>> Have a nice day! End of discussion. No further communications. >>>>> >>>>> >>>>> >>>>> Sincerely, >>>>> >>>>> Christopher "StealthMode" Stephen Larkins >>>>> >>>>> Independent IT Field Engineer >>>>> >>>>>
Re: [Csgo_servers] Custom files exploit
Cringe. Please get self-aware and realize how transparent you are. Any 21 year old CS grad can see how stupid this thread is. On Wed, Oct 11, 2017 at 2:29 AM, Stealth Mode <stealthmode1...@gmail.com> wrote: > Available for contract for PenTesting/SecurityAudits, Datacenter > Migrations, and other IT infrastructure purposes. At the websites listed in > an earlier mailing. > > /tips grey hat (only don the blackhat for government contracts) and exits > > > No further communications. End of conversation. > > -StealthMode > > On Oct 10, 2017 14:00, "Ryan Bentley" <rdp...@gmail.com> wrote: > > ITSec. PoC. > > Sincerely, > Ryan "ExpertMode" Bentley > Independent IT Field Engineer > > > On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <ntth...@gmail.com> > wrote: > >> hello I have injected a JavaScript into this email you are all now hacked >> >> what do you mean it won't run without an actual vulnerability >> >> you're super mega hacked >> >> >> >> On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: >> >>> I frankly don't care what / where / how you work, or what you have >>> studied. >>> >>> The only thing I know is that this is clearly the wrong channel to do >>> argue/disclose/chat about. >>> >>> http://www.valvesoftware.com/security/ >>> >>> Hopefully you get thanked in a patch note, if not I'm sure the entire >>> community will be grateful that you disclosed a major security issue to the >>> people that *actually *get paid to take care of this. >>> >>> Thanks. >>> >>> >>> >>> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >>> >>>> Christopher, >>>> >>>> >>>> >>>> I work in “the field” as you like to call it. It’s customary to explain >>>> the exploit in detail and provide proof the concept (hence the request for >>>> a PoC) in any form or way. >>>> >>>> >>>> >>>> Please demonstrate the issue, it be by posting the offending code, you >>>> recording a video showing a working exploit, or anything along these lines. >>>> >>>> >>>> >>>> You should know this, if you work in “the field”. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Saint K. >>>> >>>> >>>> >>>> *From:* Csgo_servers [mailto:csgo_servers-bounces@l >>>> ist.valvesoftware.com] *On Behalf Of *Stealth Mode >>>> *Sent:* 10 October 2017 18:34 >>>> *To:* csgo_servers@list.valvesoftware.com >>>> *Subject:* Re: [Csgo_servers] Custom files exploit >>>> >>>> >>>> >>>> @Ryan, etc. >>>> >>>> >>>> >>>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>>> The industry hasn't changed, just a little more vulnerable. Not like I am >>>> specifically stating how to inject code, or what code to inject on a public >>>> mailing list. Don't need to. Professionals here know what I am referring >>>> to. I guess the rest do not have the knowledge to understand what the >>>> exploit can actually do. You are aware. That is all that matters. Don't >>>> secure your servers, that is on you. When they get exploited, that is on >>>> you. >>>> >>>> >>>> >>>> Have a nice day! End of discussion. No further communications. >>>> >>>> >>>> >>>> Sincerely, >>>> >>>> Christopher "StealthMode" Stephen Larkins >>>> >>>> Independent IT Field Engineer >>>> >>>> fieldnation.com >>>> >>>> workmarket.com >>>> >>>> onforce.com >>>> >>>> clearancejobs.com >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> >>>> wrote: >>>> >>>> My sides at this thread. At first I just rolled my eyes but now I >>>> actually believe that Stealth Mode is either a troll or delusional. Please >>>> stop saying "ITSec". Any first year CS studen
Re: [Csgo_servers] Custom files exploit
Can you please not spam this thread with your advertisements? It's getting rather annoying. Don't think anyone is interested here. Submit PoC to Valve and kindly take a hike. On 11 October 2017 at 02:29, Stealth Mode <stealthmode1...@gmail.com> wrote: > Available for contract for PenTesting/SecurityAudits, Datacenter > Migrations, and other IT infrastructure purposes. At the websites listed in > an earlier mailing. > > /tips grey hat (only don the blackhat for government contracts) and exits > > > No further communications. End of conversation. > > -StealthMode > > On Oct 10, 2017 14:00, "Ryan Bentley" <rdp...@gmail.com> wrote: > > ITSec. PoC. > > Sincerely, > Ryan "ExpertMode" Bentley > Independent IT Field Engineer > > > On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <ntth...@gmail.com> > wrote: > >> hello I have injected a JavaScript into this email you are all now hacked >> >> what do you mean it won't run without an actual vulnerability >> >> you're super mega hacked >> >> >> >> On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: >> >>> I frankly don't care what / where / how you work, or what you have >>> studied. >>> >>> The only thing I know is that this is clearly the wrong channel to do >>> argue/disclose/chat about. >>> >>> http://www.valvesoftware.com/security/ >>> >>> Hopefully you get thanked in a patch note, if not I'm sure the entire >>> community will be grateful that you disclosed a major security issue to the >>> people that *actually *get paid to take care of this. >>> >>> Thanks. >>> >>> >>> >>> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >>> >>>> Christopher, >>>> >>>> >>>> >>>> I work in “the field” as you like to call it. It’s customary to explain >>>> the exploit in detail and provide proof the concept (hence the request for >>>> a PoC) in any form or way. >>>> >>>> >>>> >>>> Please demonstrate the issue, it be by posting the offending code, you >>>> recording a video showing a working exploit, or anything along these lines. >>>> >>>> >>>> >>>> You should know this, if you work in “the field”. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Saint K. >>>> >>>> >>>> >>>> *From:* Csgo_servers [mailto:csgo_servers-bounces@l >>>> ist.valvesoftware.com] *On Behalf Of *Stealth Mode >>>> *Sent:* 10 October 2017 18:34 >>>> *To:* csgo_servers@list.valvesoftware.com >>>> *Subject:* Re: [Csgo_servers] Custom files exploit >>>> >>>> >>>> >>>> @Ryan, etc. >>>> >>>> >>>> >>>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>>> The industry hasn't changed, just a little more vulnerable. Not like I am >>>> specifically stating how to inject code, or what code to inject on a public >>>> mailing list. Don't need to. Professionals here know what I am referring >>>> to. I guess the rest do not have the knowledge to understand what the >>>> exploit can actually do. You are aware. That is all that matters. Don't >>>> secure your servers, that is on you. When they get exploited, that is on >>>> you. >>>> >>>> >>>> >>>> Have a nice day! End of discussion. No further communications. >>>> >>>> >>>> >>>> Sincerely, >>>> >>>> Christopher "StealthMode" Stephen Larkins >>>> >>>> Independent IT Field Engineer >>>> >>>> fieldnation.com >>>> >>>> workmarket.com >>>> >>>> onforce.com >>>> >>>> clearancejobs.com >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> >>>> wrote: >>>> >>>> My sides at this thread. At first I just rolled my eyes but now I >>>> actually believe that Stealth Mode is either a troll or delusional. Please >>>> s
Re: [Csgo_servers] Custom files exploit
Available for contract for PenTesting/SecurityAudits, Datacenter Migrations, and other IT infrastructure purposes. At the websites listed in an earlier mailing. /tips grey hat (only don the blackhat for government contracts) and exits No further communications. End of conversation. -StealthMode On Oct 10, 2017 14:00, "Ryan Bentley" <rdp...@gmail.com> wrote: ITSec. PoC. Sincerely, Ryan "ExpertMode" Bentley Independent IT Field Engineer On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <ntth...@gmail.com> wrote: > hello I have injected a JavaScript into this email you are all now hacked > > what do you mean it won't run without an actual vulnerability > > you're super mega hacked > > > > On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: > >> I frankly don't care what / where / how you work, or what you have >> studied. >> >> The only thing I know is that this is clearly the wrong channel to do >> argue/disclose/chat about. >> >> http://www.valvesoftware.com/security/ >> >> Hopefully you get thanked in a patch note, if not I'm sure the entire >> community will be grateful that you disclosed a major security issue to the >> people that *actually *get paid to take care of this. >> >> Thanks. >> >> >> >> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >> >>> Christopher, >>> >>> >>> >>> I work in “the field” as you like to call it. It’s customary to explain >>> the exploit in detail and provide proof the concept (hence the request for >>> a PoC) in any form or way. >>> >>> >>> >>> Please demonstrate the issue, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Saint K. >>> >>> >>> >>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] >>> *On Behalf Of *Stealth Mode >>> *Sent:* 10 October 2017 18:34 >>> *To:* csgo_servers@list.valvesoftware.com >>> *Subject:* Re: [Csgo_servers] Custom files exploit >>> >>> >>> >>> @Ryan, etc. >>> >>> >>> >>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>> The industry hasn't changed, just a little more vulnerable. Not like I am >>> specifically stating how to inject code, or what code to inject on a public >>> mailing list. Don't need to. Professionals here know what I am referring >>> to. I guess the rest do not have the knowledge to understand what the >>> exploit can actually do. You are aware. That is all that matters. Don't >>> secure your servers, that is on you. When they get exploited, that is on >>> you. >>> >>> >>> >>> Have a nice day! End of discussion. No further communications. >>> >>> >>> >>> Sincerely, >>> >>> Christopher "StealthMode" Stephen Larkins >>> >>> Independent IT Field Engineer >>> >>> fieldnation.com >>> >>> workmarket.com >>> >>> onforce.com >>> >>> clearancejobs.com >>> >>> >>> >>> >>> >>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: >>> >>> My sides at this thread. At first I just rolled my eyes but now I >>> actually believe that Stealth Mode is either a troll or delusional. Please >>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>> don't? Please. >>> >>> You are embarrassing yourself. Which institution did you get your >>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>> have a fundamental misunderstanding of basic computer science tenets. >>> >>> >>> >>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> >>> wrote: >>> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: >>> >>> The person in
Re: [Csgo_servers] Custom files exploit
