[ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
3 Attachment(s)
There's a new exploit in the wild which allows any client to attack the server after connecting if you have sv_allowdownload set to 1. On Linux the servers will most likely restart within 30 seconds if there's a watchdog timer installed. On Windows this exploit can be utilized to cause a Blue Screen Of Death on your dedicated hosters box. The exploit involves the use of the RequestFile command and has already been reported to Valve (~8 Months ago) through the bounty bug reward program. The report was ignored by the HackerOne Staff because it didnt meet the standards of "crashing the server" ( Report #472858 ). Even though this can lead to a BSOD if used correctly and as shown in my submited Proof Of Concept. ...
The exploit's POC was stolen from one of my un-secured dedicated test servers recently by some "Hackers" and now is being sold by them. The POC was written to work on all versions of SRCDS so many servers are at risk until valve releases an official patch. I've written my own patch for the community to use until that date comes. Symptoms of the exploit being used on your server would be to see the text "File '%s' requested from" spammed in your SRCDS console. These messages do not create logs in any document so it may be hard for some users to track what's happening. This is mostly expected to plauge CS:GO/CStrike servers currently. I've only tested this on css/csgo and it seems to work fine. I'm unaware if any game mode will utilize the request file function after a player conects (for example sprays) but i believe it's handled differently (server sends files rather than client requesting file). Let me know if you run into any issues. Edit: Added OnFileReceive Hook as well to prevent clients from spamming file sends to the server. Nopped out a message that still prints on file receive when the server has sv_allowupload set to 0 (Untested Changes) Updated 1/2/2021, Please post a report if it crashes on linux or windows CSGO servers Updated 02/03/2023: Untested, updated for linux changes. Newest version: SendFileFix 3.3.zip |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Eggcellent
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
what a server being crashed from console looks like:
https://i.imgur.com/TsBVrI9.png https://www.youtube.com/watch?v=fMo_Au6QqBo me doing it |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Code:
RequestCount[client] -= 32;Code:
for (new client = 0; client <= MaxClients; client++)Code:
for (new client = 1; client <= MaxClients; client++)anyways, i didnt find any other wrong code besides that |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
Also to note, MaxClients variates depending on the number of clients the server can accept, so it could be iterating through 10, 32, 64 or whatever number of players the server is set up to. |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
why does the plugin loop through all clients every 5 seconds and subtract 32 from their RequestCount?
Spoiler
edit: I'm guessing it's to account for false-positive scenarios in case there's a game mode that happens to send a large amount of files: Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Oh shit man, I feel sorry for you to get your work stolen and not even recognized.
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
In csgo you just need to use sv_allowdownload 0 and sv_allowupload 0.
This exploit has been running since 2018. |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
He was in the public domain for a long time. Everyone just forgot about him, and then they remembered ... |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
people abusing them and they eventually get patched by valve as new ones come out. |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
fastdl is not working if i change the cvars to 0.
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Thank you!
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Wanted to say thabk you!
For me this plugin helped very well!! Also what about sv_allowdownload 0, is it really working in CsGo? I havent tried it yet, but if @september says so, maybe it's true? |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
Code:
for(new i=1;i <= MaxClients;i++) |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Is this exploit still active or is it patched by valve?
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
CreateFragmentsFromFile: '.txt' doesn't exist.
CreateFragmentsFromFile: ' Receiving failed: too many fragments 38/35 from 79.118.29.217:27005 Receiving failed: too many fragments 72/42 from 86.120.251.36:27005 Receiving failed: too many fragments 41/35 from 79.118.29.217:27005 Receiving failed: too many fragments 76/42 from 86.120.251.36:27005 Receiving failed: too many fragments 45/35 from 79.118.29.217:27005 Receiving failed: too many fragments 80/42 from 86.120.251.36:27005 Receiving failed: too many fragments 49/35 from 79.118.29.217:27005 Receiving failed: too many fragments 84/42 from 86.120.251.36:27005 Receiving failed: too many fragments 68/67 from 86.122.216.112:27005 Receiving failed: too many fragments 53/35 from 79.118.29.217:27005 I think this exploit is back, have your plugin and still got this. All players are kicked with timed out reason...... also getting this: IP rate limit detected distributed packet load (50001 buckets, 2147694531 global count) |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
1 Attachment(s)
new syntax (updated plugin)
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Hi there,
Who knows the problem and can help me? https://crash.limetech.org/a5veex3osw5s My server crashes with the new version "SendFile Exploit Fix (v3.1)" |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
This is still relevant, the last attack was on 04/02/2021, I think the valve has not been fixed yet. Put SendFileFix 3.1 working for a month now, and the attacks stopped!
report CreateFragmentsFromFile: '.txt' doesn't exist. CreateFragmentsFromFile: '.txt' doesn't exist. |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Today, I observed several attempted attacks. This security patch is still needed.
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
2 Attachment(s)
i have SendFile Exploit Fix (v3.1) on my server, but it didn't help
my cvars sv_downloadurl ..... (fastdl) sv_allowupload 0 sv_allowdownload 1 |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
after newest csgo update, plugin stopped work
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
[SM] Failed to load plugin "SendFileExploitFixV3.1.smx": Unable to load plugin (bad header).
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
After 02/02 update this plugin is throwing errors:
Code:
L 02/03/2023 - 18:44:40: [SM] Exception reported: Invalid address 0x1 is pointing to reserved memory. |
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
Re: [ANY] SRCDS Server Crasher Exploit Patch [6/27/19]
Quote:
|
| All times are GMT -4. The time now is 22:23. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.