Forum
TF2 script "viruses"
Created 2nd December 2010 @ 15:00
Add A Reply Pages: 1 2 Next »
Did you know that it is possible to write “viruses” via TF2 script :P?
For example:
They can mess up someones server pretty bad and do all kind of shit. With the right addons installed on the server they can even spread themself.
Quoted from RaCio
only if sourcemod is on right?
The spreading thing works only if sourcemod is turned on the rest works via rcon :P
so I could set up a sourcemod server and everyone who joins gets infected then when they join their own server and use their rcon password their server gets screwed.
My script framework called slothandler is able to check if its installed in every class.cfg if not it installs itself.
I developed something like a save/load system for tf2 scripts a long time ago :P.
Last edited by XHunter,
Quoted from XHunter
The spreading thing works only if sourcemod is turned on the rest works via rcon :P
so I could set up a sourcemod server and everyone who joins gets infected then when they join their own server and use their rcon password their server gets screwed.
Quick, let’s tell everyone in Europe! Sod it, I’m not going on any other servers ever.
Well… Please don’t, be nice :(
Quoted from Monkeh
[…]
Quick, let’s tell everyone in Europe! Sod it, I’m not going on any other servers ever.
There were several security exploits posted on the steam forums that were even more powerful … you had no problems with tf2 viruses in the past or did you?
so why should this small “exploit” harm you when the powerful ones didnt.
Last edited by XHunter,
Quoted from compton
Link?
There was an exploit with sv_allowupload
an exploit that allowed you to lagg/crash servers
an rcon hack exploit and much more
Im searching some links.
Last edited by XHunter,
Another reason to use read-only cfgs?! :E
Quoted from XHunter
[…]
There was an exploit with sv_allowupload
an exploit that allowed you to lagg/crash servers
an rcon hack exploit and much more.
There’s server side plugins to block these exploits:
http://wiki.alliedmods.net/SRCDS_Hardening
Last edited by Jarppa,
http://forums.alliedmods.net/showthread.php?t=108215
sourcemod rcon exploit that got patched.
Quoted from Jarppa
[…]There’s server side plugins to block these exploits:
Thats what i said most of them got patched.
Quoted from Admirable
Another reason to use read-only cfgs?! :E
No its just theory it is very hard to harm someone that way. Lets say its easier to get infected by a script virus from a random website via google :P
It would take me some time to write and test it. There are much easier ways to get the same result and im not interested in infecting any servers with what ever just for the lulz.
Last edited by XHunter,
Quoted from XHunter
They can mess up someones server pretty bad and do all kind of shit.
such as?
With the right addons installed on the server they can even spread themself.
http://www.whiteandblack.co.nz/wp-content/uploads/2010/11/bullshit-stamp.jpg
This is honestly more sensationalist that Fox news. Quite often when people find out how computers really work and the fact that they aren’t nearly as solid and perfect as they had previously thought, they just shit themselves and demand things be done “right”, thing is they still don’t really understand.
Example: That skybox installer batch script I made ages for movie making? I could have quite easily slipped into it some code to make it steal all your firefox browser cookies (due to another security hole in Firefox itself) and potentially got a hold of your steam/bank/paypal/ebay/email usernames and passwords. Even more trivially so If it had been a fully blown program like the PldX recording tool (!!!). Thats not to say “OMG DON’T RUN SCRIPTS OR PROGRAMS EVER!!”, its just don’t be a fucking spastic and run random things from dodgy websites, following that philosophy even without an anti-virus (which I don’t), you will avoid literally 99.9% of all viruses/malware in existence. That remaining 0.1% wouldn’t likely have been stopped by an anti-virus anyway.
tl;dr congratulations, you’ve just read something on a random website, stop fear mongering.
Add A Reply Pages: 1 2 Next »
content rss