but setting up certbot to auto renew is like 3 commands and I'm lazy On Oct 10, 2017 11:02 AM, "Daniel Saewitz" <dan...@popflash.site> wrote: > You may want to fix your SSL cert bud ;) > > > On October 10, 2017 at 1:53:00 PM, Nathaniel Theis (ntth...@gmail.com) > wrote: > > hello I have injected a JavaScript into this email you are all now hacked > > what do you mean it won't run without an actual vulnerability > > you're super mega hacked > > > > On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: > >> I frankly don't care what / where / how you work, or what you have >> studied. >> >> The only thing I know is that this is clearly the wrong channel to do >> argue/disclose/chat about. >> >> http://www.valvesoftware.com/security/ >> >> Hopefully you get thanked in a patch note, if not I'm sure the entire >> community will be grateful that you disclosed a major security issue to the >> people that *actually* get paid to take care of this. >> >> Thanks. >> >> >> >> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >> >>> Christopher, >>> >>> >>> >>> I work in “the field” as you like to call it. It’s customary to explain >>> the exploit in detail and provide proof the concept (hence the request for >>> a PoC) in any form or way. >>> >>> >>> >>> Please demonstrate the issue, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Saint K. >>> >>> >>> >>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] >>> *On Behalf Of* Stealth Mode >>> *Sent:* 10 October 2017 18:34 >>> *To:* csgo_servers@list.valvesoftware.com >>> *Subject:* Re: [Csgo_servers] Custom files exploit >>> >>> >>> >>> @Ryan, etc. >>> >>> >>> >>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>> The industry hasn't changed, just a little more vulnerable. Not like I am >>> specifically stating how to inject code, or what code to inject on a public >>> mailing list. Don't need to. Professionals here know what I am referring >>> to. I guess the rest do not have the knowledge to understand what the >>> exploit can actually do. You are aware. That is all that matters. Don't >>> secure your servers, that is on you. When they get exploited, that is on >>> you. >>> >>> >>> >>> Have a nice day! End of discussion. No further communications. >>> >>> >>> >>> Sincerely, >>> >>> Christopher "StealthMode" Stephen Larkins >>> >>> Independent IT Field Engineer >>> >>> fieldnation.com >>> >>> workmarket.com >>> >>> onforce.com >>> >>> clearancejobs.com >>> >>> >>> >>> >>> >>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: >>> >>> My sides at this thread. At first I just rolled my eyes but now I >>> actually believe that Stealth Mode is either a troll or delusional. Please >>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>> don't? Please. >>> >>> You are embarrassing yourself. Which institution did you get your >>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>> have a fundamental misunderstanding of basic computer science tenets. >>> >>> >>> >>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> >>> wrote: >>> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: >>> >>> The person in question should never have written a message about an open >>> vulnerability into a public mailing list in the first place. Just because >>> they did doesn't mean that you should ask for PoCs in public mailing lists, >>&g
Re: [Csgo_servers] Custom files exploit
You may want to fix your SSL cert bud ;) On October 10, 2017 at 1:53:00 PM, Nathaniel Theis (ntth...@gmail.com) wrote: hello I have injected a JavaScript into this email you are all now hacked what do you mean it won't run without an actual vulnerability you're super mega hacked On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: I frankly don't care what / where / how you work, or what you have studied. The only thing I know is that this is clearly the wrong channel to do argue/disclose/chat about. http://www.valvesoftware.com/security/ Hopefully you get thanked in a patch note, if not I'm sure the entire community will be grateful that you disclosed a major security issue to the people that actually get paid to take care of this. Thanks. 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: Christopher, I work in “the field” as you like to call it. It’s customary to explain the exploit in detail and provide proof the concept (hence the request for a PoC) in any form or way. Please demonstrate the issue, it be by posting the offending code, you recording a video showing a working exploit, or anything along these lines. You should know this, if you work in “the field”. Regards, Saint K. From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On Behalf Of Stealth Mode Sent: 10 October 2017 18:34 To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers] Custom files exploit @Ryan, etc. I studied radio electronics before IT was a thing. NetSec and ITSec go hand in hand. My credentials aren't CS, because CS was radio electronics. The industry hasn't changed, just a little more vulnerable. Not like I am specifically stating how to inject code, or what code to inject on a public mailing list. Don't need to. Professionals here know what I am referring to. I guess the rest do not have the knowledge to understand what the exploit can actually do. You are aware. That is all that matters. Don't secure your servers, that is on you. When they get exploited, that is on you. Have a nice day! End of discussion. No further communications. Sincerely, Christopher "StealthMode" Stephen Larkins Independent IT Field Engineer fieldnation.com workmarket.com onforce.com clearancejobs.com On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: My sides at this thread. At first I just rolled my eyes but now I actually believe that Stealth Mode is either a troll or delusional. Please stop saying "ITSec". Any first year CS student knows what PoC is but you don't? Please. You are embarrassing yourself. Which institution did you get your degree? It must be a very old BSc indeed. You talk complete nonsense and have a fundamental misunderstanding of basic computer science tenets. On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> wrote: Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that. To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/. And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners On 10.10.2017 17:08, Vaya wrote: I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test Sent from my iPhone On 10 Oct 2017, at 16:01, PistonMiner <pistonmi...@gmail.com> wrote: If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.) -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesof
Re: [Csgo_servers] Custom files exploit
ITSec. PoC. Sincerely, Ryan "ExpertMode" Bentley Independent IT Field Engineer On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <ntth...@gmail.com> wrote: > hello I have injected a JavaScript into this email you are all now hacked > > what do you mean it won't run without an actual vulnerability > > you're super mega hacked > > > > On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: > >> I frankly don't care what / where / how you work, or what you have >> studied. >> >> The only thing I know is that this is clearly the wrong channel to do >> argue/disclose/chat about. >> >> http://www.valvesoftware.com/security/ >> >> Hopefully you get thanked in a patch note, if not I'm sure the entire >> community will be grateful that you disclosed a major security issue to the >> people that *actually *get paid to take care of this. >> >> Thanks. >> >> >> >> 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: >> >>> Christopher, >>> >>> >>> >>> I work in “the field” as you like to call it. It’s customary to explain >>> the exploit in detail and provide proof the concept (hence the request for >>> a PoC) in any form or way. >>> >>> >>> >>> Please demonstrate the issue, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Saint K. >>> >>> >>> >>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] >>> *On Behalf Of *Stealth Mode >>> *Sent:* 10 October 2017 18:34 >>> *To:* csgo_servers@list.valvesoftware.com >>> *Subject:* Re: [Csgo_servers] Custom files exploit >>> >>> >>> >>> @Ryan, etc. >>> >>> >>> >>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>> The industry hasn't changed, just a little more vulnerable. Not like I am >>> specifically stating how to inject code, or what code to inject on a public >>> mailing list. Don't need to. Professionals here know what I am referring >>> to. I guess the rest do not have the knowledge to understand what the >>> exploit can actually do. You are aware. That is all that matters. Don't >>> secure your servers, that is on you. When they get exploited, that is on >>> you. >>> >>> >>> >>> Have a nice day! End of discussion. No further communications. >>> >>> >>> >>> Sincerely, >>> >>> Christopher "StealthMode" Stephen Larkins >>> >>> Independent IT Field Engineer >>> >>> fieldnation.com >>> >>> workmarket.com >>> >>> onforce.com >>> >>> clearancejobs.com >>> >>> >>> >>> >>> >>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: >>> >>> My sides at this thread. At first I just rolled my eyes but now I >>> actually believe that Stealth Mode is either a troll or delusional. Please >>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>> don't? Please. >>> >>> You are embarrassing yourself. Which institution did you get your >>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>> have a fundamental misunderstanding of basic computer science tenets. >>> >>> >>> >>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> >>> wrote: >>> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: >>> >>> The person in question should never have written a message about an open >>> vulnerability into a public mailing list in the first place. Just because >>> they did doesn't mean that you should ask for PoCs in public mailing lists, >>> there's a multitude of issues with that. >>> To make it perfectly clear, I'm not defending this person, I seriously >>
Re: [Csgo_servers] Custom files exploit
hello I have injected a JavaScript into this email you are all now hacked what do you mean it won't run without an actual vulnerability you're super mega hacked On Oct 10, 2017 10:02 AM, "iNilo" <inilo.in...@gmail.com> wrote: > I frankly don't care what / where / how you work, or what you have studied. > > The only thing I know is that this is clearly the wrong channel to do > argue/disclose/chat about. > > http://www.valvesoftware.com/security/ > > Hopefully you get thanked in a patch note, if not I'm sure the entire > community will be grateful that you disclosed a major security issue to the > people that *actually *get paid to take care of this. > > Thanks. > > > > 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: > >> Christopher, >> >> >> >> I work in “the field” as you like to call it. It’s customary to explain >> the exploit in detail and provide proof the concept (hence the request for >> a PoC) in any form or way. >> >> >> >> Please demonstrate the issue, it be by posting the offending code, you >> recording a video showing a working exploit, or anything along these lines. >> >> >> >> You should know this, if you work in “the field”. >> >> >> >> Regards, >> >> >> >> Saint K. >> >> >> >> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] >> *On Behalf Of *Stealth Mode >> *Sent:* 10 October 2017 18:34 >> *To:* csgo_servers@list.valvesoftware.com >> *Subject:* Re: [Csgo_servers] Custom files exploit >> >> >> >> @Ryan, etc. >> >> >> >> I studied radio electronics before IT was a thing. NetSec and ITSec go >> hand in hand. My credentials aren't CS, because CS was radio electronics. >> The industry hasn't changed, just a little more vulnerable. Not like I am >> specifically stating how to inject code, or what code to inject on a public >> mailing list. Don't need to. Professionals here know what I am referring >> to. I guess the rest do not have the knowledge to understand what the >> exploit can actually do. You are aware. That is all that matters. Don't >> secure your servers, that is on you. When they get exploited, that is on >> you. >> >> >> >> Have a nice day! End of discussion. No further communications. >> >> >> >> Sincerely, >> >> Christopher "StealthMode" Stephen Larkins >> >> Independent IT Field Engineer >> >> fieldnation.com >> >> workmarket.com >> >> onforce.com >> >> clearancejobs.com >> >> >> >> >> >> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: >> >> My sides at this thread. At first I just rolled my eyes but now I >> actually believe that Stealth Mode is either a troll or delusional. Please >> stop saying "ITSec". Any first year CS student knows what PoC is but you >> don't? Please. >> >> You are embarrassing yourself. Which institution did you get your degree? >> It must be a very old BSc indeed. You talk complete nonsense and have a >> fundamental misunderstanding of basic computer science tenets. >> >> >> >> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> >> wrote: >> >> Nice hat there. Stealth might get this one though: https://i.imgur.com/32 >> 9jfXt.gif >> >> >> >> On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: >> >> The person in question should never have written a message about an open >> vulnerability into a public mailing list in the first place. Just because >> they did doesn't mean that you should ask for PoCs in public mailing lists, >> there's a multitude of issues with that. >> To make it perfectly clear, I'm not defending this person, I seriously >> doubt the seriousness of their statements and a lot of what they're saying >> makes no sense at all and looks like trying to maintain an image of >> competence while knowing little, but responsible disclosure still applies. >> If this person has a vulnerability to report, they should do so with the >> information listed at http://www.valvesoftware.com/security/. >> And I think I know what I'm talking about seeing as I have two Finder's >> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and >> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >> >> On 10.10.2017 17:08, Vaya wrote: >> >> I think someon
