1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Critical Vulnerbility in Cracked Servers

Discussion in 'Steam Discussion' started by .ISO, July 25, 2008.

  1. .ISO

    .ISO FS Member

    A critcal security vulnerbility has been discovered in cracked servers (server with cracked engine.dll), and this has been discovered by a misterious man called MR.Clean, who is a crack server hater. The exploit would let the hacker seize root access to the server's operating system, which will allow the hacker to manipulate the system, such as delete, steal, upload files to the server, and even DOWNLOAD files from it. A few people who observed the have has claimed that the scrds was stalled for a moment, and ftp.exe was spawned automatically. A similar thing would happen if you are running linux as well.
    Here is a conversation between my friend, who is a server operator of a popular 32 man cracked server.

    Mr. Clean: I have a piece of information for you
    ----: ?
    Mr. Clean: Pirate servers have a security vulnerability
    Mr. Clean: As long as your server is pirate
    Mr. Clean: I will kill it
    Mr. Clean: randomly
    ----: whos this
    Mr. Clean: Someone who doesn't like pirate servers
    ----: whats the vulnerability
    Mr. Clean is now Offline.
    Mr. Clean is now playing Team Fortress 2. Click here to join.
    Mr. Clean is now Online.
    Mr. Clean: Did you get that
    Mr. Clean: ----: whos this
    Mr. Clean: Someone who doesn't like pirate servers
    Mr. Clean: I deleted everything related to your tf2 server
    Mr. Clean: I left it as that as a warning
    Mr. Clean: if you start up another pirate server I will hose the operating system
    ----: lol
    ----: stfu
    Mr. Clean: lol
    Mr. Clean: your server hasn't come back

    MR.Clean's steam community page can be accessed here:
    Steam Community :: ID :: Mr.CleanESQ

    If you know how this exploit was done, please let me know, so i can contact vivanty and other server crack makers. Also, i am also developing my own crack, so i need to know about this as well. Thanks and be safe.
     
  2. WorldWarIII

    WorldWarIII Guest

    Thanks for the heads up.
     
  3. Renegade89

    Renegade89 New Member

    You sure its not just someone who has access already to your server?
     
  4. WorldWarIII

    WorldWarIII Guest

    It's probably a modified engine.dll to allow the user access through a trojan/rat.


    Also, this is on rin. It's apparently through using VUP (Vitlyns) project.
     
  5. .ISO

    .ISO FS Member

    Yep, as i said, my friend posted that thread on Rin, but he didn't tell them the details on what the exploit can do. It's pretty damn seirous.
     
  6. Trigger-happy

    Trigger-happy FS Member

    lol the sound of that convo he sounds like a pervert
     
  7. .ISO

    .ISO FS Member

    Yea...
     
  8. deltatsunami

    deltatsunami New Member

    ScRiPt KidDy OmG
     
  9. .ISO

    .ISO FS Member

    Do you have the script :D
     
  10. deltatsunami

    deltatsunami New Member

    Echo419 probably does.. he has everything. Ask him.
     
  11. .ISO

    .ISO FS Member

    He probably DOESN'T. This is extremely private lol. I'll ask him anyways.
     
  12. deltatsunami

    deltatsunami New Member

  13. .ISO

    .ISO FS Member

    No i don't think that's the one. This have nothing to do with DDOS.
    Also, wtf do u do with that
     
  14. deltatsunami

    deltatsunami New Member

    Yes, if you can take down a server that means you DoS'd it. Its a script, run it agasint any cracked servers and you'll take it down.
     
  15. .ISO

    .ISO FS Member

    Thanks for the info, but this was patched like 2 years ago, and viytan said that this is not the exploit
     
  16. Echo419

    Echo419 FS Owner

    It may be patched but other people don;t know that there's an update to stop it ^^

    Oh and good effort posting that which i linked you to.
     
  17. .ISO

    .ISO FS Member

    It's not patched
     
  18. Echo419

    Echo419 FS Owner

    Decision please?
     
  19. rushil01

    rushil01 Maestro of Meyhem

    rofl hahaha
     
  20. .ISO

    .ISO FS Member

    "but this was patched like 2 years ago,"
    i was talkin about the exploit that delta posted

    "It may be patched"
    no it's not

    "It's not patched"
    It's not patched
     
  21. Echo419

    Echo419 FS Owner

    One delta posted,

    2008-01-06 Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam)

    That is all.
     
  22. .ISO

    .ISO FS Member

    But that wasn't it.
     
  23. .ISO

    .ISO FS Member

    UPDATE:

    Original Link:
    http://209.85.141.104/search?q=cach...hp?t=73039+core2.smx&hl=en&ct=clnk&cd=2&gl=ca

    So... the hacker was using SourceMod as a backdoor...
     
  24. Echo419

    Echo419 FS Owner

    Negative core2 is not actually part of the base sourcemod package, either he's got a bad plugin people are exploiting or someones got his admin password.
     
  25. .ISO

    .ISO FS Member

    I know core2.smx is not part of SM, but the guy is using sm as a backdoor
     
  26. Echo419

    Echo419 FS Owner

    "c:\Programming\hack_mm\" modified metamod please? Unless he has the sockets extension loaded he's not gonna be able to download anyway.
     
  27. .ISO

    .ISO FS Member

    we wouldn't know how he did it unless we actually catches someone hacking a bait server
     
  28. Echo419

    Echo419 FS Owner

    However we do know that AMX/SourceMod don't work properly on cracked servers, so we know some modification of the original source occurred.
     
  29. .ISO

    .ISO FS Member

    Right. Vivanty also made a fixed ver of SM and AMX mod X, which not alot of people uses.
     

Share This Page