Monthly Target: $400 Donations: $131
 32% 

[ANY] Dis/connect exploit fixer


Post New Thread Reply   
 
Thread Tools Display Modes
Author
shavit
AlliedModders Donor
Join Date: Dec 2011
Location: Israel
Plugin ID:
3908
Plugin Version:
1.0
Plugin Category:
Technical/Development
Plugin Game:
Any
Plugin Dependencies:
    Servers with this Plugin:
    15 
    Plugin Description:
    That plugin is fixing is fixing an exploit that allows a cheater to get an IP of players and use a custom disconnect reason.
    Old 09-17-2013 , 14:22   [ANY] Dis/connect exploit fixer
    Reply With Quote #1

    Connect exploit:
    A cheater can get IP addresses of connecting players by displaying event information from the client side.
    Unfortunately, the server is exposing the players' IP address on the event.

    Disconnect exploit:
    A cheater can use the channel->Shutdown(); function through the Source SDK and fake a disconnect reason, he can use some special characters and make the disconnect reason colored, or multi-lined.

    This plugin fixes both exploits.

    Version cvar: sm_dis_connect_version
    Attached Files
    File Type: sp Get Plugin or Get Source (dis_connect_fixer.sp - 577 views - 1.4 KB)
    __________________
    My Plugins
    Not taking private requests, too busy.

    Last edited by shavit; 09-18-2013 at 13:57.
    shavit is offline
    Mitchell
    ~lick~
    Join Date: Mar 2010
    Location: noitacoL:
    Old 09-17-2013 , 15:00   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #2

    I think ill post what we are all thinking here... How do you know this works?
    __________________
    Mitchell is offline
    vodka00
    Veteran Member
    Join Date: Jun 2012
    Location: Los Angeles
    Old 09-17-2013 , 15:05   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #3

    Quote:
    Originally Posted by Mitchell View Post
    I think ill post what we are all thinking here... How do you know this works?
    I think you know the answer.

    Thanks shavit, what about something that fixes unwanted downloads by others?
    __________________
    cw main:

    cw speedruns:

    Last edited by vodka00; 09-17-2013 at 15:05.
    vodka00 is offline
    Root_
    Veteran Member
    Join Date: Jan 2012
    Location: ryssland
    Old 09-17-2013 , 15:18   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #4

    I guess SMAC and RCON locker already preventing this exploit.
    __________________


    dodsplugins.com - Plugins and Resources for Day of Defeat
    http://twitch.tv/zadroot
    Root_ is offline
    shavit
    AlliedModders Donor
    Join Date: Dec 2011
    Location: Israel
    Old 09-17-2013 , 16:03   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #5

    Quote:
    Originally Posted by Mitchell View Post
    I think ill post what we are all thinking here... How do you know this works?
    Connect exploit:
    sm_cvar sv_cheats 1
    net_showevents 1
    Tell someone to connect

    Disconnect exploit:
    Set your server + client to run with the -insecure parameter.
    Compile the following source code with Source SDK 2013's utils/serverplugin_sample/serverplugin_empty.cpp file, don't remove the includes since I don't know what's needed for that.
    After you compile it place it in your games's addons/ folder and once on main menu use plugin_load to load this plugin:
    PHP Code:
    CON_COMMAND(disconnect_exploit"Disconnect with a custom message")
    {
        
    INetChannel *channel = (INetChannel*)enginecl->GetNetChannelInfo();
        
    channel->Shutdown("testing disconnect reason exploit");

        return;

    Then looks at your server's console or ask someone to join and see the effect.
    After that, run that plugin and test again.
    Quote:
    Originally Posted by vodka00 View Post
    I think you know the answer.

    Thanks shavit, what about something that fixes unwanted downloads by others?
    https://forums.alliedmods.net/showthread.php?t=142249
    Quote:
    Originally Posted by Root_ View Post
    I guess SMAC and RCON locker already preventing this exploit.
    SMAC doesn't.

    RCON locker just makes the disconnect reason empty which is a big no no no.

    PHP Code:
    public Action:player_disc(Handle:event, const String:name[], bool:dontBroadcast)
    {
        
    SetEventString(event,"reason","");
        return 
    Plugin_Continue;

    __________________
    My Plugins
    Not taking private requests, too busy.

    Last edited by shavit; 09-17-2013 at 16:04.
    shavit is offline
    Root_
    Veteran Member
    Join Date: Jan 2012
    Location: ryssland
    Old 09-17-2013 , 16:05   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #6

    You'd better dont explain way to crash a servers...
    __________________


    dodsplugins.com - Plugins and Resources for Day of Defeat
    http://twitch.tv/zadroot
    Root_ is offline
    shavit
    AlliedModders Donor
    Join Date: Dec 2011
    Location: Israel
    Old 09-17-2013 , 16:11   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #7

    Quote:
    Originally Posted by Root_ View Post
    You'd better dont explain way to crash a servers...
    That's not a way to crash a server at all, not even related to server crashing.
    __________________
    My Plugins
    Not taking private requests, too busy.
    shavit is offline
    Powerlord
    Oh Ross.
    Join Date: Jun 2008
    Location: Seduce Me!
    Old 09-17-2013 , 16:23   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #8

    Quote:
    Originally Posted by shavit View Post
    Set your server + client to run with the -insecure parameter.
    The fix is easy:

    Don't run your server with -insecure


    Edit: Why are you running your server with VAC disabled anyway?
    __________________
    So long and thanks for all the fish.

    Last edited by Powerlord; 09-17-2013 at 16:25.
    Powerlord is offline
    shavit
    AlliedModders Donor
    Join Date: Dec 2011
    Location: Israel
    Old 09-17-2013 , 16:44   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #9

    Quote:
    Originally Posted by Powerlord View Post
    The fix is easy:

    Don't run your server with -insecure


    Edit: Why are you running your server with VAC disabled anyway?
    I don't. The method I gave him is just to test it.
    Cheaters could compile the C++ plugin and inject it to hl2.exe, it will work, but risking a VAC ban is stupid.
    That's for the disconnect exploit, about the connect exploit - someone can just write memory to net_showevents, it will bypass VAC and any server-sided anti-cheat.
    __________________
    My Plugins
    Not taking private requests, too busy.
    shavit is offline
    angel635
    Senior Member
    Join Date: Apr 2011
    Old 09-17-2013 , 16:59   Re: [ANY] Dis/connect exploit fixer
    Reply With Quote #10

    Log erreur
    Attached Files
    File Type: log errors_20130917.log (460 Bytes, 104 views)
    angel635 is offline
    Reply


    Thread Tools
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off

    Forum Jump


    All times are GMT -4. The time now is 03:46.


    Powered by vBulletin®
    Copyright ©2000 - 2017, vBulletin Solutions, Inc.
    Theme made by Freecode