Re: [Csgo_servers] Custom files exploit
I frankly don't care what / where / how you work, or what you have studied. The only thing I know is that this is clearly the wrong channel to do argue/disclose/chat about. http://www.valvesoftware.com/security/ Hopefully you get thanked in a patch note, if not I'm sure the entire community will be grateful that you disclosed a major security issue to the people that *actually *get paid to take care of this. Thanks. 2017-10-10 18:54 GMT+02:00 Saint K. <sai...@specialattack.net>: > Christopher, > > > > I work in “the field” as you like to call it. It’s customary to explain > the exploit in detail and provide proof the concept (hence the request for > a PoC) in any form or way. > > > > Please demonstrate the issue, it be by posting the offending code, you > recording a video showing a working exploit, or anything along these lines. > > > > You should know this, if you work in “the field”. > > > > Regards, > > > > Saint K. > > > > *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] *On > Behalf Of *Stealth Mode > *Sent:* 10 October 2017 18:34 > *To:* csgo_servers@list.valvesoftware.com > *Subject:* Re: [Csgo_servers] Custom files exploit > > > > @Ryan, etc. > > > > I studied radio electronics before IT was a thing. NetSec and ITSec go > hand in hand. My credentials aren't CS, because CS was radio electronics. > The industry hasn't changed, just a little more vulnerable. Not like I am > specifically stating how to inject code, or what code to inject on a public > mailing list. Don't need to. Professionals here know what I am referring > to. I guess the rest do not have the knowledge to understand what the > exploit can actually do. You are aware. That is all that matters. Don't > secure your servers, that is on you. When they get exploited, that is on > you. > > > > Have a nice day! End of discussion. No further communications. > > > > Sincerely, > > Christopher "StealthMode" Stephen Larkins > > Independent IT Field Engineer > > fieldnation.com > > workmarket.com > > onforce.com > > clearancejobs.com > > > > > > On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: > > My sides at this thread. At first I just rolled my eyes but now I actually > believe that Stealth Mode is either a troll or delusional. Please stop > saying "ITSec". Any first year CS student knows what PoC is but you don't? > Please. > > You are embarrassing yourself. Which institution did you get your degree? > It must be a very old BSc indeed. You talk complete nonsense and have a > fundamental misunderstanding of basic computer science tenets. > > > > On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> wrote: > > Nice hat there. Stealth might get this one though: https://i.imgur.com/ > 329jfXt.gif > > > > On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: > > The person in question should never have written a message about an open > vulnerability into a public mailing list in the first place. Just because > they did doesn't mean that you should ask for PoCs in public mailing lists, > there's a multitude of issues with that. > To make it perfectly clear, I'm not defending this person, I seriously > doubt the seriousness of their statements and a lot of what they're saying > makes no sense at all and looks like trying to maintain an image of > competence while knowing little, but responsible disclosure still applies. > If this person has a vulnerability to report, they should do so with the > information listed at http://www.valvesoftware.com/security/. > And I think I know what I'm talking about seeing as I have two Finder's > Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and > https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners > > On 10.10.2017 17:08, Vaya wrote: > > I think someone needs to ‘stealth mode’ out of this email chain. This is > just noise without a repeatable Test > > Sent from my iPhone > > > On 10 Oct 2017, at 16:01, PistonMiner <pistonmi...@gmail.com> wrote: > > If you have a vulnerability to report, don't do it in a public mailing > list. Report it directly to Valve, and no place else. This conversation has > so many problems, but asking for a PoC in a *public* mailing list is one > of them. Look up responsible disclosure. (I should note though, at this > point I am not convinced a vulnerability even exists.) > > -- > > PistonMiner (Linus S.) > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > htt
Re: [Csgo_servers] Custom files exploit
Christopher, I work in “the field” as you like to call it. It’s customary to explain the exploit in detail and provide proof the concept (hence the request for a PoC) in any form or way. Please demonstrate the issue, it be by posting the offending code, you recording a video showing a working exploit, or anything along these lines. You should know this, if you work in “the field”. Regards, Saint K. From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On Behalf Of Stealth Mode Sent: 10 October 2017 18:34 To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers] Custom files exploit @Ryan, etc. I studied radio electronics before IT was a thing. NetSec and ITSec go hand in hand. My credentials aren't CS, because CS was radio electronics. The industry hasn't changed, just a little more vulnerable. Not like I am specifically stating how to inject code, or what code to inject on a public mailing list. Don't need to. Professionals here know what I am referring to. I guess the rest do not have the knowledge to understand what the exploit can actually do. You are aware. That is all that matters. Don't secure your servers, that is on you. When they get exploited, that is on you. Have a nice day! End of discussion. No further communications. Sincerely, Christopher "StealthMode" Stephen Larkins Independent IT Field Engineer fieldnation.com workmarket.com onforce.com clearancejobs.com On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <rdp...@gmail.com> wrote: My sides at this thread. At first I just rolled my eyes but now I actually believe that Stealth Mode is either a troll or delusional. Please stop saying "ITSec". Any first year CS student knows what PoC is but you don't? Please. You are embarrassing yourself. Which institution did you get your degree? It must be a very old BSc indeed. You talk complete nonsense and have a fundamental misunderstanding of basic computer science tenets. On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <n0man@gmail.com> wrote: Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif On 10 Oct 2017 4:29 pm, "PistonMiner" <pistonmi...@gmail.com> wrote: The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that. To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/. And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners On 10.10.2017 17:08, Vaya wrote: I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test Sent from my iPhone On 10 Oct 2017, at 16:01, PistonMiner <pistonmi...@gmail.com> wrote: If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a public mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.) -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___Csgo_servers mailing listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
As an independent contractor, I'm going to assume you "fix" people's broken networks by spreading FUD then correcting a problem that was never there in the first place? What kind of incompetent people do you think frequent this list; people abusing !ws and !knife, allow uploads ever from clients, and gawd knows what other insecure rubbish? Nobody is harassing you; instead, they're responding to your vagueries that are about as useful as that spambot that was here last year, and your search results that are obsolete. On Tue, Oct 10, 2017 at 12:34 PM, Stealth Modewrote: > @Ryan, etc. > > I studied radio electronics before IT was a thing. NetSec and ITSec go > hand in hand. My credentials aren't CS, because CS was radio electronics. > The industry hasn't changed, just a little more vulnerable. Not like I am > specifically stating how to inject code, or what code to inject on a public > mailing list. Don't need to. Professionals here know what I am referring > to. I guess the rest do not have the knowledge to understand what the > exploit can actually do. You are aware. That is all that matters. Don't > secure your servers, that is on you. When they get exploited, that is on > you. > > Have a nice day! End of discussion. No further communications. > > Sincerely, > Christopher "StealthMode" Stephen Larkins > Independent IT Field Engineer > fieldnation.com > workmarket.com > onforce.com > clearancejobs.com > > > On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley wrote: > >> My sides at this thread. At first I just rolled my eyes but now I >> actually believe that Stealth Mode is either a troll or delusional. Please >> stop saying "ITSec". Any first year CS student knows what PoC is but you >> don't? Please. >> >> You are embarrassing yourself. Which institution did you get your degree? >> It must be a very old BSc indeed. You talk complete nonsense and have a >> fundamental misunderstanding of basic computer science tenets. >> >> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad >> wrote: >> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" wrote: >>> The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that. To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/. And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners On 10.10.2017 17:08, Vaya wrote: I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test Sent from my iPhone On 10 Oct 2017, at 16:01, PistonMiner wrote: If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a *public* mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.) -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > >
Re: [Csgo_servers] Custom files exploit
