hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
Ripper
Aug 20 2003, 05:08 PM
hi everybody, i'm new on this forum also, but i'm a bit experienced with all this 'shit' already so not a real n00b ;-)

i found this exploit on the packetstormsecurity website:

http://www.packetstormsecurity.nl/0308-exp...0-HL-portbind.c


and i've asked several people to compile it for me, but they were scared about the word 'exploit' wink.gif so now i ask you... i think you will help other people also smile.gif

a little info on how to find Halflife Clients: just can port 27015 smile.gif

that's it... thanks in advance!

Ripper
ddrj
Aug 20 2003, 06:41 PM
Hi all!
First post biggrin.gif so i decided to be nice
Your exploit is attached

CODE
HalfLife client v.1.1.1.0 remote exploit by m00 Security

Usage: m00-HL-portbind <remote_os>

where os:
1 - win2k sp3 ru
2 - winxp nosp ru
3 - winxp sp1 ru
4 - win98 se2 ru (need another shellcode)


BTW: make sure that cygwin1.dll is in the same dir as the exploit, if you don't have this just pm me or search for it.
Ripper
Aug 20 2003, 07:06 PM
w00 m8, thanks A LOT!
go on with compiling, i love ya laugh.gif

one problem, it's called Remote exploit, but it doesnt ask for an IP, only a windows version.... blink.gif but yeah you cant help that i know, still thanks!
ddrj
Aug 20 2003, 07:31 PM
Actually, I might, I have some other remote HL exploits that I compiled.
There are two different HL exploits attatched.
Look attatched, have fun! (tell me if they're ok)

- ddrj
Ripper
Aug 20 2003, 08:07 PM
yep m8 thanks, but again the windows (client) version doesn't ask for an IP... that's strange because it's called a REMOTE exploit.... really weird blink.gif

1 = almost the same as the one i asked you to compile...
2 = DOEs ask for an IP and stuff, but that one is for FreeBSD 5.1, so no windows sad.gif

OR ne1 can tell me how to hack FreeBSD servers on a windows pc cool.gif

thanks anyway m8!
Yorn
Aug 24 2003, 05:01 AM
QUOTE (Ripper @ Aug 20 2003, 07:06 PM)
w00 m8, thanks A LOT!
go on with compiling, i love ya laugh.gif

one problem, it's called Remote exploit, but it doesnt ask for an IP, only a windows version.... blink.gif but yeah you cant help that i know, still thanks!

What this file does is mimic a HL server. when a machine on your LAN matching the ID you picked clicks on "LAN" in the Half-life options, it scans the local net for HL machines, finds yours, and immediately locks their HL.

Then, you just NC into their machine and BAM, you got remote shell. Only problem is they have a locked HL and aren't going to wait an hour for it to recover. With some modifications to have it auto run netcat and upload a file via tftp and execute it, it could be potentially devastating to a campus network. All the HL users going to "LAN" would end up with a locked up machine soon to be infected.

Note: I would not run this exploit as it is, it's not coded well at all.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.