Jump to content
Team Avolition
xTeraa

Source Engine Remote Code Execution on Kill

Recommended Posts

xTeraa    78

I saw this the other day and thought people might get a kick out of it.

https://oneupsecurity.com/research/remote-code-execution-in-source-games

 

Obviously, you'd need to own the server or I guess be able to get the modified ragdoll files out onto other servers but I think the idea of having to kill a player to execute an exploit is hilarous.

Imagining a game where if you wreck someone 1v1 you get control of their box. A nerdy version of racing for pink slips

Share this post


Link to post
Dabato    3

Becoming a professional TF2 player to steal credit card information. It is an ingenious plan!

  • Upvote 1

Share this post


Link to post
ecx    12

No ASLR?

I wonder if a fuzzer could have found this.

Edited by ecx

Share this post


Link to post
rakiru    2713
On 7/31/2017 at 5:16 AM, ecx said:

No ASLR?

I wonder if a fuzzer could have found this.

Potentially. The method doesn't seem to rely on any complex state, so it shouldn't be too difficult to fuzz, anyway. It's so simple though, you'd probably be able to figure it out manually pretty quickly once you'd picked it out as something worth investigating anyway.

Related: all the GoldSrc games got updated recently due to a vulnerabiltiy someone found in the BSP parsing code, via fuzzing: https://hernan.de/blog/2017/07/07/lock-and-load-exploiting-counter-strike-via-bsp-map-files/

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×