none of these videos looks current or relevant? 1.6/CZ server exploits have no baring on CSGO server installations. On 10 October 2017 at 17:34, Stealth Modewrote: > @Ryan, etc. > > I studied radio electronics before IT was a thing. NetSec and ITSec go > hand in hand. My credentials aren't CS, because CS was radio electronics. > The industry hasn't changed, just a little more vulnerable. Not like I am > specifically stating how to inject code, or what code to inject on a public > mailing list. Don't need to. Professionals here know what I am referring > to. I guess the rest do not have the knowledge to understand what the > exploit can actually do. You are aware. That is all that matters. Don't > secure your servers, that is on you. When they get exploited, that is on > you. > > Have a nice day! End of discussion. No further communications. > > Sincerely, > Christopher "StealthMode" Stephen Larkins > Independent IT Field Engineer > fieldnation.com > workmarket.com > onforce.com > clearancejobs.com > > > On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley wrote: > >> My sides at this thread. At first I just rolled my eyes but now I >> actually believe that Stealth Mode is either a troll or delusional. Please >> stop saying "ITSec". Any first year CS student knows what PoC is but you >> don't? Please. >> >> You are embarrassing yourself. Which institution did you get your degree? >> It must be a very old BSc indeed. You talk complete nonsense and have a >> fundamental misunderstanding of basic computer science tenets. >> >> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad >> wrote: >> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" wrote: >>> The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that. To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/. And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners On 10.10.2017 17:08, Vaya wrote: I think someone needs to ‘stealth mode’ out of this email chain. This is just noise without a repeatable Test Sent from my iPhone On 10 Oct 2017, at 16:01, PistonMiner wrote: If you have a vulnerability to report, don't do it in a public mailing list. Report it directly to Valve, and no place else. This conversation has so many problems, but asking for a PoC in a *public* mailing list is one of them. Look up responsible disclosure. (I should note though, at this point I am not convinced a vulnerability even exists.) -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- PistonMiner (Linus S.) ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
@Ryan, etc. I studied radio electronics before IT was a thing. NetSec and ITSec go hand in hand. My credentials aren't CS, because CS was radio electronics. The industry hasn't changed, just a little more vulnerable. Not like I am specifically stating how to inject code, or what code to inject on a public mailing list. Don't need to. Professionals here know what I am referring to. I guess the rest do not have the knowledge to understand what the exploit can actually do. You are aware. That is all that matters. Don't secure your servers, that is on you. When they get exploited, that is on you. Have a nice day! End of discussion. No further communications. Sincerely, Christopher "StealthMode" Stephen Larkins Independent IT Field Engineer fieldnation.com workmarket.com onforce.com clearancejobs.com On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentleywrote: > My sides at this thread. At first I just rolled my eyes but now I actually > believe that Stealth Mode is either a troll or delusional. Please stop > saying "ITSec". Any first year CS student knows what PoC is but you don't? > Please. > > You are embarrassing yourself. Which institution did you get your degree? > It must be a very old BSc indeed. You talk complete nonsense and have a > fundamental misunderstanding of basic computer science tenets. > > On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad wrote: > >> Nice hat there. Stealth might get this one though: https://i.imgur.com/32 >> 9jfXt.gif >> >> On 10 Oct 2017 4:29 pm, "PistonMiner" wrote: >> >>> The person in question should never have written a message about an open >>> vulnerability into a public mailing list in the first place. Just because >>> they did doesn't mean that you should ask for PoCs in public mailing lists, >>> there's a multitude of issues with that. >>> To make it perfectly clear, I'm not defending this person, I seriously >>> doubt the seriousness of their statements and a lot of what they're saying >>> makes no sense at all and looks like trying to maintain an image of >>> competence while knowing little, but responsible disclosure still applies. >>> If this person has a vulnerability to report, they should do so with the >>> information listed at http://www.valvesoftware.com/security/. >>> And I think I know what I'm talking about seeing as I have two Finder's >>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and >>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >>> >>> On 10.10.2017 17:08, Vaya wrote: >>> >>> I think someone needs to ‘stealth mode’ out of this email chain. This is >>> just noise without a repeatable Test >>> >>> Sent from my iPhone >>> >>> On 10 Oct 2017, at 16:01, PistonMiner wrote: >>> >>> If you have a vulnerability to report, don't do it in a public mailing >>> list. Report it directly to Valve, and no place else. This conversation has >>> so many problems, but asking for a PoC in a *public* mailing list is >>> one of them. Look up responsible disclosure. (I should note though, at this >>> point I am not convinced a vulnerability even exists.) >>> >>> -- >>> PistonMiner (Linus S.) >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> ___ >>> Csgo_servers mailing >>> listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> -- >>> PistonMiner (Linus S.) >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
@ Vaya Indeed. https://www.google.com/search?num=20=off=1C1GGRV_enUS766US766=hlds+server+exploits=hlds+server+exploits_l=psy-ab.3..33i22i29i30k1.29788.34204.0.34882.26.20.0.0.0.0.428.3202.0j5j1j5j1.12.00...1.1.64.psy-ab..14.12.3195...0j35i39k1j0i67k1j0i22i30k1j0i22i10i30k1j33i160k1j0i8i13i10i30k1.0.5ObNmdqq2dI https://www.google.com/search?num=20=off=1C1GGRV_enUS766US766=csgo+server+exploits=csgo+server+exploits_l=psy-ab.3...70429.71541.0.71853.5.5.0.0.0.0.192.378.0j2.2.00...1.1.64.psy-ab..3.0.00.HFf4SiZKnLo And these are the more common exploits. The image/skin exploit isn't widely known yet. Far as to why I have submitted it to this list, was to let owners/admins know to disable custom files/skins with the svar for allowupload, and customfiles. The maturity of some of this lists members is lacking. So I will be ignoring them, and blocking them in the future. Possibly will contact Alfred about the harrassment over the legitimate exploit being being spoken of with other owners/admins. -StealthMode On Tue, Oct 10, 2017 at 11:08 AM, Vayawrote: > I think someone needs to ‘stealth mode’ out of this email chain. This is > just noise without a repeatable Test > > Sent from my iPhone > > On 10 Oct 2017, at 16:01, PistonMiner wrote: > > If you have a vulnerability to report, don't do it in a public mailing > list. Report it directly to Valve, and no place else. This conversation has > so many problems, but asking for a PoC in a *public* mailing list is one > of them. Look up responsible disclosure. (I should note though, at this > point I am not convinced a vulnerability even exists.) > > -- > PistonMiner (Linus S.) > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
My sides at this thread. At first I just rolled my eyes but now I actually believe that Stealth Mode is either a troll or delusional. Please stop saying "ITSec". Any first year CS student knows what PoC is but you don't? Please. You are embarrassing yourself. Which institution did you get your degree? It must be a very old BSc indeed. You talk complete nonsense and have a fundamental misunderstanding of basic computer science tenets. On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmadwrote: > Nice hat there. Stealth might get this one though: https://i.imgur.com/ > 329jfXt.gif > > On 10 Oct 2017 4:29 pm, "PistonMiner" wrote: > >> The person in question should never have written a message about an open >> vulnerability into a public mailing list in the first place. Just because >> they did doesn't mean that you should ask for PoCs in public mailing lists, >> there's a multitude of issues with that. >> To make it perfectly clear, I'm not defending this person, I seriously >> doubt the seriousness of their statements and a lot of what they're saying >> makes no sense at all and looks like trying to maintain an image of >> competence while knowing little, but responsible disclosure still applies. >> If this person has a vulnerability to report, they should do so with the >> information listed at http://www.valvesoftware.com/security/. >> And I think I know what I'm talking about seeing as I have two Finder's >> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and >> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >> >> On 10.10.2017 17:08, Vaya wrote: >> >> I think someone needs to ‘stealth mode’ out of this email chain. This is >> just noise without a repeatable Test >> >> Sent from my iPhone >> >> On 10 Oct 2017, at 16:01, PistonMiner wrote: >> >> If you have a vulnerability to report, don't do it in a public mailing >> list. Report it directly to Valve, and no place else. This conversation has >> so many problems, but asking for a PoC in a *public* mailing list is one >> of them. Look up responsible disclosure. (I should note though, at this >> point I am not convinced a vulnerability even exists.) >> >> -- >> PistonMiner (Linus S.) >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> ___ >> Csgo_servers mailing >> listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> -- >> PistonMiner (Linus S.) >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif On 10 Oct 2017 4:29 pm, "PistonMiner"wrote: > The person in question should never have written a message about an open > vulnerability into a public mailing list in the first place. Just because > they did doesn't mean that you should ask for PoCs in public mailing lists, > there's a multitude of issues with that. > To make it perfectly clear, I'm not defending this person, I seriously > doubt the seriousness of their statements and a lot of what they're saying > makes no sense at all and looks like trying to maintain an image of > competence while knowing little, but responsible disclosure still applies. > If this person has a vulnerability to report, they should do so with the > information listed at http://www.valvesoftware.com/security/. > And I think I know what I'm talking about seeing as I have two Finder's > Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and > https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners > > On 10.10.2017 17:08, Vaya wrote: > > I think someone needs to ‘stealth mode’ out of this email chain. This is > just noise without a repeatable Test > > Sent from my iPhone > > On 10 Oct 2017, at 16:01, PistonMiner wrote: > > If you have a vulnerability to report, don't do it in a public mailing > list. Report it directly to Valve, and no place else. This conversation has > so many problems, but asking for a PoC in a *public* mailing list is one > of them. Look up responsible disclosure. (I should note though, at this > point I am not convinced a vulnerability even exists.) > > -- > PistonMiner (Linus S.) > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > ___ > Csgo_servers mailing > listCsgo_servers@list.valvesoftware.comhttps://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > -- > PistonMiner (Linus S.) > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Please send an actual working proof of concept (PoC) (also the configuration of the server/environment if applicable). A working Proof of Concept will prove your point. At the current level, this is nothing more than a theory and a hypothesis. The PoC is the only thing we need. Cheers. ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Please stop. I have been watching this conversation since it started. Provide a case-specific example if you can. If not, please keep your solutions to yourself. I may not be an IT graduate, but I have a keen understanding of when someone is full of themself. Besides: your server has custom files disabled, why bother talking to a brick wall anymore just to have a bunch of people you clearly don't respect do the same? -OF On Oct 10, 2017 10:41 AM, "Stealth Mode"wrote: > So clueless I hold an electronics engineering degree, an IT industry > degree, and am currently studying CCIE/CCDE and contracting with Cisco to > develop electronics safeguards to protect from binary injections into IT > infrastructure. > > Please refrain from trolling, flaming, etc. You do not have an education > in this field. > > -StealthMode > > On Tue, Oct 10, 2017 at 10:27 AM, Nomaan Ahmad > wrote: > >> This guy is clueless. >> >> On 10 Oct 2017 3:25 pm, "Stealth Mode" wrote: >> >>> Actually my information is grounded in fact and 100% replicatable if you >>> know the field. I've listed a few resources to educate yourself. Please >>> refrain from speaking if you do not have an education in ITSec. >>> >>> https://books.google.com/books?id=0OlIT9eEEsoC=PA193= >>> PA193=image+file+injection+compromsing+server=bl >>> ts=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E=en=X >>> =0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=onepage= >>> image%20file%20injection%20compromsing%20server=false >>> >>> The links I've provided are just a few examples. Anyone can make a >>> custom image file (weapon skin, or spray paint, or wad in a .bsp) inject >>> code into it, and use your server, and clients connected to it to launch >>> whatever code they want. In the links provided, these are image files used >>> to inject code into web servers once the image is loaded. Meaning, once a >>> spray is sprayed, or a client uses x weapon skin through GO market. Once >>> sent to server/client cache, it then executes spraying a benign image, or >>> rendering a benign looking skin, while behind the scenes it is also >>> executing code. Now most of these script kiddies probably are just using >>> the images to run hacks, which yes they can be just that benign. However, >>> more sophisticated hackers can also use this to compromise entire networks, >>> backbones, etc. >>> >>> On Mon, Oct 9, 2017 at 8:28 PM, devu4 wrote: >>> This is such a pointless thread, no proof and a big headed clueless guy coming out with irrelevant crap! -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
