AlliedModders - [ANY] Dis/connect exploit fixer

AlliedModders (https://forums.alliedmods.net/index.php)

- Plugins (https://forums.alliedmods.net/forumdisplay.php?f=108)

- - [ANY] Dis/connect exploit fixer (https://forums.alliedmods.net/showthread.php?t=226411)

[ANY] Dis/connect exploit fixer

Connect exploit:
A cheater can get IP addresses of connecting players by displaying event information from the client side.
Unfortunately, the server is exposing the players' IP address on the event.

Disconnect exploit:
A cheater can use the channel->Shutdown(); function through the Source SDK and fake a disconnect reason, he can use some special characters and make the disconnect reason colored, or multi-lined.

This plugin fixes both exploits.

Version cvar: sm_dis_connect_version

Re: [ANY] Dis/connect exploit fixer

I think ill post what we are all thinking here... How do you know this works?

Re: [ANY] Dis/connect exploit fixer

Quote:

Originally Posted by Mitchell (Post 2036481)

I think ill post what we are all thinking here... How do you know this works?

I think you know the answer.

Thanks shavit, what about something that fixes unwanted downloads by others? :bacon:

Re: [ANY] Dis/connect exploit fixer

I guess SMAC and RCON locker already preventing this exploit.

Re: [ANY] Dis/connect exploit fixer

Quote:

Originally Posted by Mitchell (Post 2036481)

I think ill post what we are all thinking here... How do you know this works?

Connect exploit:
sm_cvar sv_cheats 1
net_showevents 1
Tell someone to connect

Disconnect exploit:
Set your server + client to run with the -insecure parameter.
Compile the following source code with Source SDK 2013's utils/serverplugin_sample/serverplugin_empty.cpp file, don't remove the includes since I don't know what's needed for that.
After you compile it place it in your games's addons/ folder and once on main menu use plugin_load to load this plugin:

PHP Code:


		
			
CON_COMMAND(disconnect_exploit, "Disconnect with a custom message")
{
    INetChannel *channel = (INetChannel*)enginecl->GetNetChannelInfo();
    channel->Shutdown("testing disconnect reason exploit");

    return;
}

Then looks at your server's console or ask someone to join and see the effect.
After that, run that plugin and test again.

Quote:

Originally Posted by vodka00 (Post 2036485)

I think you know the answer.

Thanks shavit, what about something that fixes unwanted downloads by others? :bacon:

https://forums.alliedmods.net/showthread.php?t=142249

Quote:

Originally Posted by Root_ (Post 2036497)

I guess SMAC and RCON locker already preventing this exploit.

SMAC doesn't.

RCON locker just makes the disconnect reason empty which is a big no no no.

PHP Code:


		
			
public Action:player_disc(Handle:event, const String:name[], bool:dontBroadcast)
{
    SetEventString(event,"reason","");
    return Plugin_Continue;
}

Re: [ANY] Dis/connect exploit fixer

You'd better dont explain way to crash a servers...

Re: [ANY] Dis/connect exploit fixer

Quote:

Originally Posted by Root_ (Post 2036519)

You'd better dont explain way to crash a servers...

That's not a way to crash a server at all, not even related to server crashing.

Re: [ANY] Dis/connect exploit fixer

Quote:

Originally Posted by shavit (Post 2036518)

Set your server + client to run with the -insecure parameter.

The fix is easy:

Don't run your server with -insecure

Edit: Why are you running your server with VAC disabled anyway?

Re: [ANY] Dis/connect exploit fixer

Quote:

Originally Posted by Powerlord (Post 2036532)

The fix is easy:

Don't run your server with -insecure

Edit: Why are you running your server with VAC disabled anyway?

I don't. The method I gave him is just to test it.
Cheaters could compile the C++ plugin and inject it to hl2.exe, it will work, but risking a VAC ban is stupid.
That's for the disconnect exploit, about the connect exploit - someone can just write memory to net_showevents, it will bypass VAC and any server-sided anti-cheat.

Re: [ANY] Dis/connect exploit fixer