“the field” as you like to call it. It’s customary to
>>>>> explain the exploit in detail and provide proof the concept (hence the
>>>>> request for a PoC) in any form or way.
>>>>>
>>>>>
>>>>>
>>>>> Please demo
it. It’s customary to explain
>>>> the exploit in detail and provide proof the concept (hence the request for
>>>> a PoC) in any form or way.
>>>>
>>>>
>>>>
>>>> Please demonstrate the issue, it be by posting the offending code, you
>>>>
osting the offending code, you
>>>> recording a video showing a working exploit, or anything along these lines.
>>>>
>>>>
>>>>
>>>> You should know this, if you work in “the field”.
>>>>
>>>>
>>>>
>>&g
gt;>>
>>>
>>>
>>> Please demonstrate the issue, it be by posting the offending code, you
>>> recording a video showing a working exploit, or anything along these lines.
>>>
>>>
>>>
>>> You should know this, if you work in “the field
gt; You should know this, if you work in “the field”.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Saint K.
>>>
>>>
>>>
>>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftw
g these lines.
You should know this, if you work in “the field”.
Regards,
Saint K.
From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On
Behalf Of Stealth Mode
Sent: 10 October 2017 18:34
To: csgo_servers@list.valvesoftware.com
Subject: Re: [Csgo_servers
, it be by posting the offending code, you
>>> recording a video showing a working exploit, or anything along these lines.
>>>
>>>
>>>
>>> You should know this, if you work in “the field”.
>>>
>>>
>>>
>>> Regards,
>>>
>&g
>> recording a video showing a working exploit, or anything along these lines.
>>
>>
>>
>> You should know this, if you work in “the field”.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Saint K.
>>
>>
>>
>> *From:* Csgo_serve
>
>
>
> You should know this, if you work in “the field”.
>
>
>
> Regards,
>
>
>
> Saint K.
>
>
>
> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] *On
> Behalf Of *Stealth Mode
> *Sent:* 10 October 2017 18:34
> *To:* csg
: [Csgo_servers] Custom files exploit
@Ryan, etc.
I studied radio electronics before IT was a thing. NetSec and ITSec go hand in
hand. My credentials aren't CS, because CS was radio electronics. The industry
hasn't changed, just a little more vulnerable. Not like I am specifically
stating how
As an independent contractor, I'm going to assume you "fix" people's broken
networks by spreading FUD then correcting a problem that was never there in
the first place? What kind of incompetent people do you think frequent this
list; people abusing !ws and !knife, allow uploads ever from clients,
none of these videos looks current or relevant? 1.6/CZ server exploits have
no baring on CSGO server installations.
On 10 October 2017 at 17:34, Stealth Mode wrote:
> @Ryan, etc.
>
> I studied radio electronics before IT was a thing. NetSec and ITSec go
> hand in
@Ryan, etc.
I studied radio electronics before IT was a thing. NetSec and ITSec go hand
in hand. My credentials aren't CS, because CS was radio electronics. The
industry hasn't changed, just a little more vulnerable. Not like I am
specifically stating how to inject code, or what code to inject on
@ Vaya
Indeed.
My sides at this thread. At first I just rolled my eyes but now I actually
believe that Stealth Mode is either a troll or delusional. Please stop
saying "ITSec". Any first year CS student knows what PoC is but you don't?
Please.
You are embarrassing yourself. Which institution did you get your
Nice hat there. Stealth might get this one though:
https://i.imgur.com/329jfXt.gif
On 10 Oct 2017 4:29 pm, "PistonMiner" wrote:
> The person in question should never have written a message about an open
> vulnerability into a public mailing list in the first place. Just
Please send an actual working proof of concept (PoC) (also the
configuration of the server/environment if applicable). A working Proof of
Concept will prove your point. At the current level, this is nothing more
than a theory and a hypothesis. The PoC is the only thing we need.
Cheers.
Please stop. I have been watching this conversation since it started.
Provide a case-specific example if you can. If not, please keep your
solutions to yourself.
I may not be an IT graduate, but I have a keen understanding of when
someone is full of themself.
Besides: your server has custom
of Service, etc)
From: Csgo_servers <csgo_servers-boun...@list.valvesoftware.com> on behalf of
thedudeguy1 <cloherty.r...@gmail.com>
Sent: Tuesday, October 10, 2017 10:38 AM
To: csgo_servers@list.valvesoftware.com
Subject: Re: [Csgo_servers] Custom f
et <mailto:sai...@specialattack.net>>
>> wrote:
>>
>> Do you have a POC?
>>
>>
>> *From: * Stealth Mode <stealthmode1...@gmail.com
>> <mailto:stealthmode1...@gmail.com>>
>> *To: *
rLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/
>>>>
>>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
>>>> wrote:
>>>>
>>>>> Do you have a POC?
>>>>>
>>>>>
>&
Stealth Mode. Please post some sort of demonstration or steps to demonstrate
this vulnerability. Just one example is all you need to convince us.
--
Sent from: http://csgo-servers.1073505.n5.nabble.com/
___
Csgo_servers mailing list
Vi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image%
>>> 20file%20injection%20compromsing%20server=false
>>>
>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
>>> wrote:
>>>
>>>> Do you have a POC?
>>>>
>>>>
es/
>>>
>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
>>> wrote:
>>>
>>>> Do you have a POC?
>>>>
>>>>
>>>> * From: * Stealth Mode <stealthmode1...@gmail.com>
>>>>
How is it executing code? What exactly is the mechanism in play here that
is evaluating your exploit code? You keep mentioning images, but that would
require the backend to parse and execute an exploit attached to said image.