If you are pointing to an exploit, you should be able to replicate the exploit and maybe even go further to give what function resulted in this exploit (not checking types, not sanitizing input, etc.) There should also be a description on what the exploit leads to (Remote Code Execution, Denial of Service, etc) From: Csgo_servers <csgo_servers-boun...@list.valvesoftware.com> on behalf of thedudeguy1 <cloherty.r...@gmail.com> Sent: Tuesday, October 10, 2017 10:38 AM To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers] Custom files exploit Stealth Mode. Please post some sort of demonstration or steps to demonstrate this vulnerability. Just one example is all you need to convince us. -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump chumps ring a bell? I don't have time tbh to provide anything other than information. This is a side issue I discovered on my own lan server using a .gif spray paint image. It can be replicated. Build a graphics file, inject it with a script to execute a shell window, and display a message, has set us up the bomb. Inject into the image file, select as a spray paint. Spray it on your server, log into your server, look at the shell window. Have a nice day. Off to work. -StealthMode On Tue, Oct 10, 2017 at 10:29 AM, epi <ow...@tf.heybey.org> wrote: > PoC stands for Proof of Concept. We are asking you to provide proof that > you are not just pasting random articles on PHP. You have yet to show us > anything that would trigger any issues in srcds. > > On 10/10/2017 10:26 AM, Stealth Mode wrote: > >> POC far as I know is always Point Of Contact. Or Professional Overseas >> Contractor. >> >> Unless you are referring to Packet Order Correction in reference to >> networking. Which yes, even then, does not apply in this situation. >> >> -StealthMode >> >> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com > mumphs...@gmail.com>> wrote: >> >> Did you read how that's actually exploited? It would require another >> malicious script to parse the exif tag and eval some PHP. How >> exactly would a similar situation occur on a hosted game server? Do >> you have a poc? You say this email chain is one but I dont think you >> quite know what you're talking about. >> >> On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com >> <mailto:stealthmode1...@gmail.com>> wrote: >> >> This email is fine for a POC. Far as the exploit, for those who >> arent familiar, this is an example. >> >> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/ >> <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/> >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. >> <sai...@specialattack.net <mailto:sai...@specialattack.net>> >> wrote: >> >> Do you have a POC? >> >> >> *From: * Stealth Mode <stealthmode1...@gmail.com >> <mailto:stealthmode1...@gmail.com>> >> *To: * <csgo_servers@list.valvesoftware.com >> <mailto:csgo_servers@list.valvesoftware.com>> >> *Sent: * 10/10/2017 12:44 AM >> *Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills. Electronics skills. And old school >> knowledge of how to inject image files with malicious >> code (NetSec/ITSec). This is an older style of >> "hacking". Remember those warnings about clicking >> download attachments from the 90s onward? Same thing >> still applies. Except, there is no detection for any >> hlds/go server, so an injected image can contaminate a >> server cache. Which in turn will infect clients. Any >> image file, any data file really, can be modified like >> this. Willing to bet good money those $500. go weapon >> skins have hack code scripted and injected into the image. >> >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo >> <inilo.in...@gmail.com <mailto:inilo.in...@gmail.com>> >> wrote: >> >> Sure, >> >> But you have anything to back this up? (don't take >> it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode >> <stealthmode1...@gmail.com >> <mailto:stealthmode1...@gmail.com>>: >> >> Headsup admins/owners. Might want to disable >> custom files till valve addresses this issue >> brought to their attention a month ago. >> There is an exploit where any client with minor >> skill can inject custom files with all types of >> malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remo
Re: [Csgo_servers] Custom files exploit
How did we jump from a server issue to AMX lol? Who even still uses AMX?!!? On Tue, Oct 10, 2017 at 10:39 AM Stealth Mode <stealthmode1...@gmail.com> wrote: > @Kevin > > Yes this is what I was suggesting, also the Custom_files svar set to 0 > will disable this until vALVE can build a fix into the engine. EG: VAC > custom file checks, skin checks, .bsp submission system for addition to > market/game, etc. Right now the custom.hpk file is what will store spray > paints. This is the file server side that should be scanned. As each new > custom spray goes into this file, when it is written and accessed is when > this exploit can occur. > > There are also sql database injection vulnerabilities using AMX. But this > is another issue not valve related. > > On Tue, Oct 10, 2017 at 10:29 AM, Kevin C <s...@serveredirect.com> wrote: > >> Pretty sure by context it means proof of concept. >> >> >> For CS:GO sv_allowupload 0 could easily be used to counter what you are >> claiming. This goes for any source game server but for games that allow >> sprays this would disable them. >> >> On 10/10/2017 10:26 AM, Stealth Mode wrote: >> >> POC far as I know is always Point Of Contact. Or Professional Overseas >> Contractor. >> >> Unless you are referring to Packet Order Correction in reference to >> networking. Which yes, even then, does not apply in this situation. >> >> -StealthMode >> >> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com> wrote: >> >>> Did you read how that's actually exploited? It would require another >>> malicious script to parse the exif tag and eval some PHP. How exactly would >>> a similar situation occur on a hosted game server? Do you have a poc? You >>> say this email chain is one but I dont think you quite know what you're >>> talking about. >>> >>> On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> >>> wrote: >>> >>>> This email is fine for a POC. Far as the exploit, for those who arent >>>> familiar, this is an example. >>>> >>>> >>>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ >>>> >>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>>> wrote: >>>> >>>>> Do you have a POC? >>>>> >>>>> >>>>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>>>> * To: * <csgo_servers@list.valvesoftware.com> >>>>> * Sent: * 10/10/2017 12:44 AM >>>>> * Subject: * Re: [Csgo_servers] Custom files exploit >>>>> >>>>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>>>> inject image files with malicious code (NetSec/ITSec). This is an older >>>>> style of "hacking". Remember those warnings about clicking download >>>>> attachments from the 90s onward? Same thing still applies. Except, there >>>>> is >>>>> no detection for any hlds/go server, so an injected image can contaminate >>>>> a >>>>> server cache. Which in turn will infect clients. Any image file, any data >>>>> file really, can be modified like this. Willing to bet good money those >>>>> $500. go weapon skins have hack code scripted and injected into the image. >>>>> >>>>> >>>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>>>> >>>>> Sure, >>>>> >>>>> But you have anything to back this up? (don't take it the wrong way) >>>>> >>>>> Nilo. >>>>> >>>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>>>> >>>>> Headsup admins/owners. Might want to disable custom files till valve >>>>> addresses this issue brought to their attention a month ago. >>>>> There is an exploit where any client with minor skill can inject >>>>> custom files with all types of malicious code. From hacks in weapon skins, >>>>> to ransomware in custom .bsp, to remote backdoors in custom spray paints. >>>>> >>>>> The exploit is injecting code into any image, sound, or data file. You >>>>> can take weapon skins (csgo), sound files, spray paint image files, even >>>>> .bsp/etc. and inject hack code, or actual ransom
Re: [Csgo_servers] Custom files exploit
Stealth Mode. Please post some sort of demonstration or steps to demonstrate this vulnerability. Just one example is all you need to convince us. -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Just because something is in memory doesn't mean it's executing code.. that's not how memory works. Good luck at your conference :) On Oct 10, 2017 9:33 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > Actually the parsing involves the operating system and how the os > rendering occurs is dependent upon software, or hardware rendering. Which > is universal. If you know OSI layer, then you know once it is transported, > and in the server cache (memory) it is already executing. > > On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <mumphs...@gmail.com> wrote: > >> Just because you can upload a file doesn't mean the server will parse it >> in a way that would compromise it. That's not how it works. There's a >> reason why most of your examples are around exploiting php applications. >> >> On Oct 10, 2017 9:20 AM, "Stealth Mode" <stealthmode1...