Epi, are you the EPI (Epilogue) from 1.0-1.6? Or someone else? 2 pump chumps ring a bell? I don't have time tbh to provide anything other than information. This is a side issue I discovered on my own lan server using a .gif spray paint image. It can be replicated. Build a graphics file, inject it with a script to execute a shell window, and display a message, xxxx has set us up the bomb. Inject into the image file, select as a spray paint. Spray it on your server, log into your server, look at the shell window.
Have a nice day. Off to work. -StealthMode On Tue, Oct 10, 2017 at 10:29 AM, epi <[email protected]> wrote: > PoC stands for Proof of Concept. We are asking you to provide proof that > you are not just pasting random articles on PHP. You have yet to show us > anything that would trigger any issues in srcds. > > On 10/10/2017 10:26 AM, Stealth Mode wrote: > >> POC far as I know is always Point Of Contact. Or Professional Overseas >> Contractor. >> >> Unless you are referring to Packet Order Correction in reference to >> networking. Which yes, even then, does not apply in this situation. >> >> -StealthMode >> >> On Tue, Oct 10, 2017 at 10:19 AM, Alan Love <[email protected] <mailto: >> [email protected]>> wrote: >> >> Did you read how that's actually exploited? It would require another >> malicious script to parse the exif tag and eval some PHP. How >> exactly would a similar situation occur on a hosted game server? Do >> you have a poc? You say this email chain is one but I dont think you >> quite know what you're talking about. >> >> On Oct 10, 2017 9:15 AM, "Stealth Mode" <[email protected] >> <mailto:[email protected]>> wrote: >> >> This email is fine for a POC. Far as the exploit, for those who >> arent familiar, this is an example. >> >> https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/ >> <https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding- >> Webshell-Backdoor-Code-in-Image-Files/> >> >> On Tue, Oct 10, 2017 at 5:19 AM, Saint K. >> <[email protected] <mailto:[email protected]>> >> wrote: >> >> Do you have a POC? >> >> >> *From: * Stealth Mode <[email protected] >> <mailto:[email protected]>> >> *To: * <[email protected] >> <mailto:[email protected]>> >> *Sent: * 10/10/2017 12:44 AM >> *Subject: * Re: [Csgo_servers] Custom files exploit >> >> Yes, IT skills. Electronics skills. And old school >> knowledge of how to inject image files with malicious >> code (NetSec/ITSec). This is an older style of >> "hacking". Remember those warnings about clicking >> download attachments from the 90s onward? Same thing >> still applies. Except, there is no detection for any >> hlds/go server, so an injected image can contaminate a >> server cache. Which in turn will infect clients. Any >> image file, any data file really, can be modified like >> this. Willing to bet good money those $500. go weapon >> skins have hack code scripted and injected into the image. >> >> >> On Mon, Oct 9, 2017 at 11:59 AM, iNilo >> <[email protected] <mailto:[email protected]>> >> wrote: >> >> Sure, >> >> But you have anything to back this up? (don't take >> it the wrong way) >> >> Nilo. >> >> 2017-10-09 16:54 GMT+02:00 Stealth Mode >> <[email protected] >> <mailto:[email protected]>>: >> >> Headsup admins/owners. Might want to disable >> custom files till valve addresses this issue >> brought to their attention a month ago. >> There is an exploit where any client with minor >> skill can inject custom files with all types of >> malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors >> in custom spray paints. >> >> The exploit is injecting code into any image, >> sound, or data file. You can take weapon skins >> (csgo), sound files, spray paint image files, >> even .bsp/etc. and inject hack code, or actual >> ransomware, viruses, or Trojans/rootkits >> directly into a server cache, or client cache >> via the custom file. >> >> Might want to disable custom files till valve >> decides to correct this issue. >> >> -StealthMode >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com >> /cgi-bin/mailman/listinfo/csgo_servers >> <https://list.valvesoftware.co >> m/cgi-bin/mailman/listinfo/csgo_servers> >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com >> /cgi-bin/mailman/listinfo/csgo_servers >> <https://list.valvesoftware.co >> m/cgi-bin/mailman/listinfo/csgo_servers> >> >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com >> /cgi-bin/mailman/listinfo/csgo_servers >> <https://list.valvesoftware.co >> m/cgi-bin/mailman/listinfo/csgo_servers> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >> _servers >> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >> o_servers> >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo >> _servers >> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csg >> o_servers> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > >> >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
