Re: [Csgo_servers] Custom files exploit

“the field” as you like to call it. It’s customary to >>>>> explain the exploit in detail and provide proof the concept (hence the >>>>> request for a PoC) in any form or way. >>>>> >>>>> >>>>> >>>>> Please demo

Re: [Csgo_servers] Custom files exploit

it. It’s customary to explain >>>> the exploit in detail and provide proof the concept (hence the request for >>>> a PoC) in any form or way. >>>> >>>> >>>> >>>> Please demonstrate the issue, it be by posting the offending code, you >>>>

Re: [Csgo_servers] Custom files exploit

osting the offending code, you >>>> recording a video showing a working exploit, or anything along these lines. >>>> >>>> >>>> >>>> You should know this, if you work in “the field”. >>>> >>>> >>>> >>&g

Re: [Csgo_servers] Custom files exploit

gt;>> >>> >>> >>> Please demonstrate the issue, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field

Re: [Csgo_servers] Custom files exploit

gt; You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Saint K. >>> >>> >>> >>> *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftw

Re: [Csgo_servers] Custom files exploit

g these lines.   You should know this, if you work in “the field”.   Regards,   Saint K.   From: Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] On Behalf Of Stealth Mode Sent: 10 October 2017 18:34 To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers

Re: [Csgo_servers] Custom files exploit

, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >&g

Re: [Csgo_servers] Custom files exploit

>> recording a video showing a working exploit, or anything along these lines. >> >> >> >> You should know this, if you work in “the field”. >> >> >> >> Regards, >> >> >> >> Saint K. >> >> >> >> *From:* Csgo_serve

Re: [Csgo_servers] Custom files exploit

> > > > You should know this, if you work in “the field”. > > > > Regards, > > > > Saint K. > > > > *From:* Csgo_servers [mailto:csgo_servers-boun...@list.valvesoftware.com] *On > Behalf Of *Stealth Mode > *Sent:* 10 October 2017 18:34 > *To:* csg

Re: [Csgo_servers] Custom files exploit

: [Csgo_servers] Custom files exploit @Ryan, etc. I studied radio electronics before IT was a thing. NetSec and ITSec go hand in hand. My credentials aren't CS, because CS was radio electronics. The industry hasn't changed, just a little more vulnerable. Not like I am specifically stating how

Re: [Csgo_servers] Custom files exploit

As an independent contractor, I'm going to assume you "fix" people's broken networks by spreading FUD then correcting a problem that was never there in the first place? What kind of incompetent people do you think frequent this list; people abusing !ws and !knife, allow uploads ever from clients,

Re: [Csgo_servers] Custom files exploit

none of these videos looks current or relevant? 1.6/CZ server exploits have no baring on CSGO server installations. On 10 October 2017 at 17:34, Stealth Mode wrote: > @Ryan, etc. > > I studied radio electronics before IT was a thing. NetSec and ITSec go > hand in

Re: [Csgo_servers] Custom files exploit

@Ryan, etc. I studied radio electronics before IT was a thing. NetSec and ITSec go hand in hand. My credentials aren't CS, because CS was radio electronics. The industry hasn't changed, just a little more vulnerable. Not like I am specifically stating how to inject code, or what code to inject on

Re: [Csgo_servers] Custom files exploit

@ Vaya Indeed.

Re: [Csgo_servers] Custom files exploit

My sides at this thread. At first I just rolled my eyes but now I actually believe that Stealth Mode is either a troll or delusional. Please stop saying "ITSec". Any first year CS student knows what PoC is but you don't? Please. You are embarrassing yourself. Which institution did you get your

Re: [Csgo_servers] Custom files exploit

Nice hat there. Stealth might get this one though: https://i.imgur.com/329jfXt.gif On 10 Oct 2017 4:29 pm, "PistonMiner" wrote: > The person in question should never have written a message about an open > vulnerability into a public mailing list in the first place. Just

Re: [Csgo_servers] Custom files exploit

Please send an actual working proof of concept (PoC) (also the configuration of the server/environment if applicable). A working Proof of Concept will prove your point. At the current level, this is nothing more than a theory and a hypothesis. The PoC is the only thing we need. Cheers.