@gmail.com> >> wrote: >> >>> Another set of examples >>> >>> https://securelist.com/png-embedded-malicious-payload-hidden >>> -in-a-png-file/74297/ >>> >>> https://phocean.net/2013/09/29/file-upload-vulnerabilities-a >>> ppending-php-code-to-an-image.html >>> >>> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili >>> ty-exploitation/ >>> >>> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection >>> >>> Really good book on image file injections... >>> >>> https://books.google.com/books?id=lG_XdxA5LRUC=PA21=P >>> A21=image+file+injection+compromsing+server=bl >>> =E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X= >>> 0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image% >>> 20file%20injection%20compromsing%20server=false >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>> wrote: >>> >>>> Do you have a POC? >>>> >>>> >>>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>>> * To: * <csgo_servers@list.valvesoftware.com> >>>> * Sent: * 10/10/2017 12:44 AM >>>> * Subject: * Re: [Csgo_servers] Custom files exploit >>>> >>>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>>> inject image files with malicious code (NetSec/ITSec). This is an older >>>> style of "hacking". Remember those warnings about clicking download >>>> attachments from the 90s onward? Same thing still applies. Except, there is >>>> no detection for any hlds/go server, so an injected image can contaminate a >>>> server cache. Which in turn will infect clients. Any image file, any data >>>> file really, can be modified like this. Willing to bet good money those >>>> $500. go weapon skins have hack code scripted and injected into the image. >>>> >>>> >>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>>> >>>> Sure, >>>> >>>> But you have anything to back this up? (don't take it the wrong way) >>>> >>>> Nilo. >>>> >>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>>> >>>> Headsup admins/owners. Might want to disable custom files till valve >>>> addresses this issue brought to their attention a month ago. >>>> There is an exploit where any client with minor skill can inject custom >>>> files with all types of malicious code. From hacks in weapon skins, to >>>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>>> >>>> The exploit is injecting code into any image, sound, or data file. You >>>> can take weapon skins (csgo), sound files, spray paint image files, even >>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>>> Trojans/rootkits directly into a server cache, or client cache via the >>>> custom file. >>>> >>>> Might want to disable custom files till valve decides to correct this >>>> issue. >>>> >>>> -StealthMode >>>> >>>> ___ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> ___ >>>> Csgo_servers mailing list >>>> Csgo_server
Re: [Csgo_servers] Custom files exploit
This is not the correct place to make assumptions of this type. Please be concrete with your security reports whereby you include a summary of what you are trying to make a point out of here, and not baffle on high-level details that is not of relevance. POC stands for Proof of Concept, and nothing else. On Tue, Oct 10, 2017 at 4:26 PM, Stealth Mode <stealthmode1...@gmail.com> wrote: > POC far as I know is always Point Of Contact. Or Professional Overseas > Contractor. > > Unless you are referring to Packet Order Correction in reference to > networking. Which yes, even then, does not apply in this situation. > > -StealthMode > > On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com> wrote: > >> Did you read how that's actually exploited? It would require another >> malicious script to parse the exif tag and eval some PHP. How exactly would >> a similar situation occur on a hosted game server? Do you have a poc? You >> say this email chain is one but I dont think you quite know what you're >> talking about. >> >> On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> >> wrote: >> >>> This email is fine for a POC. Far as the exploit, for those who arent >>> familiar, this is an example. >>> >>> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-W >>> ebshell-Backdoor-Code-in-Image-Files/ >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>> wrote: >>> >>>> Do you have a POC? >>>> >>>> >>>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>>> * To: * <csgo_servers@list.valvesoftware.com> >>>> * Sent: * 10/10/2017 12:44 AM >>>> * Subject: * Re: [Csgo_servers] Custom files exploit >>>> >>>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>>> inject image files with malicious code (NetSec/ITSec). This is an older >>>> style of "hacking". Remember those warnings about clicking download >>>> attachments from the 90s onward? Same thing still applies. Except, there is >>>> no detection for any hlds/go server, so an injected image can contaminate a >>>> server cache. Which in turn will infect clients. Any image file, any data >>>> file really, can be modified like this. Willing to bet good money those >>>> $500. go weapon skins have hack code scripted and injected into the image. >>>> >>>> >>>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>>> >>>> Sure, >>>> >>>> But you have anything to back this up? (don't take it the wrong way) >>>> >>>> Nilo. >>>> >>>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>>> >>>> Headsup admins/owners. Might want to disable custom files till valve >>>> addresses this issue brought to their attention a month ago. >>>> There is an exploit where any client with minor skill can inject custom >>>> files with all types of malicious code. From hacks in weapon skins, to >>>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>>> >>>> The exploit is injecting code into any image, sound, or data file. You >>>> can take weapon skins (csgo), sound files, spray paint image files, even >>>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>>> Trojans/rootkits directly into a server cache, or client cache via the >>>> custom file. >>>> >>>> Might want to disable custom files till valve decides to correct this >>>> issue. >>>> >>>> -StealthMode >>>> >>>> ___ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> ___ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> >>>> ___ >>>> Csgo_servers mailing list >>>> Csgo_servers@list.valvesoftware.com >>>> https://list.valvesoftware.com/cgi-
Re: [Csgo_servers] Custom files exploit
How is it executing code? What exactly is the mechanism in play here that is evaluating your exploit code? You keep mentioning images, but that would require the backend to parse and execute an exploit attached to said image. There's nothing that would do that. If this was the case large sites like imgur and Facebook would be compromised every day. You keep mentioning you work in the field of IT or whatever but that's just hard to believe as someone who actually does. This is such a dumb thing to make a fuss over and clearly shows you have no clue what you're talking about. Going to assume you're just a troll until you can actually come up with an actual poc. Good luck and have fun out there. If you ever want some good resources on how to properly learn this stuff feel free to ask and I can provide. On Oct 10, 2017 9:25 AM, "Stealth Mode"wrote: > Actually my information is grounded in fact and 100% replicatable if you > know the field. I've listed a few resources to educate yourself. Please > refrain from speaking if you do not have an education in ITSec. > > https://books.google.com/books?id=0OlIT9eEEsoC= > PA193=PA193=image+file+injection+compromsing+server& > source=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E& > hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v= > onepage=image%20file%20injection%20compromsing%20server=false > > The links I've provided are just a few examples. Anyone can make a custom > image file (weapon skin, or spray paint, or wad in a .bsp) inject code into > it, and use your server, and clients connected to it to launch whatever > code they want. In the links provided, these are image files used to inject > code into web servers once the image is loaded. Meaning, once a spray is > sprayed, or a client uses x weapon skin through GO market. Once sent to > server/client cache, it then executes spraying a benign image, or rendering > a benign looking skin, while behind the scenes it is also executing code. > Now most of these script kiddies probably are just using the images to run > hacks, which yes they can be just that benign. However, more sophisticated > hackers can also use this to compromise entire networks, backbones, etc. > > On Mon, Oct 9, 2017 at 8:28 PM, devu4 wrote: > >> This is such a pointless thread, no proof and a big headed clueless guy >> coming out with irrelevant crap! >> >> >> >> -- >> Sent from: http://csgo-servers.1073505.n5.nabble.com/ >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Actually the parsing involves the operating system and how the os rendering occurs is dependent upon software, or hardware rendering. Which is universal. If you know OSI layer, then you know once it is transported, and in the server cache (memory) it is already executing. On Tue, Oct 10, 2017 at 10:23 AM, Alan Love <mumphs...@gmail.com> wrote: > Just because you can upload a file doesn't mean the server will parse it > in a way that would compromise it. That's not how it works. There's a > reason why most of your examples are around exploiting php applications. > > On Oct 10, 2017 9:20 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > >> Another set of examples >> >> https://securelist.com/png-embedded-malicious-payload-hidden >> -in-a-png-file/74297/ >> >> https://phocean.net/2013/09/29/file-upload-vulnerabilities- >> appending-php-code-to-an-image.html >> >> http://www.hackingarticles.in/5-ways-file-upload-vulnerabili >> ty-exploitation/ >> >> https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection >> >> Really good book on image file injections... >> >> https://books.google.com/books?id=lG_XdxA5LRUC=PA21= >> PA21=image+file+injection+compromsing+server=bl& >> ots=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X& >> ved=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage& >> q=image%20file%20injection%20compromsing%20server=false >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>> inject image files with malicious code (NetSec/ITSec). This is an older >>> style of "hacking". Remember those warnings about clicking download >>> attachments from the 90s onward? Same thing still applies. Except, there is >>> no detection for any hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any image file, any data >>> file really, can be modified like this. Willing to bet good money those >>> $500. go weapon skins have hack code scripted and injected into the image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
One last example, even references POC for those that wish to read. I have work to do so I will be unable to reply until later this evening, or tommorow. Currently working on securing electronics in IT infrastructure from binary injections below the JTAG/Hardware Protection Layer. Have a good day. http://securityaffairs.co/wordpress/36130/hacking/malicious-jpeg-hack-corporate-networks.html -StealthMode On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com> wrote: > Did you read how that's actually exploited? It would require another > malicious script to parse the exif tag and eval some PHP. How exactly would > a similar situation occur on a hosted game server? Do you have a poc? You > say this email chain is one but I dont think you quite know what you're > talking about. > > On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > >> This email is fine for a POC. Far as the exploit, for those who arent >> familiar, this is an example. >> >> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/ >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>> inject image files with malicious code (NetSec/ITSec). This is an older >>> style of "hacking". Remember those warnings about clicking download >>> attachments from the 90s onward? Same thing still applies. Except, there is >>> no detection for any hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any image file, any data >>> file really, can be modified like this. Willing to bet good money those >>> $500. go weapon skins have hack code scripted and injected into the image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
