Strange hack

BillyBeag

Junior Member
Joined
Mar 16, 2007
Likes
0
#1
Recently we have had some different players join our servers and during a round, while they are in spectate, they will freeze a player and repeatedly kill him regardless of spawn protection, the frozen player doesn't even seem to respawn properly.

We run the latest version of CI and the Allinone weapons mod, we changed our rcon passwords when this first happened, but if a player had managed to bruteforce or somehow get the rcon password I am sure they would do more than just this one thing.

Do any of you know what sort of vulnerability or script they could be using to do this?

I have a screenshot taken by one of our members of the incident.
EDIT: that link is dead now..
 
Last edited:

BillyBeag

Junior Member
Joined
Mar 16, 2007
Likes
0
#4
Hmm that patch is several years old.
It amazes me that it isn't actually better known.
Thanks, I will be investigating the patch itself before I have it applied.
 

pgpdude

Junior Member
Joined
Mar 3, 2008
Likes
0
Location
rishton, blackburn, lancs, u.k.
#5
Hi

Yes its a old fix which cures exactly the situation which you are describing freezing a player and repeatedly killing him while in spectate mode. Also ive a copy of the gamex86.dll for spearhead which was modded by hal as described :-
"As ViceLords fix, but I removed the lodspawn, leaveteam and reloadmap commands instead of renaming them. With ViceLords fix the commands could still be used, they were just renamed.This is the Spearhead gamex86."

also somewhere i think hal did a tutorial on hexediting somewhere if your interested.

also another old patch which i recommend is MOHAA:Spearhead v2.15 Server Buffer Overflow Critical Patch
Written by RunningBon.

if you want to have a look into that one at the same time i can either find the link or post the file

Regards Dude
 

BillyBeag

Junior Member
Joined
Mar 16, 2007
Likes
0
#6
Thanks, this is just the sort of response I was hoping for in here.

I would be very interested in that tutorial. :)

We have patched our servers for the bufferoverflow vulnerability but on researching critical fixes, I found a few flavours of it available.... :undecided
Really a complete list of fixes for Spearhead servers that is up to date is what I am now trying to get together....
I think considering the age of the game there could be more I'm unaware of.
So, any patches that you have, or know of links to, would be very welcome..

Thanks
Billy
 
Last edited:

pgpdude

Junior Member
Joined
Mar 3, 2008
Likes
0
Location
rishton, blackburn, lancs, u.k.
#7
Hi Billy

hals modifications are hosted on filefront these are always a good starting point.

http://files.filefront.com/mohaa+server+patcheszip/;4575271;/fileinfo.html
http://files.filefront.com/MoHAA+server+Grenade+crash+fix/;4274826;/fileinfo.html
http://files.filefront.com/MoHAA+Linux+Object+Spawn+fix/;4274800;/fileinfo.html
http://files.filefront.com/MapFix+Universalzip/;4274792;/fileinfo.html
http://files.filefront.com/MoH+buffer+overflow+fix+01/;4274779;/fileinfo.html

as in a discussion with lamron and dash in one of the forums most of the antishark fixes are based on the mike_legs script by changing the mod to use the mike_torso script it prevents a delay in crouching which occurs if modding using the mike_legs.

Code:
state JUMP_OFF_LADDER
{
movetype legs

entrycommands
{

unattachfromladder
safeholster 0 // pull weapon back out if we put it away to get on the ladder
jumpxy -70 0 150

forcelegsstate FALL // shark fix
}

states
{
STAND2 : default
}
}


ive incorperated this into a pk3 for spearhead which i can forward on if you dont want to change it yourself.

also another excelent site to have a look at for downloads is invisble warriors web site

http://69.56.234.178/downloads.htm

this has some very interesting downloads esp server crash fixes (done by blackbart who created ci)


the following is a link to hex workshop which can hexedit dll or exes etc cant find hals tutorial at the min basically always back up the file before editing just incase it has a error after editing and use hex workshop to edit out any unwanted commands.

http://www.bpsoft.com/

not sure if these are the most uptodate but it should be a good starting point. would be usefull to have a list of the most uptodate patches

hope this is of some help.

if theres any specific issues post them and ill reply if i know of any fixes

regards Dude
 

BillyBeag

Junior Member
Joined
Mar 16, 2007
Likes
0
#8
Excellent info, thank you.
Sorry I took so long to reply.

We have another issue apparently, which I haven't personally seen yet.

It seems we have a player who joins and immediately seems to have the ability to stop our rcon from working, and apparently can "shut down" CI also, Whether they are actually shutting down CI or just overloading the rcon buffer is in question.

This person and another appeared and apparently did a lot of killing while in Spectate too, which I thought we were patched against.

I have to check tomorrow if the patches have been applied, but does this sound like something new?
 

pgpdude

Junior Member
Joined
Mar 3, 2008
Likes
0
Location
rishton, blackburn, lancs, u.k.
#9
Hiya

This person and another appeared and apparently did a lot of killing while in Spectate too, which I thought we were patched against.

the only occurance ive heard of for the killing in spectate was fixed with the vicelord patch in the third post in the thread.

The other issue i think may be caused by the server buffer overflow patch.

if both of these are installed and its still occuring ill have another look for a patch

Regards Dude
 
Top Bottom