[SNIPPET] Malicious Activites
You want your plugin to become Malicious? You want anyone to gain access over everything? SQL server firewall'ed? No Problem! Introducing all new!
So what this kinda shows is how a CS:GO server can be used as a VPN into a SQL server. Some SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it. So - at the end of the day - be very aware of who and what you give users to in your servers. There could theoretically a way to actually leave the confinement of the CS:GO server and access the whole VPS / Dedi entirely, but I haven't got up to that yet : ^) Note: PrintToConsole has a limit on how much it can print, I could have it push to a stack and print a few at a time until it's all printed, but you can figure that one out : ^) Some notable commands: Code:
sm_test "example" "show tables;"PHP Code:
Spoiler
|
Re: [SNIPPET] Malicious Activites
aka How to print an entire database to console
What are you trying to say? That if you have access you can write a plugin to print contents of a database? lol I must be missing something |
Re: [SNIPPET] Malicious Activites
Using a proper sql client is much better
|
Re: [SNIPPET] Malicious Activites
Quote:
Quote:
Firstly this isn't a plugin - it's to show Server Owners how allowing people access to the plugins directory but locking down the DB's is "safe" but in reality it's not. This is just a gateway for anyone to pass through any / all commands like a "SQL Client" but through the CS:GO. If you read the big portion of the text above the code you'd understand but seeing you look straight at the code and not read the information itself is your loss. |
Re: [SNIPPET] Malicious Activites
Quote:
http://www.heidisql.com/ |
Re: [SNIPPET] Malicious Activites
Quote:
If you take a look over at the Lysis thread, there's some funny examples of database information being dumped, rcon passwords, etc. |
Re: [SNIPPET] Malicious Activites
Quote:
I figure u dont even know what injection is. I figure u make users with full permissions and dont understand permissions properly. A combination of both means I'll drop your entire schema. I have an entire mysql cluster open to the public for my token and paintkit systems. I use permissions to control what these clients can do and have access to. Moral is. Setup permissions and dont write injection vulnerable code. Edit: If you can find my cluster and make a login, try do something naughty. The best u can do is leave me a message in a table row that will cost you .5AUD I've had a few ppl do such for lols. They are now steam friends. |
Re: [SNIPPET] Malicious Activites
Yawn.
|
Re: [SNIPPET] Malicious Activites
Fully. I'll just stfu :-)
|
| All times are GMT -4. The time now is 18:52. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.