> It would require another malicious script to parse the exif tag and eval some > PHP. It would require another, poorly written script that handles the data in a poor and unsafe way. ftfy ;) He also - on multiple occasions - reminded us that this is a „old style of hacking“ and indeed, if you learned programming seriously in the last decade you should know that you don’t trust untrusted data, ever. By his logic a .txt is completely unsecure (given that you eval() it in your shitty PHP code). Am 10.10.2017 um 16:19 schrieb Alan Love <mumphs...@gmail.com>: > Did you read how that's actually exploited? It would require another > malicious script to parse the exif tag and eval some PHP. How exactly would a > similar situation occur on a hosted game server? Do you have a poc? You say > this email chain is one but I dont think you quite know what you're talking > about. > > On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > This email is fine for a POC. Far as the exploit, for those who arent > familiar, this is an example. > > https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote: > Do you have a POC? > > > From: Stealth Mode <stealthmode1...@gmail.com> > To: <csgo_servers@list.valvesoftware.com> > Sent: 10/10/2017 12:44 AM > Subject: Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to inject > image files with malicious code (NetSec/ITSec). This is an older style of > "hacking". Remember those warnings about clicking download attachments from > the 90s onward? Same thing still applies. Except, there is no detection for > any hlds/go server, so an injected image can contaminate a server cache. > Which in turn will infect clients. Any image file, any data file really, can > be modified like this. Willing to bet good money those $500. go weapon skins > have hack code scripted and injected into the image. > > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom files > with all types of malicious code. From hacks in weapon skins, to ransomware > in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the custom > file. > > Might want to disable custom files till valve decides to correct this issue. > > -StealthMode > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
PoC stands for Proof of Concept. We are asking you to provide proof that you are not just pasting random articles on PHP. You have yet to show us anything that would trigger any issues in srcds. On 10/10/2017 10:26 AM, Stealth Mode wrote: POC far as I know is always Point Of Contact. Or Professional Overseas Contractor. Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation. -StealthMode On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com <mailto:mumphs...@gmail.com>> wrote: Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about. On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>> wrote: This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net <mailto:sai...@specialattack.net>> wrote: Do you have a POC? *From: * Stealth Mode <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>> *To: * <csgo_servers@list.valvesoftware.com <mailto:csgo_servers@list.valvesoftware.com>> *Sent: * 10/10/2017 12:44 AM *Subject: * Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com <mailto:inilo.in...@gmail.com>> wrote: Sure, But you have anything to back this up? (don't take it the wrong way) Nilo. 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>>: Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints. The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. Might want to disable custom files till valve decides to correct this issue. -StealthMode ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.co
Re: [Csgo_servers] Custom files exploit
This guy is clueless. On 10 Oct 2017 3:25 pm, "Stealth Mode"wrote: > Actually my information is grounded in fact and 100% replicatable if you > know the field. I've listed a few resources to educate yourself. Please > refrain from speaking if you do not have an education in ITSec. > > https://books.google.com/books?id=0OlIT9eEEsoC= > PA193=PA193=image+file+injection+compromsing+server& > source=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E& > hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v= > onepage=image%20file%20injection%20compromsing%20server=false > > The links I've provided are just a few examples. Anyone can make a custom > image file (weapon skin, or spray paint, or wad in a .bsp) inject code into > it, and use your server, and clients connected to it to launch whatever > code they want. In the links provided, these are image files used to inject > code into web servers once the image is loaded. Meaning, once a spray is > sprayed, or a client uses x weapon skin through GO market. Once sent to > server/client cache, it then executes spraying a benign image, or rendering > a benign looking skin, while behind the scenes it is also executing code. > Now most of these script kiddies probably are just using the images to run > hacks, which yes they can be just that benign. However, more sophisticated > hackers can also use this to compromise entire networks, backbones, etc. > > On Mon, Oct 9, 2017 at 8:28 PM, devu4 wrote: > >> This is such a pointless thread, no proof and a big headed clueless guy >> coming out with irrelevant crap! >> >> >> >> -- >> Sent from: http://csgo-servers.1073505.n5.nabble.com/ >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Pretty sure by context it means proof of concept. For CS:GO sv_allowupload 0 could easily be used to counter what you are claiming. This goes for any source game server but for games that allow sprays this would disable them. On 10/10/2017 10:26 AM, Stealth Mode wrote: POC far as I know is always Point Of Contact. Or Professional Overseas Contractor. Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation. -StealthMode On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com <mailto:mumphs...@gmail.com>> wrote: Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about. On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>> wrote: This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net <mailto:sai...@specialattack.net>> wrote: Do you have a POC? *From: * Stealth Mode <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>> *To: * <csgo_servers@list.valvesoftware.com <mailto:csgo_servers@list.valvesoftware.com>> *Sent: * 10/10/2017 12:44 AM *Subject: * Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com <mailto:inilo.in...@gmail.com>> wrote: Sure, But you have anything to back this up? (don't take it the wrong way) Nilo. 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com <mailto:stealthmode1...@gmail.com>>: Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints. The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. Might want to disable custom files till valve decides to correct this issue. -StealthMode ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing li
Re: [Csgo_servers] Custom files exploit
POC far as I know is always Point Of Contact. Or Professional Overseas Contractor. Unless you are referring to Packet Order Correction in reference to networking. Which yes, even then, does not apply in this situation. -StealthMode On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <mumphs...@gmail.com> wrote: > Did you read how that's actually exploited? It would require another > malicious script to parse the exif tag and eval some PHP. How exactly would > a similar situation occur on a hosted game server? Do you have a poc? You > say this email chain is one but I dont think you quite know what you're > talking about. > > On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > >> This email is fine for a POC. Far as the exploit, for those who arent >> familiar, this is an example. >> >> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/ >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school knowledge of how to >>> inject image files with malicious code (NetSec/ITSec). This is an older >>> style of "hacking". Remember those warnings about clicking download >>> attachments from the 90s onward? Same thing still applies. Except, there is >>> no detection for any hlds/go server, so an injected image can contaminate a >>> server cache. Which in turn will infect clients. Any image file, any data >>> file really, can be modified like this. Willing to bet good money those >>> $500. go weapon skins have hack code scripted and injected into the image. >>> >>> >>> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >>> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >>> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Actually my information is grounded in fact and 100% replicatable if you know the field. I've listed a few resources to educate yourself. Please refrain from speaking if you do not have an education in ITSec. https://books.google.com/books?id=0OlIT9eEEsoC=PA193=PA193=image+file+injection+compromsing+server=bl=vGZbN7Qhsb=3CbPAaU8hPbmqemmMXQ4kZXoI2E=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIYDAJ#v=onepage=image%20file%20injection%20compromsing%20server=false The links I've provided are just a few examples. Anyone can make a custom image file (weapon skin, or spray paint, or wad in a .bsp) inject code into it, and use your server, and clients connected to it to launch whatever code they want. In the links provided, these are image files used to inject code into web servers once the image is loaded. Meaning, once a spray is sprayed, or a client uses x weapon skin through GO market. Once sent to server/client cache, it then executes spraying a benign image, or rendering a benign looking skin, while behind the scenes it is also executing code. Now most of these script kiddies probably are just using the images to run hacks, which yes they can be just that benign. However, more sophisticated hackers can also use this to compromise entire networks, backbones, etc. On Mon, Oct 9, 2017 at 8:28 PM, devu4wrote: > This is such a pointless thread, no proof and a big headed clueless guy > coming out with irrelevant crap! > > > > -- > Sent from: http://csgo-servers.1073505.n5.nabble.com/ > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Just because you can upload a file doesn't mean the server will parse it in a way that would compromise it. That's not how it works. There's a reason why most of your examples are around exploiting php applications. On Oct 10, 2017 9:20 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > Another set of examples > > https://securelist.com/png-embedded-malicious-payload- > hidden-in-a-png-file/74297/ > > https://phocean.net/2013/09/29/file-upload-vulnerabilities-appending-php- > code-to-an-image.html > > http://www.hackingarticles.in/5-ways-file-upload- > vulnerability-exploitation/ > > https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection > > Really good book on image file injections... > > https://books.google.com/books?id=lG_XdxA5LRUC=PA21; > lpg=PA21=image+file+injection+compromsing+server& > source=bl=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y& > hl=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v= > onepage=image%20file%20injection%20compromsing%20server=false > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> > wrote: > >> Do you have a POC? >> >> >> * From: * Stealth Mode <stealthmode1...@gmail.com> >> * To: * <csgo_servers@list.valvesoftware.com> >> * Sent: * 10/10/2017 12:44 AM >> * Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills. Electronics skills. And old school knowledge of how to >> inject image files with malicious code (NetSec/ITSec). This is an older >> style of "hacking". Remember those warnings about clicking download >> attachments from the 90s onward? Same thing still applies. Except, there is >> no detection for any hlds/go server, so an injected image can contaminate a >> server cache. Which in turn will infect clients. Any image file, any data >> file really, can be modified like this. Willing to bet good money those >> $500. go weapon skins have hack code scripted and injected into the image. >> >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >> >> Sure, >> >> But you have anything to back this up? (don't take it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >> >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Did you read how that's actually exploited? It would require another malicious script to parse the exif tag and eval some PHP. How exactly would a similar situation occur on a hosted game server? Do you have a poc? You say this email chain is one but I dont think you quite know what you're talking about. On Oct 10, 2017 9:15 AM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: > This email is fine for a POC. Far as the exploit, for those who arent > familiar, this is an example. > > https://www.trustwave.com/Resources/SpiderLabs-Blog/ > Hiding-Webshell-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> > wrote: > >> Do you have a POC? >> >> >> * From: * Stealth Mode <stealthmode1...