Garrysmod Exploits

[tehrichie]

Supposedly there is a known exploit becoming bigger and bigger with Garrysmod servers. Supposedly servers are being overtaken - don't know too much about it but people are pulling their servers offline due to this. Bad for business?

 

http://www.facepunch.com/showthread.php?t=798387

 

Thoughts?

[dimitrifrom31]

there are 2 IP's known of hackers using that exploit :

70.149.24.202

65.9.139.198

 

Source : http://cs.rin.ru/forum/viewtopic.php?f=10&t=52724

 

I added them to my Gmod servers banlist already

[tehrichie]

Has this exploit been made public?

[dimitrifrom31]

not that I know altho it seems some ppl know it already since the guy from the thread u linked to claims he used it on his own server so idk

[Guest louise]

Forums / internet is public, so really in posting what you have done may make it worse.

I would simple contact valve with your findings and let them deal with it

[Derek]

Forums / internet is public, so really in posting what you have done may make it worse.

I would simple contact valve with your findings and let them deal with it

 

Contacting valve... good luck getting them to fix anything.

[GodFather]

Hey it works, just can't do it over the weekend. Lazy b@stards

[dimitrifrom31]

Contacting valve... good luck getting them to fix anything.

 

ye the exploit has been known for months already, found threads about if from may/june so I assime valve just does not give a crap.

[KingJ]

From the looks of it, it's just the file upload bug - which allows players to upload files to any place on the server. This was fixed in all other Valve source games, but Garry hasn't fixed it yet.

 

If TCA ran the games under a more restrictive user account (e.g creating a seperate Windows account for each user and giving them privileges over just their folder) this wouldn't be so much of a problem, since then only the user's own directory could be damaged rather than the server as a whole.

[studeggle]

If TCA ran the games under a more restrictive user account (e.g creating a seperate Windows account for each user and giving them privileges over just their folder) this wouldn't be so much of a problem, since then only the user's own directory could be damaged rather than the server as a whole.

 

Yea, probably the thing I think is most missing from TCA and most hope exists in V2. As its tiring having to manually create each user and adjust the service created and folder permisions to tighten security.

[potato]

Garrysmod was not created by valve though

 

they may tell the creator of the game to fix it and they may chip in a bit

[ECF]

From the looks of it, it's just the file upload bug - which allows players to upload files to any place on the server. This was fixed in all other Valve source games, but Garry hasn't fixed it yet.

 

If TCA ran the games under a more restrictive user account (e.g creating a seperate Windows account for each user and giving them privileges over just their folder) this wouldn't be so much of a problem, since then only the user's own directory could be damaged rather than the server as a whole.

 

The ability to run the game under a different account is possible in the current version. However it is a manual process to change the service settings.

 

V2 will have the process automated.

[studeggle]

The ability to run the game under a different account is possible in the current version. However it is a manual process to change the service settings.

 

V2 will have the process automated.

 

Uhoh there goes ECF dropping more tidbits about the cool new features of V2. But whohoo for it being automated in V2!!!

[Derek]

Uhoh there goes ECF dropping more tidbits about the cool new features of V2. But whohoo for it being automated in V2!!!

 

so true. you just gotta watch every post from ECF 1 in every 100 posts we will get a secret... hopefully in 2011 we will have v2

[KingJ]

The ability to run the game under a different account is possible in the current version. However it is a manual process to change the service settings.

 

V2 will have the process automated.

 

Oh excellent! This is the feature i've really wanted to see! Looking forward to it.

[Derek]

Oh excellent! This is the feature i've really wanted to see! Looking forward to it.

 

o hai there mate!

[dimitrifrom31]

The ability to run the game under a different account is possible in the current version. However it is a manual process to change the service settings.

 

V2 will have the process automated.

 

you can automate it in v1 using install scripts btw

[Guest louise]

Hi the upload bug it to do with orangebox games and L4D

 

By default the Source engine allows to download and upload files.

While the download operation is denied if there is a slash or a ".."

or an unsupported extension in the requested file (to avoid directory

traversal bugs although \file is allowed) in the upload operation there

are just no checks.

 

The result is that an attacker can upload files in arbitrary locations

in the hard disks of the server like

"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bad.exe"

or "\file.txt" or "../file.txt" and so on.

 

The existent files cannot be replaced (will be showed the console

message "Download file 'FILENAME' already exists!") but is possible to

put place malicious programs in the Startup folder for being executed

at the next logon/reboot of the system.

 

Note that these "file uploading" vulnerabilities can be exploited even

with uploads and downloads disabled, indeed using "sv_allowupload 0"

does NOT solve the situation.

 

There is a fix for this issue released by a community and it does work.

 

If you would like more details you can contact me outside these forums

 

i could go on with arbitray file deletion with valve exploits, but cannot be arsed to type anymore

[nosit1]

Running it under a separate user account with restricted privileges solves the potential of harm to your system, but not the user. Good, but not best.