Re: [Csgo_servers] Custom files exploit

Please stop. I have been watching this conversation since it started. Provide a case-specific example if you can. If not, please keep your solutions to yourself. I may not be an IT graduate, but I have a keen understanding of when someone is full of themself. Besides: your server has custom

Re: [Csgo_servers] Custom files exploit

of Service, etc) From: Csgo_servers <csgo_servers-boun...@list.valvesoftware.com> on behalf of thedudeguy1 <cloherty.r...@gmail.com> Sent: Tuesday, October 10, 2017 10:38 AM To: csgo_servers@list.valvesoftware.com Subject: Re: [Csgo_servers] Custom f

Re: [Csgo_servers] Custom files exploit

et <mailto:sai...@specialattack.net>> >> wrote: >> >> Do you have a POC? >> >> >> *From: * Stealth Mode <stealthmode1...@gmail.com >> <mailto:stealthmode1...@gmail.com>> >> *To: *

Re: [Csgo_servers] Custom files exploit

rLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ >>>> >>>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>>> wrote: >>>> >>>>> Do you have a POC? >>>>> >>>>> >&

Re: [Csgo_servers] Custom files exploit

Stealth Mode. Please post some sort of demonstration or steps to demonstrate this vulnerability. Just one example is all you need to convince us. -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list

Re: [Csgo_servers] Custom files exploit

Vi_IMKHcaqD5YQ6AEIWTAH#v=onepage=image% >>> 20file%20injection%20compromsing%20server=false >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>> wrote: >>> >>>> Do you have a POC? >>>> >>>>

Re: [Csgo_servers] Custom files exploit

es/ >>> >>> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >>> wrote: >>> >>>> Do you have a POC? >>>> >>>> >>>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>>>

Re: [Csgo_servers] Custom files exploit

How is it executing code? What exactly is the mechanism in play here that is evaluating your exploit code? You keep mentioning images, but that would require the backend to parse and execute an exploit attached to said image. There's nothing that would do that. If this was the case large sites

Re: [Csgo_servers] Custom files exploit

t;> q=image%20file%20injection%20compromsing%20server=false >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com>

Re: [Csgo_servers] Custom files exploit

ct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> >> wrote: >> >>> Do you have a POC? >>> >>> >>> * From: * Stealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Se

Re: [Csgo_servers] Custom files exploit

iding-Webshell-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> wrote: > Do you have a POC? > > > From: Stealth Mode <stealthmode1...@gmail.com> > To: <csgo_servers@list.valvesoftware.com> > Sent: 10

Re: [Csgo_servers] Custom files exploit

vers@list.valvesoftware.com>> *Sent: * 10/10/2017 12:44 AM *Subject: * Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec

Re: [Csgo_servers] Custom files exploit

This guy is clueless. On 10 Oct 2017 3:25 pm, "Stealth Mode" wrote: > Actually my information is grounded in fact and 100% replicatable if you > know the field. I've listed a few resources to educate yourself. Please > refrain from speaking if you do not have an

Re: [Csgo_servers] Custom files exploit

oftware.com <mailto:csgo_servers@list.valvesoftware.com>> *Sent: * 10/10/2017 12:44 AM *Subject: * Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject image file

Re: [Csgo_servers] Custom files exploit

ealth Mode <stealthmode1...@gmail.com> >>> * To: * <csgo_servers@list.valvesoftware.com> >>> * Sent: * 10/10/2017 12:44 AM >>> * Subject: * Re: [Csgo_servers] Custom files exploit >>> >>> Yes, IT skills. Electronics skills. And old school know

Re: [Csgo_servers] Custom files exploit

Actually my information is grounded in fact and 100% replicatable if you know the field. I've listed a few resources to educate yourself. Please refrain from speaking if you do not have an education in ITSec.

Re: [Csgo_servers] Custom files exploit

> Do you have a POC? >> >> >> * From: * Stealth Mode <stealthmode1...@gmail.com> >> * To: * <csgo_servers@list.valvesoftware.com> >> * Sent: * 10/10/2017 12:44 AM >> * Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills.

Re: [Csgo_servers] Custom files exploit

ll-Backdoor-Code-in-Image-Files/ > > On Tue, Oct 10, 2017 at 5:19 AM, Saint K. <sai...@specialattack.net> > wrote: > >> Do you have a POC? >> >> >> * From: * Stealth Mode <stealthmode1...@gmail.com> >> * To: * <csgo_servers@list.valvesoftware.com&g

Re: [Csgo_servers] Custom files exploit

; > * Sent: * 10/10/2017 12:44 AM > * Subject: * Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old school knowledge of how to > inject image files with malicious code (NetSec/ITSec). This is an older > style of "hacking". Remember those warni

Re: [Csgo_servers] Custom files exploit

ave a POC? > > > * From: * Stealth Mode <stealthmode1...@gmail.com> > * To: * <csgo_servers@list.valvesoftware.com> > * Sent: * 10/10/2017 12:44 AM > * Subject: * Re: [Csgo_servers] Custom files exploit > > Yes, IT skills. Electronics skills. And old sc

Re: [Csgo_servers] Custom files exploit

No disrespect intended but you have no idea what you are speaking about. The custom "texture", whether that be a .BMP, .jpg,.gif,etc. can be injected with any code you want. This not only can then be selected as a spray paint (which then transports to the server and is stored in cache which is

Re: [Csgo_servers] Custom files exploit

Do you have a POC? From: Stealth Mode <stealthmode1...@gmail.com> To: <csgo_servers@list.valvesoftware.com> Sent: 10/10/2017 12:44 AM Subject: Re: [Csgo_servers] Custom files exploit Yes, IT skills. Electronics skills. And old school knowledge of how to inject

Re: [Csgo_servers] Custom files exploit

doubt. could there be bugs in the cnetchan sendfile implementation? Definitely. Could there be bugs in one of the many scary parsers that run on untrusted code? Yes. I should know. "And old school knowledge of how to inject image files with malicious code (NetSec/ITSec)" this is not a

Re: [Csgo_servers] Custom files exploit

This is such a pointless thread, no proof and a big headed clueless guy coming out with irrelevant crap! -- Sent from: http://csgo-servers.1073505.n5.nabble.com/ ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com

Re: [Csgo_servers] Custom files exploit

PoC||GTFO Chris. I mean despite the fact that clients don't upload textures, that you think it is a possible vector for a batch file to be executed after simply being put into memory shows how clueless you are. If you have anything productive please post, otherwise stop abusing computer security

Re: [Csgo_servers] Custom files exploit

Like literally, I could place an autoexec batch script in a spraypaint, or a weapon skin, or any custom file. And once it hits memory (server cache) it will execute whatever is wanted. On Mon, Oct 9, 2017 at 11:59 AM, iNilo wrote: > Sure, > > But you have anything to back

Re: [Csgo_servers] Custom files exploit

Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no

Re: [Csgo_servers] Custom files exploit

Sure, But you have anything to back this up? (don't take it the wrong way) Nilo. 2017-10-09 16:54 GMT+02:00 Stealth Mode : > Headsup admins/owners. Might want to disable custom files till valve > addresses this issue brought to their attention a month ago. > There is

[Csgo_servers] Custom files exploit

Headsup admins/owners. Might want to disable custom files till valve addresses this issue brought to their attention a month ago. There is an exploit where any client with minor skill can inject custom files with all types of malicious code. From hacks in weapon skins, to ransomware in custom