@gmail.com> >> * To: * <csgo_servers@list.valvesoftware.com> >> * Sent: * 10/10/2017 12:44 AM >> * Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills. Electronics skills. And old school knowledge of how to >> inject image files with malicious code (NetSec/ITSec). This is an older >> style of "hacking". Remember those warnings about clicking download >> attachments from the 90s onward? Same thing still applies. Except, there is >> no detection for any hlds/go server, so an injected image can contaminate a >> server cache. Which in turn will infect clients. Any image file, any data >> file really, can be modified like this. Willing to bet good money those >> $500. go weapon skins have hack code scripted and injected into the image. >> >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: >> >> Sure, >> >> But you have anything to back this up? (don't take it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: >> >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Another set of examples https://securelist.com/png-embedded-malicious-payload-hidden-in-a-png-file/74297/ https://phocean.net/2013/09/29/file-upload-vulnerabilities-appending-php-code-to-an-image.html http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/ https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection Really good book on image file injections... https://books.google.com/books?id=lG_XdxA5LRUC=PA21=PA21=image+file+injection+compromsing+server=bl=E_qdLyJY3C=8BSYFi3AukgoccEcujtnrdeoR4Y=en=X=0ahUKEwiG58epn-bWAhVi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image%20file%20injection%20compromsing%20server=false On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote: > Do you have a POC? > > > * From: * Stealth Mode <stealthmode1...@gmail.com> > * To: * <csgo_servers@list.valvesoftware.com> > * Sent: * 10/10/2017 12:44 AM > * Subject: * Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to > inject image files with malicious code (NetSec/ITSec). This is an older > style of "hacking". Remember those warnings about clicking download > attachments from the 90s onward? Same thing still applies. Except, there is > no detection for any hlds/go server, so an injected image can contaminate a > server cache. Which in turn will infect clients. Any image file, any data > file really, can be modified like this. Willing to bet good money those > $500. go weapon skins have hack code scripted and injected into the image. > > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: > > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom > files with all types of malicious code. From hacks in weapon skins, to > ransomware in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the > custom file. > > Might want to disable custom files till valve decides to correct this > issue. > > -StealthMode > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
This email is fine for a POC. Far as the exploit, for those who arent familiar, this is an example. https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote: > Do you have a POC? > > > * From: * Stealth Mode <stealthmode1...@gmail.com> > * To: * <csgo_servers@list.valvesoftware.com> > * Sent: * 10/10/2017 12:44 AM > * Subject: * Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to > inject image files with malicious code (NetSec/ITSec). This is an older > style of "hacking". Remember those warnings about clicking download > attachments from the 90s onward? Same thing still applies. Except, there is > no detection for any hlds/go server, so an injected image can contaminate a > server cache. Which in turn will infect clients. Any image file, any data > file really, can be modified like this. Willing to bet good money those > $500. go weapon skins have hack code scripted and injected into the image. > > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: > > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom > files with all types of malicious code. From hacks in weapon skins, to > ransomware in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the > custom file. > > Might want to disable custom files till valve decides to correct this > issue. > > -StealthMode > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
No disrespect intended but you have no idea what you are speaking about. The custom "texture", whether that be a .BMP, .jpg,.gif,etc. can be injected with any code you want. This not only can then be selected as a spray paint (which then transports to the server and is stored in cache which is redistributed to the clients and then rendered on their screens), but also as a weapons skin, model skin, or texture stored in a .bsp wad file. These files can be manipulated by injection of whatever code you want. Suggest you research code injections into graphical files. And learn networking, software, and operating system environments. Then study NetSec/ITSec. This is an old way to hack computers. And go especially with its market of weapon skins, and any hl mod with the spray paints, are especially vulnerable. This isn't even touching on the non encrypted UDP packet data that also can be injected. So please research and know the field before speaking opinions not grounded in education. -StealthMode On Oct 9, 2017 19:57, "Francois Dupont"wrote: > PoC||GTFO Chris. I mean despite the fact that clients don't upload > textures, that you think it is a possible vector for a batch file to be > executed after simply being put into memory shows how clueless you are. If > you have anything productive please post, otherwise stop abusing computer > security vernacular. > > -nfbush > > On 9 Oct 2017 11:47 p.m., "Stealth Mode" > wrote: > >> Like literally, I could place an autoexec batch script in a spraypaint, >> or a weapon skin, or any custom file. And once it hits memory (server >> cache) it will execute whatever is wanted. >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo wrote: >> >>> Sure, >>> >>> But you have anything to back this up? (don't take it the wrong way) >>> >>> Nilo. >>> >>> 2017-10-09 16:54 GMT+02:00 Stealth Mode : >>> Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints. The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. Might want to disable custom files till valve decides to correct this issue. -StealthMode ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Do you have a POC? From: Stealth Mode <stealthmode1...@gmail.com> To: <csgo_servers@list.valvesoftware.com> Sent: 10/10/2017 12:44 AM Subject: Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: Sure, But you have anything to back this up? (don't take it the wrong way) Nilo. 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints. The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. Might want to disable custom files till valve decides to correct this issue. -StealthMode ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
doubt. could there be bugs in the cnetchan sendfile implementation? Definitely. Could there be bugs in one of the many scary parsers that run on untrusted code? Yes. I should know. "And old school knowledge of how to inject image files with malicious code (NetSec/ITSec)" this is not a meaningful sentence. if you want to spread fud, at least say, idk, "there's another buffer overflow in the .mdl code". There probably is, honestly. that would be convincing. On Oct 9, 2017 3:46 PM, "Stealth Mode"wrote: Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilo wrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode : > >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
This is such a pointless thread, no proof and a big headed clueless guy coming out with irrelevant crap! -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
PoC||GTFO Chris. I mean despite the fact that clients don't upload textures, that you think it is a possible vector for a batch file to be executed after simply being put into memory shows how clueless you are. If you have anything productive please post, otherwise stop abusing computer security vernacular. -nfbush On 9 Oct 2017 11:47 p.m., "Stealth Mode"wrote: > Like literally, I could place an autoexec batch script in a spraypaint, or > a weapon skin, or any custom file. And once it hits memory (server cache) > it will execute whatever is wanted. > > On Mon, Oct 9, 2017 at 11:59 AM, iNilo wrote: > >> Sure, >> >> But you have anything to back this up? (don't take it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode : >> >>> Headsup admins/owners. Might want to disable custom files till valve >>> addresses this issue brought to their attention a month ago. >>> There is an exploit where any client with minor skill can inject custom >>> files with all types of malicious code. From hacks in weapon skins, to >>> ransomware in custom .bsp, to remote backdoors in custom spray paints. >>> >>> The exploit is injecting code into any image, sound, or data file. You >>> can take weapon skins (csgo), sound files, spray paint image files, even >>> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >>> Trojans/rootkits directly into a server cache, or client cache via the >>> custom file. >>> >>> Might want to disable custom files till valve decides to correct this >>> issue. >>> >>> -StealthMode >>> >>> ___ >>> Csgo_servers mailing list >>> Csgo_servers@list.valvesoftware.com >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Like literally, I could place an autoexec batch script in a spraypaint, or a weapon skin, or any custom file. And once it hits memory (server cache) it will execute whatever is wanted. On Mon, Oct 9, 2017 at 11:59 AM, iNilowrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode : > >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilowrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode : > >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> ___ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Custom files exploit
Sure, But you have anything to back this up? (don't take it the wrong way) Nilo. 2017-10-09 16:54 GMT+02:00 Stealth Mode: > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is an exploit where any client with minor skill can inject custom > files with all types of malicious code. From hacks in weapon skins, to > ransomware in custom .bsp, to remote backdoors in custom spray paints. > > The exploit is injecting code into any image, sound, or data file. You can > take weapon skins (csgo), sound files, spray paint image files, even > .bsp/etc. and inject hack code, or actual ransomware, viruses, or > Trojans/rootkits directly into a server cache, or client cache via the > custom file. > > Might want to disable custom files till valve decides to correct this > issue. > > -StealthMode > > ___ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
[Csgo_servers] Custom files exploit
Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom .bsp, to remote backdoors in custom spray paints. The exploit is injecting code into any image, sound, or data file. You can take weapon skins (csgo), sound files, spray paint image files, even .bsp/etc. and inject hack code, or actual ransomware, viruses, or Trojans/rootkits directly into a server cache, or client cache via the custom file. Might want to disable custom files till valve decides to correct this issue. -StealthMode ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers