Hey there,
I've been working on a project in order to create the most largest vulnerabilities in servers using AMXX, in what you might call "bluehatting", so that they can be resolved. This is more of a "I was bored" project, so there's probably yet even more possible vulnerabilities yet to be discovered (and hopefully not, used).
My work has lead to me creating this monstrosity, a script that will not compile (unless you're not a total noob and are able to work out how I sabotaged it so it couldn't be used and abused, but if you are able to you're likely not to be nooby enough not to try abuse this) but would be able to, if I hadn't purposely sabotaged it, follow out the following activities:
- An experimental Distributed Denial of Service system (socket-based), which uses a MySQL table in order to communicate and synchronize attacks against a certain IP address or hostmask and a port. I've tested it, and although most of the time it seemed to fail, it did work 3 or 4 times (I tested it by launching attacks against my own IP).
- A system allowing exploiters to access files within the server folder in which you can overwrite and delete files. You could also make up a system to read files, too, but I was too lazy to write a streaming system in order to stop buffer overflows.
- A system allowing exploiters to access the MySQL server and databases, and also the possibility to access other MySQL servers (masking the exploiter's IP and incriminating the server it was executed from), and can bypass restrictions on localhost such as disallowing remote connections and blacklisting.
- A system in which you can cause BSODs (Blue Screen of Death) on clients and servers.
- A few sneaky commands, such as removing the flags of admins.
Attached is the SMA. Once again, I'll state that it
will not compile as I have purposely sabotaged it so that noobs can't fuck up servers. I've put it here over other forums as I didn't know an appropiate place to put it. Hopefully, the developers can fix these issues which I think is an accident waiting to happen.
Happy to help with the security of such a brilliant mod,
Xalphox