[SMX] CSGO Server Crasher Exploit Patch

Opis:

• Plugin SourceMod, który łata aktualny exploit na dzień dzisiejszy [28.06.2019] na crashowanie serwerów

Użycie:

• Plik *.smx przenieś do csgo / addons / sourcemod / plugins

Autor:

• backwards

Pobierz:

• [cshacked.pl] CSGO Crasher Patch.rar

Kod źródłowy pluginu:

#include <sourcemod>
#include <sdktools>

public Plugin:myinfo =
{
	name = "SendFile Exploit Fix",
	author = "backwards",
	description = "Prevents Clients From Exploiting The Un-Patched SRCDS SendFile Command. (HackerOne.com Report #472858 (Thanks For Ignoring My 8 Month Old Report!))",
	version = SOURCEMOD_VERSION,
	url = "http://www.steamcommunity.com/id/mypassword"
}

#define MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP 256

bool InLevel[MAXPLAYERS+1] = {false, ...};
int RequestCount[MAXPLAYERS+1] = {0, ...};

public OnPluginStart()
{
	CreateTimer(5.0, DecrementThread, _, TIMER_REPEAT);
}

public Action:DecrementThread(Handle:timer, any:unused)
{
	for (new client = 0; client <= MaxClients; client++)
	{
		RequestCount[client] -= 32;
		if(RequestCount[client] < 0)
			RequestCount[client] = 0;
	}
	
	return Plugin_Continue;
}

public OnMapStart()
{
	for (new client = 1; client <= MaxClients; client++)
		if(IsClientConnected(client))
			if(IsClientInGame(client))
			{
				InLevel[client] = true;
				RequestCount[client] = 0;
			}
}

public OnMapEnd()
{
	for (new client = 1; client <= MaxClients; client++)
	{
		InLevel[client] = false;
		RequestCount[client] = 0;
	}
}

public OnClientPutInServer(client)
{
	InLevel[client] = true;
	RequestCount[client] = 0;
}

public OnClientDisconnect(client)
{
	RequestCount[client] = 0;
}

public Action OnFileSend(int client, const char[] sFile)
{
	if(InLevel[client])
	{
		RequestCount[client]++;
		if(RequestCount[client] > MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP)
		{
			if(!IsClientInKickQueue(client))
				KickClient(client, "ServerCrashExploitAttempt.");
				
			return Plugin_Stop;
		}
	}
	
	return Plugin_Continue;
}

o kurde fajne

a z ciekawości jak serwer  zcrashowac? 

@Seksuolog a to przypadkiem nie jest tak że to naprawia błąd na crashowanie serwerów?

Cytat

Plugin SourceMod, który łata aktualny exploit na dzień dzisiejszy [28.06.2019] na crashowanie serwerów

@Sad_Wolf no tak, ale skoro czarny wstawia post na plugin który ma zatrzymać crashowanie to jestem ciekawy jak działa to crashowanie? 

@Seksuolog 

Cytat

There's a new exploit in the wild which allows any client to attack the server after connecting if you have sv_allowdownload set to 1. On Linux the servers will most likely restart within 30 seconds if there's a watchdog timer installed. On Windows this exploit can be utilized to cause a Blue Screen Of Death on your dedicated hosters box. The exploit involves the use of the RequestFile command and has already been reported to Valve (~8 Months ago) through the bounty bug reward program. The report was ignored by the HackerOne Staff because it didnt meet the standards of "crashing the server" ( Report #472858 ). Even though this can lead to a BSOD if used correctly and as shown in my submited Proof Of Concept. ...

 

The exploit's POC was stolen from one of my un-secured dedicated test servers recently by some "Hackers" and now is being sold by them. The POC was written to work on all versions of SRCDS so many servers are at risk until valve releases an official patch. I've written my own patch for the community to use until that date comes.

 

Symptoms of the exploit being used on your server would be to see the text "File '%s' requested from" spammed in your SRCDS console. These messages do not create logs in any document so it may be hard for some users to track what's happening. This is mostly expected to plauge CS:GO/CStrike servers currently.

Rozumiem że foldery muszę sam stworzyć gdyż ich nie mam w katalogu CS GO.

@DjBoReK a posiadasz jakiś własny serwer gry?

Myślałem że to chodzi jeśli wejdziemy na jakiś serwer.

Trzeba czytać ze zrozumieniem. Napisałem, że jest to plugin do SourceMod, a SourceMod to platforma do skryptowania rozszerzająca możliwości silnika gry na serwerach

A jak można crashować te serwery? Bo możliwe, że nie każdy serwer jeszcze z tego skorzystał a chcę się pobawić 🙂

@Mufinekkk forum nie wspiera takich ataków, więc się tutaj tego nie dowiesz