There's nothing that would do that. If this was the case large sites
t;> q=image%20file%20injection%20compromsing%20server=false
>>
>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
>> wrote:
>>
>>> Do you have a POC?
>>>
>>>
>>> * From: * Stealth Mode <stealthmode1...@gmail.com>
ct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
>> wrote:
>>
>>> Do you have a POC?
>>>
>>>
>>> * From: * Stealth Mode <stealthmode1...@gmail.com>
>>> * To: * <csgo_servers@list.valvesoftware.com>
>>> * Se
iding-Webshell-Backdoor-Code-in-Image-Files/
>
> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote:
> Do you have a POC?
>
>
> From: Stealth Mode <stealthmode1...@gmail.com>
> To: <csgo_servers@list.valvesoftware.com>
> Sent: 10
vers@list.valvesoftware.com>>
*Sent: * 10/10/2017 12:44 AM
*Subject: * Re: [Csgo_servers] Custom files exploit
Yes, IT skills. Electronics skills. And old school
knowledge of how to inject image files with malicious
code (NetSec
This guy is clueless.
On 10 Oct 2017 3:25 pm, "Stealth Mode" wrote:
> Actually my information is grounded in fact and 100% replicatable if you
> know the field. I've listed a few resources to educate yourself. Please
> refrain from speaking if you do not have an
oftware.com
<mailto:csgo_servers@list.valvesoftware.com>>
*Sent: * 10/10/2017 12:44 AM
*Subject: * Re: [Csgo_servers] Custom files exploit
Yes, IT skills. Electronics skills. And old school
knowledge of how to inject image file
ealth Mode <stealthmode1...@gmail.com>
>>> * To: * <csgo_servers@list.valvesoftware.com>
>>> * Sent: * 10/10/2017 12:44 AM
>>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>>
>>> Yes, IT skills. Electronics skills. And old school know
Actually my information is grounded in fact and 100% replicatable if you
know the field. I've listed a few resources to educate yourself. Please
refrain from speaking if you do not have an education in ITSec.
> Do you have a POC?
>>
>>
>> * From: * Stealth Mode <stealthmode1...@gmail.com>
>> * To: * <csgo_servers@list.valvesoftware.com>
>> * Sent: * 10/10/2017 12:44 AM
>> * Subject: * Re: [Csgo_servers] Custom files exploit
>>
>> Yes, IT skills.
ll-Backdoor-Code-in-Image-Files/
>
> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net>
> wrote:
>
>> Do you have a POC?
>>
>>
>> * From: * Stealth Mode <stealthmode1...@gmail.com>
>> * To: * <csgo_servers@list.valvesoftware.com&g
;
> * Sent: * 10/10/2017 12:44 AM
> * Subject: * Re: [Csgo_servers] Custom files exploit
>
> Yes, IT skills. Electronics skills. And old school knowledge of how to
> inject image files with malicious code (NetSec/ITSec). This is an older
> style of "hacking". Remember those warni
ave a POC?
>
>
> * From: * Stealth Mode <stealthmode1...@gmail.com>
> * To: * <csgo_servers@list.valvesoftware.com>
> * Sent: * 10/10/2017 12:44 AM
> * Subject: * Re: [Csgo_servers] Custom files exploit
>
> Yes, IT skills. Electronics skills. And old sc
No disrespect intended but you have no idea what you are speaking about.
The custom "texture", whether that be a .BMP, .jpg,.gif,etc. can be
injected with any code you want. This not only can then be selected as a
spray paint (which then transports to the server and is stored in cache
which is
Do you have a POC?
From: Stealth Mode <stealthmode1...@gmail.com>
To: <csgo_servers@list.valvesoftware.com>
Sent: 10/10/2017 12:44 AM
Subject: Re: [Csgo_servers] Custom files exploit
Yes, IT skills. Electronics skills. And old school knowledge of how to inject
doubt.
could there be bugs in the cnetchan sendfile implementation? Definitely.
Could there be bugs in one of the many scary parsers that run on untrusted
code? Yes.
I should know.
"And old school knowledge of how to inject image files with malicious code
(NetSec/ITSec)" this is not a
This is such a pointless thread, no proof and a big headed clueless guy
coming out with irrelevant crap!
--
Sent from: http://csgo-servers.1073505.n5.nabble.com/
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
PoC||GTFO Chris. I mean despite the fact that clients don't upload
textures, that you think it is a possible vector for a batch file to be
executed after simply being put into memory shows how clueless you are. If
you have anything productive please post, otherwise stop abusing computer
security
Like literally, I could place an autoexec batch script in a spraypaint, or
a weapon skin, or any custom file. And once it hits memory (server cache)
it will execute whatever is wanted.
On Mon, Oct 9, 2017 at 11:59 AM, iNilo wrote:
> Sure,
>
> But you have anything to back
Yes, IT skills. Electronics skills. And old school knowledge of how to
inject image files with malicious code (NetSec/ITSec). This is an older
style of "hacking". Remember those warnings about clicking download
attachments from the 90s onward? Same thing still applies. Except, there is
no
Sure,
But you have anything to back this up? (don't take it the wrong way)
Nilo.
2017-10-09 16:54 GMT+02:00 Stealth Mode :
> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is
Headsup admins/owners. Might want to disable custom files till valve
addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject custom
files with all types of malicious code. From hacks in weapon skins, to
ransomware in custom
46 matches
Mail list logo